Cyber Operations

In late August, the International Criminal Court’s (ICC) chief prosecutor, Karim A. A. Khan, published a little-noticed op-ed with Foreign Policy Analytics discussing the potential for the ICC to prosecute ‘cyberattacks’ as international crimes pursuant to the Rome Statute (RS). A cyberattack, according to the Tallinn Manual 2.0, is a ‘cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects’ (415). Although the RS does not criminalise such conduct directly, Khan has now accepted the position that cyberattacks can constitute violations because they ‘potentially fulfil the elements of many core international crimes as already defined’ (emphasis added). As denoted by this emphasis, the prosecutor considers the established legal framework of the RS to be broad and flexible enough to address cyber activities without requiring new rules to be created or existing norms to be extended to do so (although this possibility is not precluded). Following the publication of this op-ed, a spokesperson for the Office of the…