There are two issues to consider in this incident: First, the nature of the "cyber war" between Russia and the United States; Second, whether or not reporting details of cyber weapons falls under the definition of "communications intelligence".
Issue 1 – US and Russia Cyber War
It was reported that the United States Cyber Command has been targeting Russians suspected of interference in U.S. elections. In addition, it was reported that the United States is targeting the electric grid of Russia. These two reports are only two of many that are reporting an escalation in "cyber tension" between the US and Russia.
According to some sources, the US targeting of the electrical grid of Russia is in response to Russian targeting of the US power grid. We can presume that if both sides have the capability to injure the power grid of the other, then a type of "cyber deterrence" will come into effect.
Issue 2 – Is Revealing Information About Code a Violation of the Espionage statute?
According to 18 U.S. Code § 798 "Disclosure of classified information":
"(a) Whoever knowingly . . . publishes ... any classified information . . . concerning the communication intelligence activities of the United States . . . Shall be fined under this title or imprisoned not more than ten years, or both."
It appears that under U.S. law, it is an act of espionage to reveal any information regarding the communication intelligence activities of the United States. Presumably this means that the New York Times or anyone else who publishes this information is violating the law.
Whether or not publishing information about Cyber Command's activities is a violation of 18 U.S.C 798 turns on the definition of communications intelligence.
There are three levels of leaks of communications intelligence. Level 1 is the leaking of the information itself that is obtained through the intelligence collection and analysis cycle. Level 2 is leaking information about the techniques of collecting that intelligence. This includes the methods of collection and the resources used. Level 3 is leaking of the cyber tools themselves.
It is important to determine how the law interprets these three levels of leaking. If all are considered to be forms of communications intelligence, then even the publishing of the information violates the US code. This would mean that the New York Times article has participated in leaking to the public sensitive military information.
Giving out details of the code itself or even pointing out that capabilities of the code and its use possibly also would come under the statute. It is difficult to see the difference between the newspaper publishing sensitive information during a war of troop movements and publishing sensitive information regarding movements of cyber intelligence collection tools. Both types of leaks compromise national security.