The Red Cross has a solution to protect hospitals from cyber attacks
Physical emblems, those worn by humanitarian and medical personnel in field wars, have exactly this function: to highlight the protection by international humanitarian law of specific actors in conflict zones. Intentionally targeting people or structures that display symbols recognized by the Geneva Conventions (such as the Red Cross or Red Crescent) is a war crime. How to translate, the ICRC analysts wondered, this legal mechanism, in an increasingly hybrid context of war, which sees conflicts on the ground developing in parallel with digital conflicts? The discussion is not new: academics and legal experts have discussed, over the last ten years, the possible forms and possible specific objectives of the "Digital Red Cross".
Technical solutions
In partnership with some research institutes, IRCR has identified four possible technical solutions to translate the concept of "digital symbol" into practice. The first hypothesis identified is that of inserting a file into the computer system: humanitarian protection would then be signaled through the simple presence of the file, or through instructions contained therein. This is a rather simple solution, but also prone to abuse by malicious actors: it would not be difficult to forge the file and insert it even in systems that do not enjoy the expected protection.The second hypothesis is that of a symbol based on DNS (the domain name system, the system that makes website domains work, a sort of Internet “telephone directory”). In this case, the symbol would be associated with a specific domain, which identifies the protected system. An example would be www.icrc.emblem. In this way, the emblem would be easy to read and identify for all parties involved. On the other hand, however, it would require a priori authorization for its use, which would involve all institutions that deal with Internet governance at a global level.
The third possibility illustrated by the experts is a report via the IP address. This would mean embedding a specific sequence in an IP address to allow all digital assets and messages crossing a network to be identified as protected. However, even this approach would require global negotiation for shared standards, which could be complicated for political reasons.
The latest proposal illustrated in the report is that of a symbol authenticated by different actors and certified through different Internet protocols. The symbol could be authenticated both by the organizations themselves and by third-party authorities. A political problem therefore arises once again: the legitimacy of certificates produced by small organizations could be questioned, as well as conflicts between certifying authorities, especially in areas of high political instability. “Those who need to verify an emblem will be able to choose which authority to credit (for example, a self-signed emblem, an organizational emblem, or only emblems approved by a trusted authority),” the report explains. In short, all the proposed solutions present some critical points, both from the point of view of technical implementation and political opportunity.
