(I'm not downvoting you)
A more direct answer might be this: What if an enemy hacker was attempting to compromise battle plans for an impending invasion? I suspect the military would try to stop that effort with violence if there were no easier way.
In all seriousness though, security is not that simple. Yeah, what you're suggesting would mitigate risk, but it wouldn't come remotely close to eliminating it. You can end/save lives through hacking, and if you're costing the opposition lives, you should be treated as anyone else would be.
Why does Three Mile Island need a REST API?
see also: WMD
Take for example the recent "cyber attacks" on South Korea. They first accused China, North Korea, before doing deeper investigation and finding that the attack originated from somewhere else. They could have very well killed the wrong people, starting a war with the wrong country.
And like the infamous "weapons of mass destruction" this can easily be used to attack a country under false pretenses.
IMHO much more resources should be spent on research and tools to make software intrinsically safer and more secure, instead of all the pooha about war and killing. It could lead to much more sustainable solutions that actually solve the problem of "we're much too vulnerable digitally".
The study indicates that killing state-sponsored hackers is justified as an act against the aggressor State, not as an act against those individuals.
Attacking an individual in another State is itself a violation of that target State's sovereignty and would be grounds for legal retaliation.
The real legal problem in this comes from the grey area around where "terrorists" fit in these definitions  and who exactly gets to define "terrorist" .
But given how far US legal minds have already taken the escalation of executive power in these cases, it seems silly to think they'd feel particularly restricted in adding "hellfire missile" to their list of options, if not for some third party's supportive legal opinion.
Frankly, when the State can simply disappear a citizen without recourse, the question of whether they may decide outright murder is legal seems rather superfluous.
 Where it is precisely the lack of State sponsorship that brands one a "terrorist" and opens the door to extra-legal abuse.
 In the US, two administrations have asserted that a "terrorist" is anyone the executive branch claims is a terrorist due no particular evidential requirement and subject to no legislative restriction or judicial review.
Exactly some of the points I tried to point out, as well, in my comments. There is also the central issue that this document is a NATO handbook, not a doc focused on the US military or other governmental agencies.
NATO is trying to wrestle with how to understand and apply the Geneva Conventions to cyberwarfare.
Seems some people are missing that part and reacting as if this is another secret White House memo.
That's not actually true, but don't let the facts get in the way of your narrative.
Nowadays, people push buttons from great distances away and one keystroke could unleash havoc halfway around the world. Meanwhile the guy who pushed that button is off to pick up his kids from school (he may not even have known what he started since his code is one piece of a larger whole). At what point are you at war in that scenario? When can the guy who pushed the button be considered an aggressor? While he's behind the keyboard or at anytime during his life thereafter? If he's already part of his country's military, I guess this is different.
I suspect there's a lot of exaggeration in the headline and the actual document is more nuanced.
We are already in an era after the atomic bomb, after "total war". Now we are disturbed that in the future, civilians might be killed along with the countries they support in war? How about this happening constantly in war all the way back to city-states?
You might not like the message, but they're not going after Ruby on Rails developers. They're going after virus makers targeting military networks etc. Or Al Qaeda's social media manager.
This article is bullshit reporting sensationalizing the story. Here is an actual report on the NATO manual this article is about: http://www.guardian.co.uk/world/2013/mar/18/rules-cyberwarfa...
Since when did we start to believe that civilians are safe in wars? Is this not one of the worst and most ancient aspects of war, that it consistently kills civilians?
Moving hacking from play, to fraud, and then warfare has deep implications that are very important to discuss. Mainly what happens if play is confused with warfare. I can imagine (is happening indeed) witch-hunting in the name of security.
If you think about it, a cyber-hacker (normally) won't be much of a threat to the capturing force ... how many are trained warriors? And the amount of knowledge that might be gained is immensely more (again, how many are trained to withstand even mild torture)?
Where did you see that in the text?
So I think, that the dominant military power ( or in case of the NATO, military alliance) should try to limit the use of potentially disruptive developments, already out of self interest.
 I will not argue in this about the morality of war or the logic of warfare. Here I will simply argue within this framework.
How does international law protect civilians in a war, except by the actions of a party interested in protecting those civilians?
I don't know what protections you are talking about, but I doubt the pilots would be piloting anything from their homes. They only go there on leave, just like all other soldiers. As for hackers, if a state sponsored attack is launched from a civilian home, it is a violation of the rules of war. The hackers should be in a military installation when doing anything (they probably would anyway, just for security, easier cooperation etc.). There has always been soldiers who fight wars without going to the battlefield.
You don't even need an internet connection for them to receive virtually zero criticism for blowing you up with a drone-launched missile.
In response to the parent: I highly doubt any of those systems are connected to the web, and more importantly it's likely the operators of such systems practice a bit more stringent data sanitization than the Iranians.
Maybe better but not good enough.
A hacker is a person using a tool, or weapon. They do the hack, and its done. Then get on with life, or do work or do training, etc. Same as a tank commander. Most of the time they are not doing tank killing. They are laid up, or doing something else. So, why not hunt them down the same way? Why are hackers special?
Talk about pussy easy fashionable target.
Uh, during wartime... yes?
They're all combatants, and it's simply a good strategy to hit your enemy when they can't shoot you back.
The article from The Guardian is more balanced in presenting the actual news. This doc is directed at how to handle state-sponsored and other war-time cyber attacks, offering a set of guidelines that indicate targets that are expressly advised to be off-limits--such as "sensitive civilian targets such as hospitals, dams, dykes and nuclear power stations". It is wrestling with how to understand and apply the Geneva Conventions to cyber attacks (e.g., see Rule 80).
Where do civilian hackers come into play? When they're among those "who participate in online attacks during a war". Yes, that is worrisome and potentially alarming if applied too broadly. While abuse of these guidelines concerns me (greatly), this is not a new issue in the art of contemporary war.
Consider the French Resistance during WWII--a heavily civilian-populated paramilitary resistance force that not only engaged in intelligence theft & trafficking, but also were highly regarded and notorious for coordinating and executing sabotage against power grids, transportation infrastructure, and telecommunications networks. I think it could be argued that the Resistance is a historical analogue to contemporary hackers/hacktivists engaged in cyber attacks during a state of war. This document is essentially wrestling with the legalities and rules of war that should apply where the contemporary equivalent is concerned. Of course, I'd guess a lot of us would have greater sympathy for Resistance-style hackers engaged in acts of sabotage than, say, state-sponsored hackers who are targeting domestic nuclear facilities.
The real meat of the NATO document appears to be circling this line of thinking:
< The manual suggests "proportionate counter-measures" against online attacks carried out by a state are permitted. Such measures cannot involve the use of force, however, unless the original cyber-attack resulted in death or significant damage to property.
Okay. Prohibition against launching missiles and invasion forces as retaliation for hacking that did not result in death or significant damage to property? Check. (of course, we need to be careful about how we define 'significant damage to property').
This is, however, where the document gets far more interesting and alarming than the OP article mentions. Specifically, note Rule 22 and commentary:
> "An international armed conflict exists whenever there are hostilities, which may include or be limited to cyber operations occurring between two states or more . . . To date, no international armed conflict has been publicly characterised as having been solely precipitated in cyberspace. Nevertheless, the international group of experts unanimously concluded that cyber operations alone might have the potential to cross the threshold of international armed conflict."
We've now hit the point that state-sponsored digital operations are recognized as having the potential to initiate armed international conflicts. Not only that, but we have a formal declaration that international armed conflict may be limited to 'cyber operations occurring between two states or more'. That is the more alarming bit of news here.
Variation: this is detected beforehand, but very little time remains (hours/minutes) before "detonation". Polite diplomatic channels are in no way fast enough. The cyber-attack is traced to 10,000 malware-hijacked PCs in a handful of concentrated residential neighborhoods.
Assuming that knowledge, there's plenty that could be done if we have forewarning. Take those neighborhoods offline at the ISP level. Alternately, block the zombie IP ranges via firewall at the receiving end.
I think the real danger is that we won't have such forewarning, and in the slim chance we did we won't have that crucial knowledge(what specifically is the target and attack vector?).
Just curious, when did you learn to code? For me it was about 5th grade. There are 6th graders now who were born after the United States entered Afghanistan. There are currently human beings capable of writing software who have never existed in a non-wartime state.
Just something to consider when we declare measures like these "extraordinary" and justifiable in "wartime." The War on Terror isn't going to just end. You and I may not live to see the next peacetime. If we say it's okay during wartime, then it had better be okay during the majority of our lives.
This document isn't talking about there being conflict just anywhere in the world, but about the actors involved within the states that are officially engaged in open hostilities--i.e., if there is conflict between China and Taiwan, it's not okay for Pakistan to retaliate with conventional force against a group of hackers in India. At least, that's how it reads to me at the moment.
Also, I wasn't saying it was okay. I was pointing out that the posted article is sensationalized, misleading, and misrepresenting the information to get page views--while adding some actual context and content the article completely left out or presented incorrectly. And I wanted to draw an historical analogue to something I thought many people would know about that could be accomplished by hackers today, potentially falling under the purview of this new NATO guidance.
[edit: I learned to code in 5th/6th grade. sorry to leave that out.]
We thought blitzkrieg was a challenge about 75 years ago. This is a huge shift.
Some research finds that under current laws of war “Combatant and prisoner of war status is granted to members of dissident forces when under the command of a central authority. Such combatants cannot conceal their allegiance; they must be recognizable as combatants while preparing for or during an attack."
So it looks like the self organizing nationalists as some of the Russian a Chinese hactivists have been described that attack enemies of the sate are not covered.
The document is about its contents and its contents alone, irregardless of what we may be sure it is about.
I disagree that including the French Resistance as an analogy for the types of groups that could come under the provisions of this manual is muddying the waters. They strike me as a salient example of non-military, non-governmental personnel who could be (and were historically) categorized as combatants if engaged in cyber activities during armed conflicts.
The manual specifically includes civilian actors engaged in cyber actions during wartime hostilities between countries. It does not, to the extent I've read it so far, include a distinction between those who are resistance groups and those who are state actors--that's a subjective determination and what this doc is discussing is applying the Geneva Conventions to contemporary issues.
[Nitpick:] More confusing still, using Francs-tireurs is, unfortunately, both too specific and ambiguous at the same time. Some (like myself) might mistake you for meaning the Francs-tireurs from the Franco-Prussian War, where the term originated. Or did you mean Francs-tireurs, the name adopted by a couple groups who were part of the Resistance (like the FTP). Then again, that francs-tireurs became a more generalized term to refer to potentially non-lawful combatants between and after all the wars from the Franco-Prussian to WWII, adds further chance for confusion. Assuming you are referring to the French Resistance as I was, however, it is not the general term used for the Resistance members as a whole.
Given the quote you include, it then sounds like you're not responding to the Resistance at all, but perhaps the generalized francs-tireurs--note, no capital F--about whom those rules were made during the Third Geneva Convention.
Really? As if people really followed the rules during wars. History is full of people breaking such "rules" and nothing happens... after all "it's war".
I'm not suggesting people under extreme stress should be expected to act impartially... though I wonder why discuss such rules if none will be applied anyway.
I wouldn't be surprised if the US and Soviets were killing hackers 25+ years ago during the cold war.
Not just some kid who nmaps the wrong netblock.
However, they also include civilian 'hacktivists' who engage in cyber attacks against an enemy state during existing armed conflict.
[edit: clarify civilian angle]
Whether wars are of the "world" variety, the "cold" variety, or the dubious "terror" variety matters not.
A weapon system comparable to this would enable a drone to reliably target one and only one person. That would be instrumental in taking out both hackers and drone pilots under this new doctrine.
Ignore the main plot and look to the interactions between the protagonist and the drones:
> catches him monitoring a frequency used by the drones, an act that warrants a brutal attack
So you wouldn't mind then if I secretly install a program that makes your computer attempt to hack some US military network? Because that's a huge difference between physical violence and cyber "violence": in meat space, I can't hijack your body to commit crimes.
In fact, that's the whole point of war: all other viable options for self-preservation (personal and national) have been exhausted, leaving only killing people and breaking things until the threat stops.
This whole argument can get philosophical, but I see your point.