But the assurances of a military response tied to Article 5 are not easily converted to the digital world, Libicki said.
"In most categories of war, you have to defeat the other guy shooting back, but in the cyberworld you can do a lot just by building up your defenses," he said. "When you put cyberwarfare into the template of conventional warfare, you end up drawing a lot of conclusions that don't make sense."
But Dave Merkel, CTO of cybersecurity firm FireEye, said he isn't surprised by Friday's announcement, given the severe damage that can be caused by a cyberattack. Still, he said, governments may find it difficult to attribute the origin of a digital offensive.
Read MoreNATO: Russia 'attacking' Ukraine as rift widens
While both Libicki and Merkel agreed that many NATO members could determine the origin of an attack, those governments may not be eager to reveal their intelligence and technological capabilities.
Yet even nongovernmental firms are sometimes able to positively identify cyberattacks: In 2013, Mandiant (since acquired by FireEye) released a report detailing a wide body of evidence that a Chinese government group had conducted a widespread cyber-espionage campaign. China denies engaging in cyber-espionage.
NATO's biggest problem with enforcing a hard line against cyberattacks may simply be the wide proliferation of such warfare.
A single hacker can launch hundreds of varied attacks in a short period of time, meaning that governments may find it nearly impossible to identify, attribute and respond to cyberstrikes in a timely manner, Merkel said.
—By CNBC's Everett Rosenfeld