This is probably the most troubling part. If an entity that is at odds with the US could choose to deploy malware that would affect not just military, government or corporate networks, but civilian computers and services. There needs to be a cyberspace analogue to the Geneva Convention, to prevent the cyberwarfare from causing damage to civilian networks and services. Will these regulations follow or even enforcable? Probably not, but it's a nice thought.