Cyber deception and autonomous attack - Is there a legal problem?

The publication of the Tallinn Manual on the Law of Cyber Warfare is a huge step forward and now States must decide whether to adopt, formally or otherwise, the rules and guidance it provides. A discussion of deception operations in the cyber age reveals some of the challenges we face in simply transposing existing law of armed conflict rules into cyber terms. Deception operations in warfare are nothing new; some are lawful, and some are not, but does a person have to be deceived for an act that otherwise breaches article 37(1) to be perfidy? How does the law address the improper use of protective indicators and, indeed, espionage in the cyber context? And then we have the crunch question. If cyber deception operations become pervasive so that little or no reliance can be placed, say, on targeting data, what implications does this have for the ability of combatants to comply with distinction, discrimination, proportionality and precautions rules, and does that matter?