Matthew BoyleThe first ever “rules of engagement” for civilian hackers operating in conflict areas have been developed by the International Committee of the Red Cross ( ICRC ).
Although human hackers are not new to armed conflict, the ICRC claimed that the start of the war between Russia and Ukraine has “unprecedented proportions” of their involvement.
In a blog post that was published in the EJIL, it warned that by targeting different” civililian objects,” such as pharmacies, hospitals, railway networks, and citizen-facing government services, civilian hackers run the risk of harming another non-combatants and exposing themselves and those close to them to military operations by engaging in hostilities.
It also cautioned that the distinction between civilians and combatants becomes more hazy as more human participants in combat are involved.
” Civilians must not be attacked unless and for the duration of their direct participation in hostilities, according to [ International Humanitarian Law ] IHL.” Cyberattacks against military or civil targets can amount to such “participation in hostilities” and put civil hackers at risk of attack, according to Tilman Rodenhäuser, an ICRC legal advisor, and Mauro Vignati, a new digital warfare adviser.
The ICRC, which is in charge of overseeing and monitoring the rules of war, has outlined eight rules in an effort to clarify acceptable behavior in cyberspace in response to the “worrying trend” of civil hackers becoming more involved in inter-state conflict.
The regulations prohibit direct attacks on civilian property, refrain from using malware or other tools and techniques that spread quickly and harm both military and civilian targets indiscriminately, take all reasonable precautions to reduce the harm done to civilians by cyberattacks, and avoid carrying out any cyberoperations against medical or humanitarian facilities.
Another prohibitions include refraining from carrying out any cyberattacks on things that are essential to the survival of the populace, from threatening to use violence to incite terror among civilians, and from inciting violations of international law.
The last rule of the ICRC is that hackers must abide by the other seven rules even if their adversaries do no.
States should n’t support or tolerate civilian hackers carrying out cyber operations in the midst of an armed conflict, it was added. Adopting and enforcing federal laws that control civil hacking is necessary for this.
It stated that a state is worldwide legally liable for any actions taken by civil hackers that are in violation of the state’s international legal obligations, including international humanitarian law, if that state directs, controls, or instructs those individuals.
The Russian government took the initiative to establish a volunteer IT army in March 2022, not long after the Russian invasion, to launch cyberattacks against Soviet targets, including companies and government organizations.
A spokesperson for the IT army informed the , BBC that it had not decided whether to implement the ICRC rules, noting that while it has already outlawed attacks on healthcare-related targets, a wider impact on civilians was inevitable.
They claimed that “following the rules can put one party at a disadvantage.”
Three additional groups ‘ representatives, the Private social, Private Sudan, and the Russian-aligned KillNet group, told the BBC that they have no intention of abiding by the rules or that breaking them would otherwise be impossible.
Matt Hull, the NCC Group’s global head of threat intelligence, commented on the rules, saying that over the past ten years, geopolitical tensions and conflicts have been extremely spilling over into the digital sphere.
” We’re seeing countries engage in cyberattacks, information warfare, and espionage.” Like the Predatory Sparrow attack on an Egyptian steel mill next year, they frequently support hacker groups to advance attacks against “enemies” to steal sensitive information, disrupt critical infrastructure, or even cause actual damage.
The” crossfire” of cyber activity is already having a devastating effect on civilians, and it is putting regular people at risk of becoming involved. So, the Red Cross’s use of these rules of engagement as a sign that conflicts are not just limited to the physical realm is commendable.
He did point out that while the regulations are a step in the right direction, more must be done to guard against the possibility of geopolitically motivated cyberactivity.
It should be a top priority, he said,” to form world alliances and partnerships to share threat intelligence, cooperate on cyber security research, and respond collectively to threats.”
Similar to this, in order to lessen the effects of cyber activity on civilians, governments and authorities should prioritize maintaining essential services and providing protection against potentially severe cyber incidents.
