Letting slip the dogs of cyber-war?

Once again, I have missed out on cyber-related news that is of interest and possible importance: Mojtaba Ahmadi, the commander of the Cyber War Headquarters, was found shot dead outside of Tehran on October 3. Revolutionary Guard Corps investigators are warning regime supporters and hacktivists not to jump to conclusions about who was responsible, and the Israelis themselves (the inevitable target of ire) are also denying involvement. It's not exactly impossible to believe that such killings are below the Israelis, given Mossad's alleged involvement in the deaths and kidnappings of Iranian nuclear scientists. But as former Shin Bet intelligence chief Yaakov Peri has pointed out, these kinds of killings are also common in Iran due to internal disputes amongst rival politicians and military commanders.

This news has me reflecting upon two different speaking engagements that I attended this year:

• Earlier this year, the release of the Tallinn Manual on International Law Applicable to Cyber War made major waves when some journalists and scholars pointed out that the manual justified the killing of hackers in wartime. However, when I was at Georgetown's International Engagement in Cyberspace conference back in April, Professor Wolff Heintschel von Heinegg, one of the Tallinn Manual's authors (see an after-action report on that discussion here) pointed out that they did not seek to legitimize killing hackers under just any state of conflict. Rather, the Tallinn Manual requires evidence that the hacker participated in an attack causing death and destruction on a massive scale - as per Article 51 of the UN Charter. Whatever one thinks about Iran's cyber forces, there isn't any evidence yet that Ahmadi is a legitimate target under the criteria laid out by the Tallinn Manual for kinetic action.
• That being said, there is sentiment on K Street right now that Iran is not a "rational actor" in cyberspace. In July, I attended an Atlantic Council panel discussion on the threat that Iran poses in cyberspace. While I was there, I listened to folks such as the Council's Jason Healy and Crowdstrike's Dimitri Alperovitch make the argument that while the Iranians currently have low capability in cyberspace compared to the U.S. (though Alperovitch disputed the claim that they are merely a "third tier" cyber-power), they have high intent to cause major damage and (it was implied) death through catastrophic cyber attacks. And like Israel's PM Benjamin Netanyahu, none of the folks at this event seemed terribly optimistic that the election of Hassan Rouhani as the new Iranian President would significantly de-escalate tensions in cyberspace (Barbara Slavin said that the group's attitude was "cautious optimism" at best). As if one looks to the Pentagon, DoD's sentiments are pretty clear and have been expressed in the least subtle terms possible.

Long story short: There is definitely a lot of sentiment in DC right now that Iran is one of the most threatening actors in cyberspace that we face, but if Ahmadi's death really were one of the shots fired in the cyberwar, it would be a pretty scary precedent to set. That's why I am skeptical that he really was killed by Mossad - unless the U.S. and Israeli intelligence found evidence that Ahmadi had intent and capability to do something so horrible and drastic that they were able to make some sort of convoluted legal justification for killing him.