Image: Ministry of Defense of Ukraine (CC-BY-SA-2.0)

Ukraine cyber chief: Destructive cyberattacks should be referred to International Criminal Court

SAN FRANCISCO — Ukraine’s chief of cyber and information security said destructive Russian cyberattacks on critical infrastructure should be referred to the International Criminal Court.

During a panel at the RSA Conference here, Illia Vitiuk, chief of the department of cyber and information security within Ukraine’s Security Service, told assistant director of the FBI’s cyber division Bryan Vorndran that he believes Russian military commanders responsible for cyberattacks on infrastructure like schools and power plants should be charged and convicted as war criminals.

“We count all of the cyberattacks, take material evidence from them and put them into criminal cases in order to convict the people responsible. We don’t only want the people sitting at the keyboard but also we want their commander convicted,” he said.

“We already have some examples, where in 2021 [Ukraine courts] convicted eight FSB officers that were responsible for thousands of cyberattacks on Ukrainian infrastructure. We were able to penetrate their systems and examine the tools used for each attack.”

Vitiuk acknowledged the difficulty in attributing cyberattacks to specific people but said his team was constantly collecting information on Russian incidents in an effort to prove what he called “cyber war crimes.”

“This is something new. They should also go to ICC — International Criminal Court — and they should be considered as war crimes as well. They should be punished. This is very important for our future,” he added.

Vitiuk did not elaborate on which specific attacks constituted war crimes but noted throughout the panel that several cyberattacks preceded missile strikes – blurring the line between kinetic and cyber incidents.

Alex Kobzanets, the FBI’s assistant legal attache at the U.S. Embassy in Kyiv, noted that the National Police of Ukraine have reached out to them for assistance in war crime investigations.

Kobzanets said the “biggest priority” for the U.S. government and U.S. ambassador is assisting Ukrainian officials in war crime investigations.

“In some of our meetings, we're discussing ways the FBI could be useful. Obviously, our state-of-the-art laboratories could provide some analysis of DNA, analysis of body parts that might be related to battlefields and unfortunately in mass graves but also… big data issues of the Ukrainian Army and the police,” he said.

Kobzanets went on to reference the FBI’s work investigating the January 6, 2021 attack on the Capitol Building as an example of the kind of analysis they are providing Ukrainian officials in their quest to prove a range of war crimes that includes cyberattacks.

Vitiuk is not the first Ukrainian official to broach the topic of Russian cyberattacks being considered war crimes. In January, senior Ukrainian cybersecurity official Victor Zhora told Politico that he also believes the cyberattacks that preempted physical missile strikes constitute war crimes.

Whether or not cyberattacks qualify as war crimes under the Rome Statute – the treaty that established the International Criminal Court – has been a hotly debated topic for years as more nation states gain the capability to cause real-world harm.

Some experts have said there is no doubt that the kind of cyberattacks Russia is launching against Ukrainian energy infrastructure – particularly during brutal winter months – would be classified as war crimes.

But others have questioned whether direct harm to civilians could ever be proven in court.

The International Criminal Court did not respond to requests for comment but told Wired last year that it was considering the request to examine whether Russian government attacks could be considered war crimes.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.