ANALYSIS OF CYBER-ATTACKS ON UKRAINIAN POWER GRID SYSTEMS IN THE CONTEXT OF ARMED CONFLICT IN DONBAS

В. В. Музика
2020 Constitutional State  
Attribution of cyber-attacks committed by non-state actors is not an easy task; however, it is far from impossible. Being unable to apply the effective control test to invoke state responsibility for state-sponsored cyber-attacks, states have started relying upon multitude of factors for the purpose of public attribution. This approach is not a solution due to political nature of public attribution. By example of Ukraine author demonstrates the potential danger of cyber-attacks against critical
more » ... infrastructure and the need of attribution. The 2015 and 2016 attacks on Ukrainian power grid systems evidence that private actors posses resources and knowledge to attack the vital objects of critical infrastructure. The article contains the analysis of committed cyber-attacks in the context of armed conflict. Author concludes that these attacks are linked to the armed context in Donbas and stresses out on the need to create an independent body responsible for attribution. Keywords: cyber-attack; attribution; attacks on Ukrainian power grid systems; industrial systems; critical infrastructure. Problem statement. The danger and potential effects of cyber-attacks cannot be overestimated, especially when industrial systems are their main target. Our dependence on industrial systems is indisputable - they are not merely underpinning our everyday lives, but became an important part of it. This article deals with the problem of attribution of cyber-attacks on power grid systems, which distribute electricity to population, keeps heating on and a state economy running. To date, it is almost impossible to attribute a state-sponsored cyber attack by virtue of effective control test, even though cyber-attacks on objects of critical infrastructure may cause humanitarian crisis and millions of deaths. Moreover, without power grid systems operating in a proper way, a country and its people may face the lack of food, medical care, drinking water, heating or cooling during winter or summer respectively. Increasing number of cyber-attacks shows that hackers became more skillful in attacking industrial systems, notwithstanding the fact that such systems are relatively disconnected from the Internet. Aside from attacks on Ukrainian power grids, cyber-attacks on industrial systems have been committed in other countries. In particular, attacks on Johannesburg electricity supply in South Africa, a nuclear facility in India, as well as attacks at a steel mill in Germany and a petrochemical company in Saudi Arabia - to name just a few. Cyber-attacks become more and more sophisticated, and most probably attackers receive support from governments due to resources used and plenty of time required for commission of such cyber-attacks. But what distinguishes attacks on Ukrainian power grids is their context, since they are the only attacks committed within the course of armed conflict. Thus, such attacks could have amounted to war crimes [16, p. 391]. Since prohibition of war crimes and other international crimes have jus cogens status and erga omnes character [1], international community must put best effort to prevent its commission via cyberspace and carry out technical and legal attribution of cyber-attacks. Analysis of the latest researches and publications. Cyber-attacks attribution is an issue actively discussed by legal scholars and experts of cyber and IT firms due to partially technical nature of this issue. Among law scholars, there are number of scholars whose works
doi:10.18524/2411-2054.2020.39.212983 fatcat:rpcfjwof5rd53hhgz5lulzu3ni