Ukraine at D+320:  Cyber war crimes?
N2K logoJan 10, 2023

There's nothing new on the Eastern front. Ukraine continues to equip itself with NATO systems, and Russia continues hitting civilians.

Ukraine at D+320: Cyber war crimes?

Desultory Russian strikes continue against civilian targets, inflicting civilian casualties, according to Al Jazeera. The New York Times describes heavy, continuing fighting around Bakhmut, but the Telegraph reports that US sources see Russian artillery fire decreasing by as much as 75%, probably because of mounting ammunition shortages.

The fight for Bakhmut has turned into a contest over the village of Soledar, the Guardian reports, where Russia's Wagner Group has made local advances. Soledar's salt-mining tunnels are apparently of particular tactical interest.

The UK's Ministry of Defence (MoD) looks at a local Russian offensive aimed at facilitating capture of Bakhmut. "In the last four days, Russian and Wagner forces have made tactical advances into the small Donbas town of Soledar and are likely in control of most of the settlement. Soledar is 10km north of Bakhmut, the capture of which likely continues to be Russia’s main immediate operational objective. Russia’s Soledar axis is highly likely an effort to envelop Bakhmut from the north, and to disrupt Ukrainian lines of communication. Part of the fighting has focused on entrances to the 200km-long disused salt mine tunnels which run underneath the district. Both sides are likely concerned that they could be used for infiltration behind their lines. Despite the increased pressure on Bakhmut, Russia is unlikely to envelop the town imminently because Ukrainian forces maintain stable defensive lines in depth and control over supply routes."

Cyberattacks as war crimes.

Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, told Politico that Ukraine was gathering information on the ways in which Russian cyberattacks have constituted war crimes. Zhora said, “When we observe the situation in cyberspace we notice some coordination between kinetic strikes and cyberattacks, and since the majority of kinetic attacks are organized against civilians — being a direct act of war crime — supportive actions in cyber can be considered as war crimes.” Thus cyberattacks and development of intelligence by cyber means have played an enabling role in kinetic war crimes.

Some of the Russian cyber intelligence work has allegedly been used to support "filtration," that is, the identification of civilians regarded as posing a threat to Russian occupation. “Russian troops often use filtration procedures on occupied territories to identify people who support Ukraine, who were engaged in public service, or military service, so they capture them, then torture, kill," Zhora said.

And some cyber activities, including even the spread of disinformation, may themselves qualify as war crimes. Disinformation seems a stretch (except, perhaps, insofar as it might be held to constitute incitement, or serve as an element of conspiracy), but disabling cyberattacks against civilian critical infrastructure might be an easier case.

For any of these actions to amount to war crimes--and there's a strong prima facie case that they may--they would have to amount to violations of the laws of armed conflict. The core principles of jus in bello on which that law is based are:

  1. Discrimination (sometimes "distinction"). The requirement to distinguish civilian from military targets, and noncombatants from combatants. Military action is only permissible against combatants and military targets.
  2. Proportionality. The damage and suffering inflicted by military action may not be disproportionate to the legitimate ends sought.
  3. Minimization of suffering ("humanity"). Unnecessary suffering must be avoided.
  4. Military necessity. Actions taken must be militarily necessary, that is, necessary to achieve a legitimate military objective.

The Russian cyber operations Ukraine has under investigation could constitute violations of any or all of these principles. Ukrainian authorities are referring the digital evidence they've collected to the International Criminal Court with a view to eventual prosecution of the Russian personnel and officials responsible.

Lessons from Russia's war: is cyberspace best understood as an operational domain?

EU Reporter notes that the annual report from the European Union's cybersecurity agency, ENISA, describes ways in which Russia's war has driven an increase in cyberattacks. As we've had many occasions to observe, the consequences of those attacks have fallen short of prewar expectations.

SC Magazine reviews arguments for and against treating cyberspace as an operation domain. For millennia there were two such domains: land and maritime. The 20th Century saw the emergence of the third domain, air, and eventually the fourth, space. Over the last two decades cyberspace has come to be regarded as the fifth domain. The essay reviews a number of interesting features of cyber operations as they've appeared in the context of active combat. The issue, as the discussion presents it, is that cyber operations in Russia's war have proven indecisive, and that, were cyberspace to be a proper domain, it would offer the prospect of decisive action. That's not unique to cyberspace, however. It's unusual that action in any one domain would prove decisive. In the 1920s and 1930s, for example, it was widely believed by airpower advocates that air would be the decisive domain, with action on land or sea relegated at best to a supporting role. This prediction was not borne out during the Second World War. Space, while important, has also never proven the locus of decisive military action. US doctrine, at least, has stressed the importance of multidomain operations. There may well be good reasons not to consider cyberspace a fifth operational domain (a 2021 essay in The Strategy Bridge describes them), but lack of decisiveness alone doesn't seem to be one of them.