Digital Front Lines

  1. Cyber Operations
  2. Multistakeholder Responses
  3. Future Hybrid Wars

Few principles carry as much weight and consensus as the cardinal principle of distinction in international humanitarian law (IHL). During armed conflicts, the deliberate targeting of civilians and civilian objects is strictly prohibited—be it through conventional weaponry or cyber operations. Every day, the International Committee of the Red Cross communicates with warring parties involved in more than 70 armed conflicts worldwide, reminding them of this absolute obligation. It applies to all armed conflicts, including those in Syria, the Sahel, and Ukraine—the last of which has seen cyber operations on an unprecedented scale and variety.

On the digital front lines, two issues worry us in particular and must be addressed to ensure that civilians are kept off-limits in today’s and future wars.

1. Unlawful Cyber Operations Targeting Civilians

Belligerents are using cyber operations not only against their adversaries but also to target civilians. As a result, new risks arise for populations that are already enduring the horrors of war: Hospital computers in war-ravaged countries no longer serve their purpose, electricity networks switch off, and the servers of humanitarian organizations are no longer available.

Cyberspace is not a lawless space; accountability is important to prevent and prosecute violations of IHL. But protecting civilians needs to start earlier. Upholding the law and translating it to the digital age must start in each country, ensuring robust protection for civilians, their assets, and their data in our digitalized societies.

2. A Growing Involvement of Civilian Actors—Individuals, Hacker Groups, and Companies—in Digital Operations Related to Armed Conflicts

This troubling trend blurs the distinction between military and civilian domains and risks eroding the principle of distinction and exposing civilians to new dangers. What should be done to mitigate these risks?

First, states must stop turning a blind eye to private hackers who target civilians. At minimum, states must do what is in their power to ensure that anyone who conducts cyber operations in relation to an armed conflict on their behalf or from their territory respects IHL.

Second, we must beware of the risks that arise when civilians collect battlefield information. Smartphone apps have been developed to encourage civilians to report enemy operations by feeding location-tagged images or videos to the military. While legal experts underline that using apps to collect such information does not automatically make civilians a lawful target, reports suggest that civilians have been shot for being spotted with their smartphones close to military positions. States should refrain from encouraging civilians to participate in hostilities, or at the very least ensure that civilians are aware of the risks and how to protect themselves.

Third, military data and services should not be mixed with civilian ones. The ability and agility of tech companies to respond to cyber operations have been praised, but what unintended consequences arise when they defend infrastructure against military operations or provide cloud storage and communication infrastructure to belligerents? Using civilian infrastructure and services for military purposes exposes them to cyber and kinetic attacks. Concrete measures must be taken to prevent these risks. States should avoid storing military data on nonsegmented civilian clouds and minimize the use of civilian communication infrastructure for military purposes.

What Next?

The growing involvement of civilians and the targeting of civilian objects in digital operations expose populations to new harms and risk undermining the universally supported principle of distinction. We must reverse this trend.

Forthcoming recommendations from the ICRC’s Global Advisory Board on protecting civilians against digital threats aim to ignite a conversation among governments, companies, and civil society. Together, we must ensure that civilians are shielded from the perils of the digital front lines.

Dr. Cordula Droege is the Chief Legal Officer and head of the legal division of the International Committee of the Red Cross, where she leads the ICRC’s efforts to uphold, implement, and develop international humanitarian law. She joined the ICRC in 2005 and has held a number of positions in the field and at headquarters, including as head of the legal advisors to operations and most recently as Chief of Staff to the President of the ICRC.