Earlier this week, I attended a roundtable convened by Amitai Etzioni to discuss his ideas for pursuing a strategy of mutually-assured restraint (MAR) between the United States and China. Inevitably in any discussion of Sino-American relations, the question of cyber activities came up and how we still are grappling with how to regulate the use of cyber tools in matters of war, peace and everything in between. In particular, how do we fit the cyber realm into an established system of ethics created to manage and mitigate the impacts of kinetic military action?
On the one hand, since World War II we have a growing distate for the use of weaponry that is unable to be specifically targeted or kills indiscriminately. The focus has been on developing weaponry that holds the promise of ever-more precise and surgical strikes. In that regard, whereas a generation ago a nation might still have to use munitions to cripple strategic targets such as command-and-control facilities, power stations or communications centers--running the risk of killing employees and personnel in those areas, a cyber weapon offers the prospect of a bloodless strike, of being able to take infrastructure off line without having to permanently destroy it. In that regard, a cyber weapon might be seen as more ethical choice than deploying an explosive.
On the other hand, however, many cyber weapons, in order to be effective, must be planted secretly during times of peace or when no conflict exists, to lie dormant in a country's computer systems until activated. (Presumably, during a time of conflict, a state might attempt to sever its telecommunication links by which such attacks could then take place.) This practice, however, goes against long-standing ethical guidelines that one does not move weapons into place, certainly not on the territory of another state, when no declared state of conflict exists or when normal relations of peace are in place. Indeed, it could create situations where states maneuver to position cyber "swords of Damocles" over the virtual heads of others. It certainly erodes assumptions about trust and mutual reciprocity.
Compounding the ethical dilemmas, what is the appropriate response when a cyber weapon is used? The ethic of proportionality would dictate that a cyber attack should be matched by a corresponding cyber attack, but if a country lacks the tools to respond in that fashion, could it justifiably claim a right to respond in a non-cyber, i.e. kinetic fashion? Another question which may have to defined in the future is how and when "cyber warriors" cease to be civilians (and enjoy the protection of civilians) and become lawful combatants. Is a hacker who puts his or her services at the disposal of a country's military to carry out cyberattacks a lawful or unlawful combatant--and can such persons be legitimately targeted as enemy personnel?
As with my previous posts, I don't have any clear answers--but this is one of those questions that deserves further debate and inquiry.
[This post reflects the personal opinions and musings of the author.]