When it comes to cyberattacks, there are no planes to count in and out.

There are no sounds of gunshots to make it obvious something is happening.

There are no soldiers on the ground that can be observed and asked: “Who do you work for?”

And unlike a “real” war, our governments are at the moment under no obligation to tell us what they are doing in the cyber arena.

Which is why, years on, we still don’t know for sure if the US (with Israel’s help) was behind Stuxnet, a cyberattack that caused physical damage to Iran’s infrastructure.

We still don’t know if the UK was responsible for a serious hack on Belgacom, a Belgian telecoms firm, despite some putting forward what they see as damning evidence.

We don’t know who was behind an attack that damaged blast furnaces in Germany earlier this month. For heaven’s sake, we don’t even know who was attacked.

And why don’t we know any of this? Because neither journalists nor experts have any way to say for certain who is doing what and why.

Let’s take an active story. The hack on Sony Pictures raises many issues about the reporting of hack attacks, and the coverage so far carries worrying implications.

Experts are queueing up to dispute the FBI’s confident claim that it was North Korea — mainly because the evidence pointing the finger at Kim Jong-un is either a) flakey at best or b) top secret, and therefore not open to scrutiny, journalistic or otherwise.

The result of this political back-and-forth is far-reaching, and one that from here on in is being reported on without anyone having any real clue whether the basis of the story — that it was North Korea — is in any way accurate.

We simply don’t know who did it — and yet the atmosphere created by the coverage means the US is considering reclassifying North Korea as a terrorist state. That move would open the door significantly when it comes to what the US considers a “proportional response” to the attack on Sony.

In a first for a cyberattack, the US has, in the past couple of days, added new sanctions on three North Korean organisations and 10 officials, but has admitted, coyly, that there’s no evidence they had anything to do with the cyberattack.

There’s a solid motive that would suggest North Korea did it. But there is also a considerable motive for the US to say it was North Korea, namely the US’s need for a cyber bogeyman, which presents a justification for creeping surveillance of communications networks (at a time when the CIA is under very serious scrutiny).

And for Sony’s part, the more time spent looking at this as an act of war the less time will be spent considering just how bad — if ex-employee statements are to be believed — its security is, and whether it is liable.

At the very least, tensions in an already tense part of the world have been heightened, and we’re completely in the dark as to whether it is justified. We may even have caused it — it wasn’t until the media brought up The Interview that anyone mentioned North Korea. Not even the hackers.

So here’s the nutshell: Reporting on cyberattacks currently relies far too heavily on taking what our governments say as fact. That’s not new, but unlike in the past, when reporters could take steps over time to find out more, cyberattacks occur in a manner that is unverifiable, leaving its perpetrators unaccountable.