Cyber attacks have been around for decades, researchers at the New State University at Buffalo, N.Y., say, and the most serious escalation has seen countries launch attacks on other nations, like the Stuxnet nuclear plant-disrupting computer worm the Iranians have blamed on Israel and the United States.
University military ethicist Randall R. Diper says this is worrisome because cyber attacks are almost entirely unaddressed by traditional morality and laws of war.
"The urge to destroy databases, communications systems and power grids, rob banking systems, darken cities, knock manufacturing and health-care infrastructure off line and other calamitous outcomes are bad enough," Dipert says. "But unlike conventional warfare, there is nothing remotely close to the Geneva Conventions for cyberwar. There are no boundaries in place and no protocols that set the standards in international law for how such wars can and cannot be waged.
"For instance, traditional rules of warfare address inflicting injury or death on human targets or the destruction of physical structures," he says. "But there are no rules or restrictions on 'soft-' or 'cyber-' damage, damage that might not destroy human beings or physical structures as objects.
"But intentional destruction or corruption of data and/or algorithms and denial-of-service attacks could cause tremendous harm … that could make entirely civilian systems that are necessary for the well being of the population inoperable for long periods of time.
"I would predict that what we face today is a long Cyber Cold War," Dipert says, "marked by limited but frequent damage to information systems, while nations, corporations and other agents test these weapons and feel their way toward some sort of equilibrium."