Sen. John Kerry (D-MA) mentioned the need for "cyber diplomacy" during his confirmation hearing to be the next secretary of state today. No, Kerry wasn't talking about diplomats sending Someecards to one another when he dropped the term on his fellow senators.

He was discussing the need for the international community to develop a host of new standards, or norms of behavior in cyber space.

Kerry was responding for questions from Senate Majority Whip Dick Durbin (D-IL) who called for Kerry's thoughts on the secretary of state's role "in a world where cyber security is our greatest threat."

Kerry said Durbin's description of cyber as the world's greatest threat "hit the nail on the head."

"I guess I‘d call [cyber] the 21st-century nuclear weapons equivalent," said Kerry. "We are going to have to engage in cyber diplomacy and cyber negotiations and try to establish rules of the road that help us to be able to cope with this challenge."

"There are enormous difficulties ahead in that," he added, pointing out that some nations have very different views on what norms of behavior in the cyber world should look like -- a statement echoing those made by U.S. defense officials.

"I think most diplomacy is an extension of a particular nation's interests and in some cases it's an extension of their values," said Kerry. "Sometimes, you're more weighted toward interests than values ... this is one where we're going to find a way to address the interests with other states to somehow find common ground, if that makes sense to you, we're going to have to dig a lot deeper."

Those "interests" he was referring to may have been China's alleged widespread use of cyber espionage as a tool to steal Western business and defense secrets. Russia's -- and China's -- view that it's alright for countries to monitor their citizens Internet behavior and censor what they view online, Pentagon officials have told Killer Apps in the past.

He also called cyber security bills -- legislation that has so far failed to move forward in Congress despite years of attempts -- as a "very small step in trying to deal with this issue."

"Every day while we sit here, right now, certain countries are attacking our systems, they are trying to hack in to classified information, to various agencies of our government, to banking structures -- money has been stolen from accounts and moved in large sums," said Kerry. "There's a long list of grievances with respect to what this marvel of the Internet and the technology age has brought us."

"It's threatening to our power grid, it's threatening to our communications, it's threatening therefore to our capacity to respond and there are people out there who know it," said Kerry. "There are some countries who we are engaged with -- and all the senators know who they are -- who have a very good understanding of this power and who are pursuing it."

Here's what Killer Apps reported in September about U.S effort to establish cyber norms based on the laws of armed conflict and the resistance it's met, especially from Russia and China, according to Eric Rosenbach, deputy assistant secretary of defense for cyber policy.

"There are several countries right now that are very aggressive in cyberspace and are likely trying to create norms [of cyberspace behavior] that would be unstable for the international community because they are so aggressive," Rosenbach said. "It's still not completely clear what's acceptable and what's not acceptable and several nations different than the United States have very aggressive notions of what's acceptable."

Russia and China are focused more on controlling citizens' activities on the internet rather than limiting attacks on nations' critical infrastructure, he said.

"There are other countries, the Chinese and Russians in particular, that don't think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."

Rosenbach went on to call this a "nonstarter."

"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn't something we're interested in at all," he said. "There are other areas -- in particular, the theft of intellectual property -- because that's a major problem for the United States right now, where there are very different ideas about what's acceptable and what's not."

Operation Red October -- the newly discovered cyber spying operation that has targeted a range of diplomatic facilities, defense companies, and energy firms around the globe -- may mark an evolution of the cyber black market.

U.S. government officials have been extremely worried about the rise of hackers for hire and the associated markets for cyber crime and espionage tools for, but Red October may be one of the most sophisticated cyber espionage operations conducted by a private group. Since 2007, Red October has been using a virus called Rocra to spy on computers and smartphones used by the employees of everything from diplomatic missions to research facilities -- gathering exactly the type of information that government spy agencies want.

Kaspersky Lab, the IT security firm that announced they had uncovered Red October earlier this week, says that its perpetrators appear to be Russian-speaking, but the lab can't provide evidence that this is an official Kremlin-backed operation. The lab also can't eliminate the possibility that private hackers are responsible. That's right, we may be seeing the rise of private spy agencies, think SPECTRE or whatever Raoul Silva, Javier Bardem's character in the latest 007 film, calls his organization.

"If this is a private cyber espionage network without close state sponsoring or funding -- which seems to be the driving thesis in the Kaspersky report -- than that says something about the new terrain for how actors are working in cyberspace," Laura Galante, an intelligence analyst at IT security firm Mandiant, told Killer Apps.

"We've moved on from kind of this hacker for hire" who simply perform disruptive, denial of service attacks "and now we're into what information can we sell that would be incredibly valuable to a government, and private individuals or groups are willing to take on that kind of endeavor which is definitely riskier and requires significant funding to do," said Galante. "It's almost digital spies for hire."

"I think the big takeaway for most people will be people; this was a sophisticated attack, that's the type of thing that makes people think, ‘do we now have private espionage networks that can provide really targeted information" about high level targets to a government, said the analyst.

Still, this may well be the work of government spies, notes Galante. She points out that Red October is a sophisticated operation that's been going on for five years, meaning that it likely had significant funding and its perpetrators were probably comfortable in knowing there's a low chance they'll be prosecuted.

"To be able to function and get the information that they've supposedly got, you have to be able to operate in an environment immune from imminent prosecution," said Galante. "For something that goes after this type of information, that's a five year long operation, it's really suspicious that a completely private group of entrepreneurial hackers would have the funding to do that and have the same kind of attention to go on that long."

It's also worth noting that Kaspersky researchers found Cold War era Russian espionage slang (who knew that was a thing?) written into Rocra's code. For example, one of Rocra's modules designed to spy on smartphones was named, zakladka, possibly after the Russian slang term for a microphone bug embedded in the wall of an embassy, according to Kaspersky.

If the Kremlin is behind Red October, the discovery would give Western analysts a relatively rare window into Russia's cyber capabilities.

"If the Russian government had close ties or some sort of ability to direct and provide tasking for something like the Red October campaign, that would be the newest point for an understanding of what Russia's capabilities are," said Galante. "It definitely raises suspicions for the U.S. government about the potential of Russia's capabilities; whether we believe they're highly capable or not is the question, but it definitely raises suspicions" about how advanced Russia's cyber capabilites are.

Still, Galante warned against freaking out about the Russians coming after everyone in cyberspace.

"We don't know how capable Russia is, we don't have a lot to point to, and we should look at threats accordingly, seeing demonstrated capabilty and seeing attributed events is something we should look at before we're too giddy to deem a certain country a major threat.