Humanitarian protection and support for victims of war and armed violence, that is the goal of the International Committee of the Red Cross (ICRC). The symbol of the Red Cross is intended to protect aid workers from attack during their missions. Can this symbol also be used for the digital world - and what opportunities and risks are associated with it?
An international team of researchers investigated this question on behalf of the ICRC. Matthew Smith, a computer scientist at the University of Bonn and Fraunhofer FKIE, is a member of this team. Prof. Smith is an expert on the human factor in IT security. Together with other researchers, the scientist now presented the results of their research at the ICRC headquarters in Geneva, Switzerland, and discussed them with numerous representatives from diplomacy, academia and the ICRC.
The study focused on weighing the opportunities and risks of such a digital emblem. The ICRC uses numerous digital technologies, such as satellite images, to obtain an overview for its missions. When searching for missing persons, the International Committee works with highly sensitive data to locate and reunite wanted individuals with their families. Doctors also use digital technologies, for example, to manage rescue missions just behind the front lines.
Important servers hacked
As society becomes increasingly digitized, it makes sense to develop a protective digital emblem for the ICRC that would have a similar impact as the Red Cross on emergency vehicles or hospitals. But according to the International Committee’s experience, there are also risks associated with such an emblem: For example, important servers have already been hacked. So can the protective effect of the Red Cross symbol, which has proven itself in numerous missions, be transferred to the digital world to protect ICRC computers from attacks, for example?
According to the study’s authors, the benefits outweigh the risks. "Since 1864, the Red Cross symbol has protected people and resources from military attack," says Prof. Matthew Smith of the University of Bonn. "It’s time to create a digital equivalent." The ICRC concludes that the digital emblem would bring protection and benefits to the digital infrastructure of medical facilities and Red Cross offices.
Making it as easy as possible for attackers
Prof. Matthew Smith was responsible for the human factor. In his research, Smith focuses primarily on the question of where computer systems are vulnerable because users make mistakes. His approach: people should not have to adapt to computer systems, but computer systems should have to adapt to their users - with all their strengths and weaknesses. "With the ICRC study, this perspective was even more exciting than usual," Smith reports. Normally, the scientist wants to make life as difficult as possible for attackers. "But this time, we need to ensure good usability of the digital emblem for the `attackers.’"
The ICRC plans to use the published report as a basis for further discussions to come to a decision on how to implement the digital emblem. The International Committee is soliciting global support. For the digital emblem to be implemented, states must endorse its use. The ICRC estimates that hacking operations in armed conflicts will continue to increase.
The ICRC is working with the Center for Cyber Trust (a joint project of ETH Zurich and the University of Bonn), Johns Hopkins University, and Saint Petersburg State University of Information Technologies, Mechanics, and Optics (ITMO) to develop the technological solutions needed to identify the digital infrastructure of protected facilities in cyberspace. In parallel, the ICRC, together with the Australian Red Cross, brought together cybersecurity companies, former government officials, former cyber actors, medical and humanitarian ICT professionals, representatives of national Red Cross and Red Crescent societies, experts in the field of criminology, and white-hat hackers to solicit their opinions on possible solutions and the associated risks and benefits.