Keyboard with white, blue and red backlight showing Russian cyber attacks viewed as war crimes

Ukraine Declares That Russian Cyber Attacks May Be Viewed as War Crimes, Plans To Take Cases to the Hague

Politico reports that cyber officials in Ukraine have decided to label some Russian cyber attacks as war crimes, and are gathering evidence to present to the U.N.’s International Criminal Court (ICC) in the Hague.

Ukraine argues that Russian cyber attacks that target civilians via infrastructure impacts are coordinated with kinetic military attacks. Officials cite examples in which the Russian military shelled a power plant or telecommunications provider while simultaneously executing a cyber attack against it. This combination of cyber and real world attack is relatively new to international conflicts, and Ukraine is asking the ICC’s Office of the Prosecutor to investigate these incidents and for the international community to begin a dialogue about how these rules of engagement might be updated.

Could Russian cyber attacks be viewed as war crimes?

Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP), is advancing the argument that Russian cyber attacks that come in tandem with bombing campaigns or similar military actions should be considered war crimes.

The claim is bolstered by a recent campaign by some researchers and academics that have made more general arguments associating cyber attacks with criminal responsibility. These arguments tend to focus on the actual impact of the cyber attack in the real world, particularly on elements of critical infrastructure needed to sustain life. The first threshold that would have to be cleared is establishing sufficient “gravity” of this damage under the terms established by the ICC’s founding treaty, the Rome Statute. The cyber attack would also have to be clearly attributable to the party being tried, something that has been a central confounding influence in terms of progressing international agreements on how online attacks and espionage should be handled.

This is also not the first attempt to have Russian cyber attacks labeled as war crimes since the invasion of Ukraine began. In May 2022, members of the UC Berkeley School of Law’s Human Rights Center formally petitioned the ICC to prosecute Russia’s state-backed “Sandworm” team. The unit is thought to be associated with the GRU and responsible for prior attacks on Ukraine dating back to at least 2015, including the NotPetya ransomware and direct attacks on the power grid intended to cause blackouts that made use of malware designed to target industrial control systems.

The more recent case for war crimes advanced by Ukraine’s SSSCIP points to Russian cyber attacks that accompanied a July 2022 shelling of DTEK Energy facilities, in which the corporate network was attacked by malware during the bombardment. Zhora says that other similar examples of paired cyber attacks and shellings or terrorist bombings have been documented in Odesa, Lviv, and Mykolaiv during the course of 2022; in all cases the Russian cyber attacks allegedly impacted power grids, telecommunications, IT services or some form of critical infrastructure used by citizens.

Zhora also accused the invading force of using “filtration procedures” in occupied territories to identify and “capture, kill or torture” residents that support the Ukraine war effort or are associated with the military, something alleged to be supported by Russian cyber attacks that grant access to sensitive personal information.

Cyber war crimes issue yet to be addressed by ICC

The ICC has not issued any formal comment as of yet on the issue of cyber attacks as war crimes. The ICC Forum, an independent project hosted by the UCLA School of Law’s Human Rights Project that provides a line of communication to the ICC, has noted some of the key issues that make it such a tough topic to broach: these attacks rarely come with “smoking gun” evidence of their origin and are attributed largely by inference, and the UN Charter generally looks for loss of life as a test of the gravity of the attack.

Russian cyber attacks have targeted Ukraine infrastructure, particularly the power grid, since long before the current invasion started; these actions date back to at least 2014 when hostilities over territory disputes flared up. Russian President Vladimir Putin has directly admitted to some of these actions during the current Ukraine invasion, but accuses the other side of doing the same and having been the original instigators.

The Russian cyber attacks are far from the only instances of war crimes that Ukraine is looking to prosecute; the country’s prosecutor general office has reportedly documented about 34,000 alleged war crimes of all types since the invasion began in February 2022. Ukrainian forces have also been accused of war crimes, however, in some cases with supporting video evidence present, to include executing Russian soldiers that had surrendered and the use of banned armaments such as cluster bombs and chemical weapons.

Ukraine argues that Russian #cyberattacks that target civilians via infrastructure impacts are coordinated with kinetic military attacks, and should be classified as war crimes. #cybersecurity #respectdataClick to Tweet

Paul Martini, CEO and CTO at iboss, notes that the discussion about making attacks on critical infrastructure into potential war crimes reflects a recent increase in the capacity for malware to cause real-world damage: “News that Ukrainian officials are weighing cyberattacks as potential war crimes is reflective of how seriously governments are taking these growing and evolving threats. The dangers that these threat actors pose is evidenced by recent news that Russian hacking group, Cold River, targeted three U.S. nuclear research laboratories, which could carry disastrous consequences. Companies and governments must work together to both share the latest information and ensure we are deploying the most modern cyber defenses.”