Digital Threats During Armed Conflicts


The International Committee of the Red Cross (ICRC) has launched its Final Report of the ICRC Global Advisory Board on Digital Threats During Armed Conflicts, outlining 25 recommendations for belligerents, states, tech companies, hacktivist groups and humanitarian organisations.

The timely report is the culmination of two years of work from an esteemed and diverse global advisory group consisting of experts and leaders across the geopolitical spectrum, including from the United States, Russia, China, South Africa, India and Australia.

The global advisory board represents legal, military, policy, technology and security perspectives to establish 25 recommendations to act as concrete steps to protect civilians from digital threats during armed conflict.

Professor Johanna Weaver the sole representative from Australia and founding director of the Tech Policy Design Centre at the Australian National University, is a member of the ICRC’s global advisory board and draws on her experience as Australia’s Independent Expert Chief Cyber Negotiator at the United Nations.

“We are increasingly seeing digital operations as common features of armed conflict. These digital operations are having a direct physical impact on people; for example, malware targeting and shutting down electricity, communications or water infrastructure. I became involved in the ICRC following my work at the United Nations where Australia took a leading role in negotiations that culminated in recognition that existing laws of war apply in cyberspace – a position endorsed by the US, Russia and China and every country at the United Nations. That agreement was momentous, but it was a first step. At the time, we recognised that further study was required – and that is exactly what the ICRC report released today has done. Working with brilliant minds from around the world – all committed to protecting civilians during conflict – to develop this report and outline actionable items was an incredibly rewarding experience.”

In a Keynote address at Singapore International Cyber Week this week Professor Weaver underscored that the ICRC Board, “Based our work on the international consensus is that the established principles and rules of International Humanitarian Law – or the Laws of War – apply to all forms of warfare and all kinds of weapons be they knew or old digital or physical.”

There are four guiding principles underline the ICRC Board’s recommendations including;

  1. Digital space is not a lawless space, including during armed conflict.
  2. Protecting civilians from digital threats requires investment in legislation, policies and procedures.
  3. Political and military leaders should focus on protecting civilians.

“In light of recent and ongoing global events, there has never been a more urgent time for a coordinated, international approach to preventing and mitigating digital threats in times of conflict. From events unfolding in Ukraine, Myanmar, Israel and Gaza, underpinning our international humanitarian legal obligations in a digital space is imperative,” Ms Weaver said.

“Concerningly, we have seen is an increasing number of civilians – including hacktivist groups and private sector companies – participating in armed conflict through digital operations. The report released today contains several recommendations for hacktivist groups, tech companies and states to deepen understanding and adherence to the laws of war (recommendations 5,9 and 16)”.

The report is complemented by the ICRC’s recent publication of ‘8 Rules for Hackers in War, and 4 Obligations of States to Restrain Them’, which provoked an unprecedented response from Killnet (pro-Russian hacktivist group) and the IT Army of Ukraine – with each group confirming that they would follow the 8 rules for hackers in war.

“The laws of war recognise that, even during conflict, when humans are at the worst, there are limits on the way in which harm can be inflicted on the enemy. The UN agreement, the ICRC reports, and the responses from various groups are important demonstrations that these limitations apply equally to cyber and digital operations as they do kinetic operations. This represents a significant step forward in the protection of civilians and the modernisation of the rules of war.”

“Other recommendations in the ICRC report span building resilience against harmful information, upholding the right to freedom of expression, and the protection of journalists (recommendation 8), to tech companies developing products with “safety by design” and maintaining a high level of “cyber hygiene” (recommendation 7) along with segmenting data and communications infrastructure provided for military purposes from civilian ones (recommendation 17).”

“We also have a set of recommendations focused on increasing the collaboration of states, tech companies and humanitarian organisations to work together to protect civilians during times of conflict.”

The ICRC works to protect and assist people affected by armed conflict and other situations of violence – this report is a call to action for belligerents, states, tech companies and humanitarian organisations to support their work.

“With the publication of our report and recommendations, it is now on decision-makers in governments and the private sector to welcome our recommendations and take concrete measures to protect civilians from digital harm.” Professor Weaver said.