In many ways, Cyberwar is different from traditional warfare, but in other ways, it’s simply a variation on an age-old theme. True, the Internet is the battlefield and the combatants are hackers, who are more likely to be civilians than soldiers. But if a Cyberattack targets military infrastructure, or even worse, critical national infrastructure like a power grid, then even civilian hackers are essentially soldiers, who are thus subject to lethal force.
Such is the perspective of a report that several experts delivered to NATO this week. While the status of this report is more of a recommendation than a binding document, it nevertheless lays out detailed rules of Cyberwarfare that any nation might follow should they feel they must take action in a Cyberwar and want some basis for justification.
Perhaps the most chilling recommendation is to treat hackers as enemy combatants in many circumstances, thus warranting a fatal response. Yes, send in the drones to take out the hackers. It doesn’t matter that the hacker in question isn’t military. In fact, the hacker may just be a paid grunt doing his or her job. But if the target is a military target (including critical civilian infrastructure), then a paid hacker is a mercenary, and it’s perfectly legal to use lethal force against them.
Perhaps the most eye-opening aspect to this report is how it leaves so much up to interpretation. What is a soldier? A military target? What constitutes an attack, vs. a defensive action? A nation might simply interpret the manual how they like in order to justify any Cyber action they may desire to mount.
Make no mistake. Cyberwarfare is redefining warfare, just as nuclear weapons did in the last century. But the atomic age saw only two wartime uses of atomic weapons. With Cyberwar, the attacks are constant. Nothing will be the same again.