Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Red Cross Eyes Digital Emblem for Cyberspace Protection

When Red Cross staff work in conflict zones, their recognizable red-on-white emblems signal that they and those they are helping should not be targeted.

When Red Cross staff work in conflict zones, their recognizable red-on-white emblems signal that they and those they are helping should not be targeted.

Now, as warfare and attacks increasingly move into cyberspace, the organisation wants to create a digital emblem that would alert would-be attackers that they have entered computer systems of the Red Cross or medical facilities.

The International Committee of the Red Cross (ICRC) called Thursday on countries to support the idea, arguing that such a digital emblem would help protect humanitarian infrastructure against erroneous targeting.

“As societies digitalize, cyber operations are becoming a reality of armed conflict,” ICRC’s director-general Robert Mardini said in a statement.

“The ‘digital emblem’ is a concrete step to protect essential medical infrastructure and the ICRC in the digital realm.”

For more than 150 years, the organisation’s distinctive emblems — the red cross and red crescent, and more recently the red crystal — have conveyed in times of conflict that the people, facilities and objects they mark are protected under international law and that attacking them constitutes a war crime.

– Potential for abuse? –

But to date, there are no such signals in the cyber world. 

The ICRC has been mulling this idea for a while, launching a project in 2020 to examine the technical feasibility of creating a digital emblem, and opening consultations to weigh the benefits of such a system against potential for abuse.

Concerns have been raised that such an emblem could risk identifying a set of “soft targets” to malicious actors, making it easier to systematically target them. 

Malicious actors could also misuse a digital emblem to falsely identify their operations as having protected status under international law.

But on Thursday, the ICRC presented a new report titled “Digitalizing the Red Cross, Red Crescent and Red Crystal emblems”, concluding that the advantages outweighed the risks.

In the foreword, Mardini stressed that cyber-attacks on medical facilities and humanitarian infrastructure can have dramatic, and deadly, real-life consequences.

He pointed to a growing numbers of cyber-attacks on hospitals since the onset of the Covid-19 pandemic, which “have disrupted life-saving treatment for patients and forced doctors and nurses to resort to pen and paper at a time when their urgent work was needed most.”

– ‘Massive shock’ –

And the ICRC itself fell victim to a massive cyber-attack last January, in which hackers seized the data of more than half a million extremely vulnerable people, including some fleeing conflict, detainees and unaccompanied migrants.

That attack “was really a massive shock for our institution,” Balthasar Staehelin, ICRC’s director of digital transformation and data, told a conference in Geneva recently.

While stressing that his organization had long been focused on data protection, Mardini said the “data breach highlighted the urgency of our work in this area.”

“Protecting personal data, and ensuring the availability and integrity of our data and systems in the digital space, is essential to assist and protect people in the real world,” he added.

In the January case, the ICRC told AFP it had determined it was intentionally targeted “because the attackers created a piece of code designed purely for execution on the targeted ICRC servers.”

A digital emblem would therefore likely not have done much to avert that attack, but in many cases, it would provide “an additional layer of protection,” ICRC legal advisor Tilman Rodenhauser said during an event Thursday launching the report.

It would, he said, “signal to professional cyber operators that they need to stay out, by law and by ethics standards.”

ICRC said it had been working with a number of universities and others to develop possible technical solutions for a digital emblem.

It pointed to several possible approaches, including embedding the emblem in a domain name (for instance www.hospital.emblem), or embedding it in the IP address, with a specific sequence of numbers signalling a protected digital asset.

The organisation stressed though that to make a digital emblem a reality, countries need to agree on its use and incorporate it into International Humanitarian Law, alongside the three physical emblems currently in use. 

Related: Hackers Had Access to Red Cross Network for 70 Days

Related: Red Cross Appeals to Hackers After Major Cyberattack

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...