Regarding innocent parties being harmed, Lin notes that "most cyberattacks are launched by botnets, [so] it's an open question of whether these computers are really innocent. While their owners may lack the intent to have their computers used in a botnet attack, in most cases they seem to be negligent in failing to prevent their computers from being hijacked, and this makes them at least partially responsible for the attack."

And while he agrees with Sabett that few corporations could effectively counter cyberattacks, he says, "they could form industry consortiums or cooperatives that collectively can mount a good defense."

All three agree on one thing: this problem is not going away. Sabett says rather than try to adapt humanitarian law to cyberspace, it would be better to adapt the Law of Armed Conflict, which he says is now being done. "A cyber version is being written, and with a cyber equivalent to [the law], we wouldn't have to worry about constraints on government."

Lin says: "Ideally, we'd have a national policy in place that deters attacks and provides for an effective response. But we don't. For that to happen, we need to work harder to solve the difficult moral and legal issues involved, as well as reach some international agreements in this area.

"So 'Stand Your Cyberground' is meant to be an interim solution," he says.