"[International Humanitarian Law] requires that we take care in distinguishing combatants (such as military personnel) from noncombatants (such as most civilians) when we use force. Yet containing any cyberattack to lawful military targets is perhaps impossible today," he says.

Since private corporations are not constrained by humanitarian law, Lin says they could retaliate against cyberattacks without the risk of dragging a nation-state into war. If they were given some level of immunity for self-defense, they would be more willing to deter the outlaws of the Internet.

To include a measure of due process, he suggests companies could present evidence to courts to secure warrants for counter attacks. And things like, "misidentification and unreasonable action -- a corporate George Zimmerman-like case -- can be adjudicated (by the courts) with a standard of reasonable proof," he says.

Lin acknowledges any number of potential problems: Innocent parties could be harmed; a retaliatory attack could spawn escalation that could lead to physical conflict; attribution in cyberconflict can be near to impossible. But he says those problems exist in physical conflict as well: There is regular so-called "collateral damage" in war, when civilians are harmed even when military targets are attacked, and people don't always know exactly who is shooting at them when they shoot back.

Randy Sabett, an attorney and infosec/privacy expert with ZwillGen, says he agrees "100% [with Lin] that we must have a dialogue about this. We need a national policy that is based on well-thought-through concepts around cyber self-defense."