Defending the nation from cyberattack was a priority reflected in the formal establishment of US Cyber Command in 2009. But whether cyberweapons truly fit into and complied with international legal norms and structures such as the International Law of Armed Conflict, which sets humanitarian norms during war – has been a question mark.
Debate over US cyberweapons policy for DOD was in full swing in early 2009. As in the past, when critical military policy questions were at stake, the Pentagon threw the problem over to the Defense Science Board and the Defense Policy Board to analyze and develop a cyberwar-fighting policy structure, cyberexperts told the Monitor.
"If we have the capability of using something that will disrupt, degrade, or deny an enemy at less than lethal force, we have an ethical conundrum," says Sam Liles, a professor of cyberforensics at Purdue University. "Should we use this – if cyber gives us that capability? Perhaps we're morally and ethically required to use it. On the other hand, if that weapon can be turned around and used against us, perhaps we shouldn't use it. That's what the policy discussion has been about."
Such a policy debate was made more urgent by the furor surrounding Stuxnet, the world's first publicly known cyberweapon, which was utilized by the US to sabotage Iran's nuclear fuel-refining facilities. It also accelerated debate about the wisdom of releasing such weapons, especially since they can be reverse-engineered and used against the US.