Geneva: When Red Cross staff work in conflict zones, their distinctive red-on-white badges indicate that they and those they are helping should not be targeted.
Now, as wars and attacks increasingly move into cyberspace, the organization wants to create a digital banner that will alert potential attackers that they have entered the computer systems of the Red Cross or medical facilities.
On Thursday, the International Committee of the Red Cross called on countries to support the idea, arguing that such a digital badge would help protect humanitarian infrastructure from wrongful targeting.
“As societies become digitized, cyber operations are becoming a reality in armed conflict,” ICRC Director General Robert Mardini said in a statement.
“The ‘digital badge’ is a concrete step to protect essential medical infrastructure and the ICRC in the digital world.”
For more than 150 years, the organization’s distinctive emblems – the Red Cross, Red Crescent, and, more recently, the Red Crystal – have conveyed in times of conflict that the people, facilities and objects it identifies are protected under international law and that attacking them constitutes a war crime.
But so far, there are no such signs in the online world.
The ICRC has been studying this idea for a while, launching a project in 2020 to study the technical feasibility of creating a digital logo, and opening a consultation to weigh the benefits of such a system against the potential for abuse.
Concerns have been raised that such a banner could risk identifying a group of “soft targets” for malicious actors, making it easier to target them systematically.
Malicious actors may also misuse the digital logo to falsely identify their operations as having protected status under international law.
But on Thursday, the ICRC presented a new report, “The Digitization of the Red Cross, Red Crescent and Red Crystal Emblems,” in which it concludes that the benefits outweigh the risks.
In the introduction, Mardini stressed that cyberattacks on medical facilities and humanitarian infrastructure can have severe and fatal consequences in real life.
He noted the increase in cyberattacks on hospitals since the onset of the COVID-19 pandemic, which have “disrupted life-saving treatment for patients and forced doctors and nurses to turn to pen and paper at a time when their urgent work is essential.”
The ICRC itself fell victim to a massive cyberattack last January, in which hackers seized the data of more than half a million vulnerable people, including some fleeing conflict, detainees and unaccompanied migrants.
This attack “was really a massive shock to our organisation,” said Balthazar Staelen, director of digital transformation and data for the International Committee of the Red Cross, at a conference in Geneva recently.
While stressing that his organization has long been focused on data protection, Mardini said the “data breach highlighted the urgency of our work in this area.”
“Protecting personal data, and ensuring the availability and integrity of our data and systems in the digital space, is essential to helping and protecting people in the real world,” he added.
In the January case, hackers targeted an offshore company in Switzerland that the ICRC contracts to store data, and it remains unclear whether the organization itself was targeted intentionally.
If it was unintentional, the attack could have been avoided if the date bore an emblem indicating it was protected under international law, ICRC legal adviser Tilman Rodenhauser said during Thursday’s event to launch the report.
He said such a badge would provide “an additional layer of protection,” stressing that it would “signal to professional internet operators that they need to stay out by law and ethical standards.”
The ICRC said it is working with a number of universities and others to develop possible technical solutions for a digital badge.
He pointed out several possible approaches, including including the logo in the domain name (eg www.hospital.emblem), or including it in the IP address, with a specific sequence of numbers indicating a protected digital asset.
The organization stressed that to make the digital logo a reality, countries need to agree on its use and its incorporation into international humanitarian law, along with the three physical logos currently in use.