Red Cross Wants to Create ‘Digital Emblem’ to Dissuade Hackers
The International Committee of the Red Cross (ICRC) is looking for global support to create a “digital red cross/crescent emblem,” according to a Nov. 3 article. The emblem would symbolize to militaries and other hackers that they have breached the computer systems and medical facilities or Red Cross offices.
The article says that “The proposed digital emblem would signal to anyone trying to enter or attack those computer systems that the systems and data they hold are protected from any harm under international humanitarian law in times of armed conflict.”
Further, “Following extensive research, the ICRC on 3 November launched a new report titled Digitalizing the Red Cross, Red Crescent, and Red Crystal emblems, that the proposed digital Red Cross emblem would bring protections and advantages for the digital infrastructure of medical and Red Cross offices.”
The ICRC is calling on states, members of the Red Cross and Red Crescent Movement, and IT experts to come together to develop ways to protect medical and humanitarian services from bad actors during armed conflict. A digital emblem would signify to those conducting cyber operations to identify and spare protected facilities, like a red cross or crescent on a hospital roof does in the physical world.
“To make a digital emblem a reality, states need to agree on its use and make it part of International Humanitarian Law, alongside the three emblems currently in use,” adds the article. “The ICRC has just launched a process to facilitate exchanges among states to ensure that medical and humanitarian organizations remain protected in times of armed conflict—online as well as offline.”
Additionally, the article says that as militaries are continuing to develop more advanced cyber capabilities, cyberattacks during armed conflict are expected to increase.
The article states that “Together with several partners, the ICRC has identified three possible technical solutions for a digital emblem:
- A DNS-based emblem. This would use a special label to link the "digital emblem" to a domain name (e.g., www.hospital.emblem). This would be a simple, human-readable "digital emblem" that identifies the protected system.
- An IP-based emblem. This type of emblem would require embedding semantics in IP addresses to identify both protected digital assets and protected messages traversing a network. This type of emblem would use part of the IP address, meaning a specific sequence of numbers, to identify both protected digital assets and protected messages traversing a network.
- A so-called ADEM system (Authenticated Digital Emblem) uses certificate chains to signal protection. In this approach, these certificates can be authenticated by different actors and communicated over different Internet protocols.”
The article concludes by saying that “The ICRC is working with the Center for Cyber Trust (a joint endeavor of ETH Zurich and the University of Bonn), Johns Hopkins University, and the ITMO University of Saint Petersburg to develop the necessary technological solutions for identifying the digital infrastructure of protected facilities in cyberspace. In addition, the ICRC, together with the Australian Red Cross, brought together cybersecurity companies, former government officials, former cyber operators, medical and humanitarian ICT experts, representatives of other Red Cross Red Crescent National Societies experts with a background in criminology, and white-hat hackers to solicit their views on potential solutions and the risks and benefits involved.”