Hackers can be battlefield targets, says NATO report

Targeting of civilian hackers is one of many recommended mandates in the handbook, which also outlines specific rules of engagement for offensive and defensive cyber warfare missions. 

{mosads}The handbook, first reported by The Guardian, was commissioned by the alliance’s Cooperative Cyber Defense Center of Excellence and included input from U.S. Cyber Command and the International Committee of the Red Cross. 

The NATO-commissioned handbook is the first major attempt to codify how alliance members will leverage cyber warfare capabilities in the field during future conflicts. 

The new manual will be “the most important document in the law of cyber-warfare,” NATO legal adviser Col. Kirby Abbott told The Guardian on Thursday. “It will be highly useful.”

Aside from targeting civilian hackers, the handbook also puts restrictions on the types of networks alliance members and their allies — including the United States — can strike.

Certain civilian targets such as hospitals, dams, and nuclear power stations have been ruled off limits for NATO or allied-led attacks, according to the handbook. 

On the defensive side of cyber operations, NATO calls for “proportionate counter-measures” in response to a strike. 

The use of lethal force against hackers or other cyber operatives in response to an attack, according to the handbook, can only be triggered if that attack ended with the deaths of others or significant property damage. 

“You can only use force when you reach the level of armed conflict, professor Michael Schmitt, the lead author of the NATO cyber rulebook, told the Guardian. 

“Everyone talks about cyberspace as though it’s the wild west. We discovered that there’s plenty of law that applies to cyberspace,” he added. 

Earlier this month, the nation’s top intelligence officials told Congress that cyberattacks are the leading security threat facing the United States.

Director of National Intelligence James Clapper told lawmakers that terrorist groups are increasingly pursuing the ability to wage cyberattacks, which, if successful, could bring businesses and the government to a halt. 

“Increasingly state and non-state actors are gaining and using cyber expertise,” he said. “These capabilities put all sectors of our country at risk, from government and private networks to critical infrastructures. 

U.S. intelligence officials have also picked up indications that terror groups, such as al Qaeda and others, “are interested in developing offensive cyber capabilities” according to Clapper. 

Organized crime syndicates are also looking more and more into cyberspace as a way to generate profits, contributing to an emerging “black market to sell cyber tools that fall into the hands of state and non-state actors,” Clapper said at the time.