With control systems in dams, hospitals, power grids and industrial systems increasingly exposed online, it's possible that nation states could seek to damage or disable them electronically.
But building electronic defenses to prevent such attacks is expensive -- and often ineffectual, given the myriad ways in which they can fail or be breached.
That's why the Global Commission on Internet Governance recommends that in any future cyberwar, governments should pledge to restrict the list of legitimate targets for cyberattacks, to not target critical infrastructure predominantly used by civilians, and to not to use cyberweapons against core Internet infrastructure.
While a gentleman's agreement might not seem like much protection, for a nation to break such a taboo would be to risk an all-out attack in retaliation, the commission suggested in "One Internet," a new report on the future of the Internet.
An agreement won't eliminate all risks of cyberattack for civilian infrastructure, of course: Just as with the protection afforded hospitals and the like under the existing Geneva Conventions, there will always be those willing to ignore the rules.
"For some sub-state terrorist groups and rogue states, making daily life difficult for their enemies is already their policy and they have less to lose as they already regard themselves as being in a state of conflict," the report said. "Sporadic attacks on vulnerable systems and markets are to be expected."
The report is not just about cyberwar. Its whistle-stop tour of Internet ethics also takes in surveillance, privacy, anonymity, censorship and child protection, with additional chapters on reducing online crime and the threat that blockchain technologies pose to the established order.
The Global Commission on Internet Governance is chaired by former Swedish Prime Minister Carl Bildt and was set up by two think tanks: Chatham House in the U.K. and the Centre for International Governance Innovation in Canada. CIGI was founded by former BlackBerry co-CEO Jim Balsillie.