The advent of cyberwarfare raises any number of legal quandaries, let alone ethical ones: when its possible to do serious damage without crossing a border or firing a shot, where do you stop? NATOs Cooperative Cyber Defence Centre of Excellence CCDCOE is publishing the finished version of a non-binding guide, the Tallinn Manual, that could settle at least the legal disputes. For the most part, it demands a measured, one-for-one response and attempts to minimize collateral damage. Digital retaliation is appropriate if the state is a victim of a hacking attack, but bombs and guns should only come into play if virtual combat leads to real casualties. Any attacks should likewise steer clear of civilians, and simply having the capacity or desire for a hacking campaign doesnt make someone a target — there has to be an “imminent” threat to justify a preemptive strike. NATO isnt formally adopting the Tallinn Manual as policy, and its difficult to know whether the organizations member nations or any other country would honor the guidelines when parties on all sides have been pushing the boundaries of cyberwarfare for years. Still, well have to start somewhere if we want to draw a line in the silicon.

via Tallinn Manual defines the legal groundwork for cyberwarfare.