“As custom government malware becomes an increasingly common international weapon with real-world effects—breaking a centrifuge, shutting down a power grid, scrambling control systems—do we need legal limits on the automated decision-making of worms and rootkits? Do we, that is, need to keep a human in charge of their spread, or of when they attack? According to the US government, no we do not.
A recently issued Department of Defense directive signed by Deputy Secretary of Defense Ashton Carter sets military policy for the design and use of autonomous weapons systems in combat. The directive is intended to minimize ‘unintended engagements’—weapons systems attacking targets other than enemy forces, or weapon systems causing collateral damage. But the directive specifically exempts autonomous cyber weapons.”
Source: US cyber-weapons exempt from “human judgment” requirement | Ars Technica