The US military is wondering if it is OK to kill hackers who are using their skills to bring down important infrastructure.
The military is used to shooting enemy operatives who damage property and key infrastructure and it is wondering if they should be treating hackers in the same way as a soldier with an assault rifle.
As seen on Slashdot, since 2009, when the NATO Cooperative Cyber Defence Centre of Excellence commissioned a panel of experts to produce a report on the legal underpinnings of cyber-warfare, the debate has been raging in the Pentagon.
What makes it tricky is that if you are at war you can justify all sorts of things, but most people will be a little cross if you wasted a 16 year old Russian script kiddie with a drone strike for breaking into a US nuclear power station to show his mates he could do it.
Current thinking is that a cyber attack that produces immediate destruction and death is likely to be viewed by the target state as a “use of force”.
Other factors, including the “military character” of the operation and whether the actual cyber-attack violated international law also play into the decision. We do wonder international law’s position on the use of drone strikes.
The US seems to be thinking that the means of attack is “immaterial” to whether an operation can be considered an armed attack. An engineered virus or a pound of plutonium left in an airport bathroom would trigger the “right of self-defense”.
But this would mean that your cyber warrior will have to start seeing themselves as being the same as any front line grunt. Their offices could be subject to bombing or direct assault. All this might sound obvious, but many cyber warriors probably don’t expect this. Their mums probably would not approve either.