Kudzayi Chipidza discusses how information systems and cyberspace have become a battlefront during wartime. He highlights the need for internationally adopted cyber war crime legislation.

Contribution by: Kudzayi Chipidza is a technology enthusiast running a digital creative studio start-up company. He sits on the IITPSA Board of Directors and a member of the IITPSA Social & Ethics Committee. He has attained the Professional Member designation of the IITPSA. Kudzayi holds a Bachelor’s Degree in Technology Management and Master’s Degree in Business Administration.

If you have been sparsely following current affairs, then you must be aware of the relatively recent Russia/Ukraine and Israel/Hamas conflicts. To the casual observer, these wars have been playing out on three fronts, land, sea and air. But, if you take a closer look, a fierce war is being waged in cyberspace.

Cyberspace is the fifth common space, after land, sea, air, and outer space — according to a 2016 paper “Geneva Declaration for Cyberspace” by S. Schjolberg. They envisage that “a global framework on cybersecurity and cybercrime is necessary for harmonizing measures against risks and threats in cyberspace, and may reduce the cybersecurity digital divide for developing countries”

In February of 2022, a British national agency, National Cyber Security Center(NCSC) alleged that Russia engineered a cyber attack on an satellite internet service provider called Viasat. A month prior to this incident, a number of Ukrainian government websites were defaced and were rendered unusable. In the months that followed, a destructive malware called WhisperGate wreaked havoc on online systems across Europe, particularly those of Ukrainian businesses.

Civilian infrastructure such as power grids, water supply, municipal facilities, banks and even hospitals have been aimed at and come under ‘digital fire’. Hacked, defaced and in some cases, completely shut down.

Earlier this year, a Bloomberg article, “Israel Quietly Embeds AI Systems in Deadly Military Operations” explained how the capabilities of Artificial Intelligence(AI) are being weaponized to efficiently ‘neutralise targets’ in the Gaza strip. In the midst of this conflict, online hacker vigilante groups, which are often anonymous, have been reported to be collaborating and launching distributed denial-of-service(DDOS) attacks on online Israeli military systems and media companies.

Pro-Israel groups have retaliated, launching counter DDOS, phishing, malware and spamware attacks. These have been targeted at various entities such as aid agencies that are supplying food and medical assistance to civilians in the Gaza strip. Medical Aid for Palestinians, UK-based Mercy to Humanity have both reported cyberattacks that have adversely affected their operations.

Mobile apps designed to warn civilians of imminent rocket bombardment, coordinate evacuations and organize aid distribution have been hacked and their integrity compromised.

Researchers have observed that, in as much as there are alleged state-sponsored cyber crimes being perpetrated by either of the warring sides and their allies, the significant amount of cyberattacks are being orchestrated by hacktivist groups. Tech-savvy individuals who anonymously collaborate online to carry-out cyberattacks against whichever side they believe is ‘wrong’ and in solidarity with whichever side they believe is ‘right’.

Although the IITPSA Code of Ethics is premised on individual IT professionals and not organisations or states, some utility can still be drawn from it. Afterall, organisations and states are made up of individuals. Clause 1.2 describes how IT professionals ought to avoid any harm. Any actions in their work that cause negative consequences. It impresses on seemingly well-intended actions that can be the cause of suffering.

To date, there is no internationally adopted cyber legislation, a sort of ‘Geneva Convention’ for cyber warfare and cyber war crimes. Nonetheless, the International Criminal Court (ICC) in the Hague has recently expressed their intention to enforce consequences on any individual, group or state that digitally compromises civilian infrastructure during war. An article by online publication WIRED explains how the ICC will prosecute cyber war crimes.

The perpetuation of cyber war crimes may not be curtailed by the consequence of prosecution by the ICC, but a Geneva Convention on cyber war crimes could be the legislative reference instrument to protect civilian online infrastructure during war.