Almost none. No international framework exists to identify or sanction an attacking country.
The short answer: not much.
The international community has yet to devise a legal framework relating to cyberattacks, or even agree upon a basic definition of the term. Development of an official framework is probably still years away, though organizations including the United Nations are beginning to discuss this issue.
"We need rules of engagement to define what governments can do and can't do," says James Lewis, senior fellow at the Center for Strategic and International Studies. "We have to stop treating the Internet like the wild, wild West."
Absent any legal guidelines, a nation's responses to cyberattacks are largely diplomatic. (Often, though, a nation will not make public that websites or networks have been jammed or impaired by an enemy attacker. Acknowledging an attacker's success signals vulnerability or impotence, experts say.)
If it was North Korea, what to do?