ICC to prosecute cyber war crimes
Cyber war crimes are set to be investigated and prosecuted by the International Criminal Court (ICC) in the same way as kinetic and physical war crimes are, says the court’s lead prosecutor.
Editor’s note: This story originally appeared on Lawyers Weekly’s sister brand, Cyber Security Connect.
The Hague has recognised this, saying that cyber war crimes can have severe real-world consequences.
“As states and other actors increasingly resort to operations in cyber space, this new and rapidly developing means of statecraft and warfare can be misused to carry out or facilitate war crimes, crimes against humanity, genocide, and even the aggression of one state against another,” said ICC lead prosecutor Karim Khan.
“Attempts to impact critical infrastructure such as medical facilities or control systems for power generation may result in immediate consequences for many, particularly the most vulnerable.
“Consequently, as part of its investigations, my office will collect and review evidence of such conduct.”
Under the Geneva Convention, attacks against civilians can constitute war crimes under international humanitarian law, and for some time, researchers have pushed for cyber crimes to be recognised.
Mr Khan’s article does not refer to Ukraine specifically, but with the conflict between it and Russia proving to be the first real cyber war, it marks a time for change.
Ukraine has called for cyber atrocities to be considered war crimes for some time now, with the nation’s chief digital transformation officer Victor Zhora saying that as Russia had used these cyber attacks in support of its kinetic attacks and said attacks targeted civilians, the attacking nation’s actions constitute war crimes.
“When we observe the situation in cyberspace, we notice some coordination between kinetic strikes and cyber attacks, and since the majority of kinetic attacks are organised against civilians – being a direct act of war crime – supportive actions in cyber can be considered as war crimes,” he said.
Following this statement, the State Service of Special Communications and Information Protection of Ukraine began collecting evidence to back its point, with the Russian attack on Ukraine’s largest private energy investor, DTEK, being a strong case.
“[DTEK’s] thermal power plant was shelled, and simultaneously, their corporate network was attacked,” said Mr Zhora.
“It’s directed and planned activity from Russians, which they did both in [the] conventional domain and in [the] cyber domain.”
Mr Khan has said that attacks like this, which aim to hide between regulatory technicalities, draw a “whole-of-society response”.
“Cyber operations are sometimes employed as part of a so-called ‘hybrid’ or ‘grey zone’ strategy. Such strategies aim to exploit ambiguity and operate in the area between war and peace, legal and illegal, with the perpetrators often hidden behind proxy actors,” Mr Khan said.
While there has been no mention of when these changes will occur, it is likely to spark excitement for Ukrainian military officials.