Reports of high profile distributed denial of service (DDoS) attacks against numerous U.S. and South Korean government agencies, media outlets and other private sector targets over the last few days have set off a whirlwind of speculation about who is to blame.

With high-profile victims such as NASDAQ, the Federal Trade Commission and Washington Post, the stakes are high on this one. Some security experts, like Brian Chess of Fortify, have posited that these attacks are coming out of North Korea.

“This was an old-school, blunt instrument kind of attack. It looks like everything else North Korea does," he told CSO Magazine. "They're trying to promote their agenda not just with missiles, but in cyberspace."

However, these Chess and other North Korea theorists aren’t without their detractors. Security expert Adam Muntner of Scottsdale, Az.-based QuietMove responded to Chess’ comments to Secure Channel via e-mail.

“Really? Brian is a very smart guy, but to say this shows the signs of a North Korean action is bordering on hysterical fear-mongering,” Muntner wrote. “What ARE the signs of a North Korean cyber attack? Since, as far as I know, there have been none before pointing the finger at North Korea there is no evidence supporting that.”

The handlers over at SANS Internet Storm Center following the matter seem to back up Muntner’s position. In a late-breaking update on the matter, ISC blogged:

Speculation on who is behind this series of attacks based on the evidence we have seen is just that, speculation. Given the mountain of evidence we have to review, judgments on attribution or motivations would be inaccurate at best and irresponsible at worst. As we analyze all the data we will hopefully be able to provide more clarity into these attacks.  There does appear to be many malicious binaries responsible for this activity, some of these binary files appear to have different target lists.

While we’re on the topic of speculation, though, Muntner has his own hunches.

“I wouldn't rule out this being a false-flag operation by an intelligence agency. There is a conflict going on in Washington over cyber-security and budgets and control. It could just as easily be a US intelligence agency,” he surmised. “Or it could be a country or group that would benefit from a Korean conflict, and is performing a false-flag operation.”

Which leads me to my first thought on the matter as the story broke: where the heck is our cybersecurity czar? I understand that the president has had his hands full with other matters, but we’re well into month seven of his term. After all of the pomp-and-circumstance of hiring Melissa Hathaway as interim chief and putting her in charge of a 60-day policy review, and even after President Obama stepped under the lights to tout the review’s results in late-May, we’re still waiting for leadership. Clearly, the attackers aren’t.