On February 7-8, with the participation of representatives from the U.S. State Department, NATO countries, and the EU in Kyiv, an international forum on cybersecurity in 2024 took place. The theme of the forum was resilience during cyberwarfare. The event was initiated by the National Coordination Center for Cybersecurity (NCCC) at the National Security and Defense Council of Ukraine and the Civilian Research and Development Foundation (CRDF Global) of the United States. It constitutes a multifaceted discussion of strategies and tactics to counter contemporary cyber threats among a wide range of politicians, experts, thought leaders, and international partners.
The forum's objectives include:
- Identifying areas for improving cybersecurity and cyber resilience.
- Accumulating Ukrainian practical experience in countering cyber threats.
- Forming a national professional community in cybersecurity.
- Involving and cooperating with international partners on all issues related to the security and stability of the digital space.
- Demonstrating the resilience of the Ukrainian cybersecurity system and its potential for further development.
Ilona Khmeleva, Secretary of the Economic Security Council of Ukraine (ESCU), and one of the event's speakers, addressed the international legal responsibility of the Russian Federation for cyber aggression and the classification of individual cyber attacks as war crimes.
She noted that responsibility for cyber attacks has two dimensions – personal criminal responsibility for international crimes and the international legal responsibility of the state. When it comes to responsibility for international crimes, two thematic directions are possible: qualifying cyber attacks as war crimes and positioning cyber attacks as elements of the crime of aggression.
"As attribution will be the most significant issue, it is more practical to qualify as war crimes those cyber attacks against civilian infrastructure that are part of a larger-scale attack. The International Criminal Court has jurisdiction over war crimes, particularly in cases where they are committed as part of a plan or policy or within the framework of the widespread commission of such crimes. Proving logical connections between different attacks will facilitate attribution (making it easier to demonstrate that it was Russians) and qualify as war crimes. – cyber Cyber attacks on civilian infrastructure are not abstract but part of a broader plan. Planning to commit massive war crimes is Russia's way of conducting hostilities," explained Ilona.
Concerning aggression, a broader interpretation of this crime is necessary. Ukraine has the opportunity to propose this by advocating for a special tribunal.
Khmeleva also added, "The next step is to attribute these unlawful actions to Russia as a state – Articles on the Responsibility of States for Internationally Wrongful Acts can be used here. If cyber aggression is qualified as an internationally wrongful act by Russia, this provides additional grounds to justify the confiscation of sovereign assets as compensation. Also, for the application of sanctions against companies that continue to supply Russia with advanced technologies."
This presentation logically complemented and summarized last year's research prepared by the ESCU in collaboration with the State Special Communications and Information Protection Service of Ukraine and the Strategic Communications Department of the General Staff of the Armed Forces of Ukraine regarding the relationship between cyber attacks and other dimensions of aggression.