How Ethical Is Cyber Warfare?
It is unclear how discriminatory cyberwarfare can be. If victims use fixed Internet addresses for their key infrastructure systems, and these could be found by an adversary, then they could be targeted precisely. However, victims are unlikely to be so cooperative. Therefore, effective cyberattacks need to search for targets and spread the attack, but as with biological viruses, this creates the risk of spreading to noncombatants: while noncombatants might not be targeted, there are also no safeguards to help avoid them. The Stuxnet worm in 2010 was intended to target Iranian nuclear processing facilities, but it spread far beyond intended targets. Although its damage was highly constrained, its quick, broad infection through vulnerabilities in the Microsoft Windows operating system was noticed and required upgrades to antivirus software worldwide, incurring a cost to nearly everyone. The worm also inspired clever ideas for new exploits currently being used, another cost to everyone. Arguably, then, Stuxnet did incur some collateral damage.
Hence cyberattacks -- even those resulting in bodily harm -- do not threaten to undermine obeisance to the convention of civilian immunity in the way that illicit perfidy in the context of conventional war does. Roff does not address this important disanalogy between the two kinds of perfidy. Properly addressed, the disanalogy suggests the following conclusion: cyberwarfare necessarily involves perfidy but it is not morally as bad as the illicit perfidy in conventional warfare since the latter but not the former undermines civilians' immunity. Seumas Miller's 'Cyberattacks and "Dirty Hands": Cyberwar, Cybercrime, or Covert Political Action?' distinguishes in detail between cyberwar, cyberterrorism, cybercrime, cyberespionage, and what he calls 'covert political cyberaction' -- a species of covert political action. He argues that a plurality of inter-state cyberattacks are best understood not as acts of war or as criminal acts, but as a species of covert political action. He gives a preliminary ethical analysis of covert political cyberaction by arguing that it is understood as a species of 'dirty hands' action -- conduct that infringes a right in order to avert a sufficiently worse state of affairs. Note though that if Roff is right (in the previous article) that certain kinds of cyberattacks necessarily involve perfidy, it might be harder than Miller suggests to justify covert political cyberattacks. He also argues, though, that a retrospective and prospect form of the principle of reciprocity -- which permits one party to commit a verboten act if an adversary has committed it -- can be a justifying principle for covert political cyberattacks despite the fact that the principle is not justifying in its application to conventional warfare. The result is that there can be moral justifications for covert political cyberattacks other than that of self- or other-defense (Jeff McMahan, 2009).
To date, there is virtually no effort in this, more mathematical and logical, direction.
Jeff McMahan Killing in War, Oxford: Clarendon Press, 2009, p. 215. See also Tadros, Victor 'Orwell's Battle with Brittain: Vicarious Liability for Unjust Aggression', Philosophy and Public Affairs 42 (2014), 42-77.