For many of us, February 24, 2022, was just a regular day, while for the others it was the day when everything changed. Did Russia become more sophisticated at taking over countries? Who is next?
During its invasion in Ukraine, Russia allegedly conducted Distributed Denial of Service (DDoS) attacks, and deployment of wiper malware against various sectors. One of the most recent multifaceted and deliberate cyber-attacks reportedly started approximately one hour before the actual invasion and resulted in a partial interruption of Viasat Inc’s KA-SAT consumer-oriented satellite network. Despite Ukraine’s military being the main target, as it was believed, private and commercial internet users were affected as well, in addition to wind farms in central Europe. With Russia previously denying to carrying the alleged cyberattacks, without hard evidence, all we have is a mere suspicion. And, although Russia-Ukraine conflict continues to be fought in the physical realm, it showed us how wars between immensely cyber-capable States might play out in the future.
We know of International Criminal Court (“ICC”) and some State authorities taking steps towards probing the cyberattacks in Ukraine as possible war crimes by prosecuting such crimes as a matter of policy, holding fair and rigorous criminal trials which require a lot of details to be worked out, at issue remaining how will they get evidence from State, to how they will share it with defense team, and whether they can secure their own cyber defenses? Should ICC start by building its internal expertise first?
ICC’s attempts of setting a precedent for international law by issuing four arrest warrants against senior Russian suspects since the invasion, including Valdimir Putin, who was suspected of a war crime over the deportation of the Ukrainian children to Russia, are very well known. However, Russia, which is not a member of ICC, dismissed the decision as “null and void”. Are we failing at holding Russia accountable, again?
In 2021, the United Nations Group of Governmental Experts on Advancing Responsible State Behavior in Cyberspace in the Context of International Security (UN GGE) reportedly affirmed the applicability of international humanitarian law (IHL) to State and non-State actors’ uses of cyber capabilities in the context of armed conflict. One of the questions that still remains open is “how specific aspects of IHL govern wartime cyber operations”? The prominent role of cyber operations in the nearly ten-year Russia-Ukraine war highlights the need to evolve understandings with respect to (1) developing expertise in cyber defense, by setting up firewalls, protecting critical infrastructure, threat hunting, and data migration, as Ukraine did with the assistance of Microsoft and Palo Alto; (2) passing laws permitting data migration to foreign servers for the purpose of safeguarding Ukraine’s data, same as Ukraine did with the help with Google and CISCO; (3) and the law of neutrality, which although specific to land, air, and sea, apply to all domains. This law, as it applies to cyberspace, preserves the duty of States to prevent attacks from being launched from a state’s territory when the State has knowledge of such activity.
How prepared are we to face Cyber Crimes of this caliber?