But Sabett, who says he has been involved in the debate over what has also been called "Active Defense" for a decade, doesn't agree with Lin on much else. He says Lin gives essentially equal weight to most of the potential problems, when the problem of attribution outweighs them all -- by a lot.

"All of the issues he raised are important, but if you can't come up with proper attribution at some level, everything else is a non-starter," Sabett says. "If you make a mistake and go after the wrong person or nation state, you could create really serious problems."

U.S. Army Gen. Keith Alexander, director of the National Security Agency and head of the U.S. Cyber Command, has told Congress that attribution is the most critical issue related to cyber self-defense, Sabett notes.

And he says most corporations simply are not equipped to wage cyberwar. "I can think of two companies and fewer than half-dozen individuals who could do anything even remotely useful in this area," he says.

John Villasenor, a nonresident senior fellow at the Brookings Institution and professor of electrical engineering at UCLA, agrees with Lin that government cannot be the cybersecurity czar, but for very different reasons. Villasenor says it is because there is far too much data - 1.8 trillion gigabytes of data created or replicated in 2011.