When Red Cross staff work in conflict zones, their recognisable red-on-white emblems signal they and those they are helping should not be targeted.
Now, as warfare and attacks increasingly move into cyberspace, the organisation wants to create a digital emblem that would alert would-be attackers that they have entered computer systems of the Red Cross or medical facilities.
The International Committee of the Red Cross (ICRC) called Thursday on countries to support the idea, arguing that such a digital emblem would help protect humanitarian infrastructure against erroneous targeting.
“As societies digitalise, cyber operations are becoming a reality of armed conflict,” ICRC’s director-general Robert Mardini said in a statement.
“The ‘digital emblem’ is a concrete step to protect essential medical infrastructure and the ICRC in the digital realm.”
For more than 150 years, the organisation’s distinctive emblems—the red cross and red crescent, and more recently the red crystal—have conveyed in times of conflict that the people, facilities and objects they mark are protected under international law and that attacking them constitutes a war crime.
Potential for abuse?
But to date, there are no such signals in the cyber world.
The ICRC has been mulling this idea for a while, launching a project in 2020 to examine the technical feasibility of creating a digital emblem, and opening consultations to weigh the benefits of such a system against potential for abuse.
Concerns have been raised that such an emblem could risk identifying a set of “soft targets” to malicious actors, making it easier to systematically target them.
Malicious actors could also misuse a digital emblem to falsely identify their operations as having protected status under international law.
But on Thursday, the ICRC presented a new report titled “Digitalising the Red Cross, Red Crescent and Red Crystal emblems”, concluding that the advantages outweighed the risks.
In the foreword, Mardini stressed that cyberattacks on medical facilities and humanitarian infrastructure can have dramatic, and deadly, real-life consequences.
He pointed to a growing numbers of cyberattacks on hospitals since the onset of the Covid-19 pandemic, which “have disrupted life-saving treatment for patients and forced doctors and nurses to resort to pen and paper at a time when their urgent work was needed most.”
And the ICRC itself fell victim to a massive cyberattack last January, in which hackers seized the data of more than half a million extremely vulnerable people, including some fleeing conflict, detainees and unaccompanied migrants.
That attack “was really a massive shock for our institution,” Balthasar Staehelin, ICRC’s director of digital transformation and data, told a conference in Geneva recently.
While stressing that his organisation had long been focused on data protection, Mardini said the “data breach highlighted the urgency of our work in this area.”
“Protecting personal data, and ensuring the availability and integrity of our data and systems in the digital space, is essential to assist and protect people in the real world,” he added.
In the January case, hackers targeted an external company in Switzerland that the ICRC contracts to store data, and it remains unclear if the organisation itself had been intentionally targeted.
If unintentional, the attack could have been averted if the date bore an emblem signalling it was protected under international law, ICRC legal advisor Tilman Rodenhauser said during an event Thursday launching the report.
Such an emblem would provide “an additional layer of protection”, he said, stressing it would “signal to professional cyber operators that they need to stay out, by law and by ethics standards.”
ICRC said it had been working with a number of universities and others to develop possible technical solutions for a digital emblem.
It pointed to several possible approaches, including embedding the emblem in a domain name (for instance www.hospital.emblem), or embedding it in the IP address, with a specific sequence of numbers signalling a protected digital asset.
The organisation stressed though that to make a digital emblem a reality, countries need to agree on its use and incorporate it into International Humanitarian Law, alongside the three physical emblems currently in use.