The private sector had a success in this field:
While Western governments debate the efficacy, or legality, of going on the offensive against Internet spies and criminals, more Internet security companies, and academic researchers, are taking the initiative. The most recent victory was the elimination of the Neustar of Lethic botnet, which represented about ten percent of all spam email sent. Other efforts have crippled botnets, and some botnets have been taken down quietly (because illegal, or methods of uncertain legality were used.) No government has had the courage to openly go after destroying botnets, although it's believed there is some classified activity in their area.
This is not good. Though on the surface it seems good that some bad guys were taken down.
Eventually, innocents could get hurt in the cyber-cross fire if this trend expands.
And it gets worse than mere collateral damage. Right now, the private entities respond to patriotic calls to serve their country (sure, they make a profit, too, but business can travel with pleasure for a time).
If governments, because our laws don't let them wage war in this realm, encourage these cyber-war companies in the belief that governments can always safely buy their services, the private e-mercenary companies will eventually get so much better than governments' cyber-warfare entities that the private cyber-war companies may wonder why they have to do the bidding of the paying governments.
Governments, in time, will find that they can only rent these outfits--not buy them. And not for long.
And eventually, in a little more time, governments will learn to fear these cyber-warfare companies, not knowing if they wish to continue being hired or want to fight for their own objectives in cyber-space.
All because right now we're too squeamish to contemplate how we can lawfully wage war in cyber-space with our own assets.