In this regard, States may consider including in the malware a “kill switch” which, if activated, immediately stops the malware from spreading further. The presence of an effective “kill switch” ensures that the attacker is capable of limiting the effects of the malware in particular circumstances. Accordingly, the malware would not qualify as an inherently indiscriminate cyber weapon.<ref>Cf. also Tallinn Manual 2.0, commentary to rule 105, para. 4 (“To the extent the effects of the means or method of warfare can be limited in particular circumstances, it does not violate [this prohibition].”).</ref> Of course, it would still be capable of being used in an indiscriminate manner, but that is an issue that must be considered in relation to each specific attack rather than during the ex ante legal review.
Overall, the assessment must take into account all relevant circumstances and the reasonable expectations of the deploying State.<ref><!--[ADD REF]--></ref> In this regard, the temporary effects on civilian infrastructure occasioned by the spread of the virus are likely insufficient to indicate the illegality of the malware. This is because mere inconvenience or annoyance is not considered as collateral damage to civilian objects in the proportionality calculus.<ref>Tallinn Manual 2.0, commentary to rule 105, para. 5.</ref> As long as the release and proliferation of the malware is not expected, or should not reasonably be expected, to cause damage to civilian and military systems without distinction, it would thus likely pass the second condition, too.<ref>See also Tallinn Manual 2.0, commentary to rule 105, para. 5 (considering that “Stuxnet-like malware that spreads widely into civilian systems, but only damages specific enemy technical equipment” would not violate this prohibition).</ref>
== Checklist ==