Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
National Research Council
William A. Owens
2009

You can find the full text of the document here.

William A. Owens describes a cyberattack as any “dilberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks.”  Owens makes it clear that cyberexploration is a information gathering technique and quite different from a cyberattack which has the intent to do harm.

• Cyberattacks could support military operations or covert actions.
• A cyberattack should be compared to the notions of “use of force” or “armed attack” by the United Nations.
• Cyberattacks must have crisis stability, i.e. they must be prevented from escalating to the physical space.

Owens finds that cyberattack can be valuable for the U.S. in many scenarios from “small skirmishes with minor actors on the international state to all-out conflicts with adversaries capable of employing weapons of mass destruction.”  He finds that these technologies significantly expand the potential options of negotiating a crisis situation for U.S. policy makers.  However, it is felt that the legal framework surrounding the issue is far underdeveloped, that there is a great degree of widespread misinformation, and that for its good uses, the indirect consequences of its use may exceed any immediately recognizable consequences.

You can find the full text of the document here.