The only minor problem there is how to ascertain the source of attacks in this world of proxies and botnets of zombie computers. So prior to the application of force, proportionate or not, we should really be sure about the emanation of the source, and then suspect that as well. It's a lot easier to cover up or fake digital tracks as opposed to a paper trail or a path laced with bread crumbs. Cyber sleuths clearly have their work cut out for them. But it makes me wonder how you prove something where there's no physical smoking gun.
So let's say we establish the "source" of the attack. What's the metric for a proportionate response? Is it a biblical eye for a eye, when the damages can be hard to quantify? Do we go ahead and nuke a country because a disgruntled teen in some lonely basement, spurned by the female kind, decided to take their angst out on a power grid in Tacoma or give a makeover to the PBS website. Or maybe the mere threat of being wiped out of existence has spurned some countries to deny their upset youth access to the World Wide WEB. Maybe we should laud Iran and encourage other countries to cut off their youth, especially as cyberattackers are invariably men, from the global Internet.
There is definitely more work to be done on establishing the rules of engagement, and hopefully conferences like the Cybersecurity Summit will help address that and define the terms better. The Pentagon has at least brought to attention that cyberattacks are no longer just a prank and can have serious ramifications for countries' state secrets and infrastructure.