Could a ‘digital Red Cross emblem’ protect hospitals from cyber warfare?
The International Committee of the Red Cross (ICRC) is proposing applying a “digital Red Cross” marker to certain websites and systems used for medical and humanitarian purposes to protect them from attack, similar to the physical emblems worn by ICRC volunteers and facilities during armed conflicts.
Described in a new report released on Thursday, such an emblem wouldn’t be a substitute for cyberdefense tools – ICRC medics of course still wear protective equipment when in a conflict zone – but is intended to minimize the harms caused during warfare. In an age in which war is likely to have a significant cyber dimension, the proposals in the report attempt to apply a voluntary international system to the online realm.
“With the digitization of society, cyber operations have become a reality of armed conflict,” said Robert Mardini, the ICRC’s director-general. “Our mandate to protect the lives and dignity of victims of armed conflict requires us to understand how these operations can cause harm. The ‘digital emblem’ is a concrete step to protect essential medical infrastructure and the ICRC in the digital realm.”
The idea behind a “digital emblem” is to include some sort of information that the facility being targeted is protected from attack under the Geneva Conventions — four treaties and three additional protocols, ratified in various forms by every state recognised by the UN.
But there are some obvious challenges posed by the technical characteristics of such an emblem, some of which have analogues to the physical use of ICRC emblems, and some of which are entirely unique to the cyber domain.
As the ICRC stated during a press conference in Geneva on Thursday, a lot of ingenuity has historically been applied to extend the original ideas of the 1864 convention into the age of modern warfare — noting in particular how states agreed in 1977 to protect particular radio frequencies in order to convey data about medical facilities and transports, for instance.
Explaining one of the proposals in Geneva, Professor Matthew Smith from the University of Bonn said: “Before I actually talk about the system, I’d like to briefly reiterate the requirements. Like the physical Red Cross, we want it to be easy to deploy and easy to remove – so basically putting a cross on your arm or on a building, anybody can do that.
“And very interestingly, it also needs to be easy to use for the attacker. And this is something absolutely unique – I don’t know this of any other security system – we need buy-in from the aggressors,” he said. “If they aren’t willing to look for the emblem, it won’t work. And that means it has to be designed in such a way that an attacker can look for the emblem without tipping their hand.”
In other words, if a defender on a non-protected system knows that someone has gone searching for the digital Red Cross emblem, then they know that they are being attacked. An attacker may choose therefore to not look for the emblem because to do so would be to be instantly discovered, meaning then they could not discover the emblem on a genuinely protected system.
“So finding the emblem – this is the really tricky computer science part – needs to be invisible for the defender,” said Smith. “So we are actually building a system which is useful for the attacker, not the defender, and that’s unique.”
The report proposes overcoming this challenge by including the emblem as “built in to everyday protocols,” explained Smith, or as the report described it, by including it in “standard information that is checked so frequently that probing for a ‘digital emblem’ will not excite suspicion in the protected entity.”
It identifies three possible technical solutions which would utilize existing infrastructure for a digital emblem while not adding too much of a logistical burden on humanitarian actors to implement them:
- A DNS-based emblem would be a human-readable emblem appended to a domain name (e.g. www.hospital.emblem) that identifies the protected system.
- An IP-based emblem could include a specific sequence of numbers in an IP address to identify protected digital assets and protected messages traversing a network.
- And a proposed ADEM system (Authenticated Digital Emblem) would use certificate chains to signal protection. The certificates would be authenticated by different actors and communicated over different internet protocols.
Both the DNS-based and IP-based system invite particular challenges, with DNS not necessarily offering visibility of the protected status throughout the entirety of the network, and the IP-based envelope system potentially requiring internet registration authorities to agree to a universal approach, which is challenging for political reasons.
The ADEM system on the other hand would have to be distributed, with different authorities signing the emblems, and the attacker choosing which authorities to believe. For instance, if a hospital asked the ICRC to sign its emblem, it would be up tothe attacker to either comply with its authority or not.
“In the end it’s not clever cryptography which will decide whether this works or not, it will be the buy-in from nation states when they want to enforce it,” said Professor Smith. “Because just like the physical Red Cross – which won’t stop a bullet, but might stop someone shooting in the first place – the digital emblem will not stop a digital attack by digital means. It’s an emblem saying ‘do not attack me.’”
There will “likely” be incidents when the emblem is ignored, either by “rogue states” or “commercial hacking operations,” he added. “And then the question is: Are nation states willing to enforce this with more vigor than regular cyber attacks, which happen every day and not much happens? If we take that seriously then I think we have a real shot at changing the way digital warfare can affect medical resources.”