ICRC Introduces Rules of Engagement For Civilian Hackers Amidst Escalating Cyber Conflicts

The International Committee of the Red Cross (ICRC) has taken a groundbreaking step by publishing a set of rules of engagement for civilian hackers involved in conflicts. The move comes in response to the alarming rise in patriotic cyber-gangs, a trend exacerbated by the Russia-Ukraine conflict, and aims to mitigate the devastating impact of cyber-attacks on civilian infrastructure and lives.

The ICRC’s eight rules of engagement, based on international humanitarian law, include prohibitions on directing cyber-attacks against civilian objects, using malware or tools that spread uncontrollably, and conducting cyber-operations against medical and humanitarian facilities. The rules also emphasise the importance of minimising the effects of cyber-attacks on civilians and avoiding threats that spread terror among the population.

Based on international humanitarian law, the rules are:

1. Do not direct cyber-attacks against civilian objects
2. Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately
3. When planning a cyber-attack against a military objective, do everything feasible to avoid or minimise the effects your operation may have on civilians
4. Do not conduct any cyber-operation against medical and humanitarian facilities
5. Do not conduct any cyber-attack against objects indispensable to the survival of the population or that can release dangerous forces
6. Do not make threats of violence to spread terror among the civilian population
7. Do not incite violations of international humanitarian law
8. Comply with these rules even if the enemy does not

Dr. Tilman Rodenhäuser, a legal adviser at ICRC, highlighted the growing threat posed by large hacking groups disrupting essential services such as banks, hospitals, pharmacies, and government services. He emphasised that the ICRC’s intervention aims to protect lives and uphold humanitarian values in the face of escalating cyber conflicts.

The ICRC is specifically targeting hacking groups involved in the Ukraine conflict, where blurred lines between civilian and military hacking have led to the emergence of groups like the IT Army of Ukraine. This group, with 160,000 members on its Telegram channel, has been encouraged by the government to attack Russian targets and has refrained from targeting healthcare facilities but acknowledges unavoidable civilian impact.

However, some hacking groups have openly expressed their intention to ignore the ICRC’s rules. Representatives from groups like Killnet, which has 90,000 supporters on its Telegram channel, questioned the authority of the Red Cross, indicating a reluctance to adhere to the newly established regulations. 

Similarly, Anonymous Sudan, involved in attacks against technology companies and government services, dismissed the rules as unviable, arguing that breaking them was unavoidable for their cause and prominent hacking group Anonymous collective have stated that while they had traditionally adhered to principles outlined by the ICRC, they had lost confidence in the organisation and would not be abiding by its newly established regulations.

This development highlights the complex challenges faced by international organisations in regulating cyber warfare, especially when dealing with non-state actors. As cyber conflicts continue to escalate globally, the ICRC’s attempt to establish guidelines for civilian hackers underscores the urgent need for international cooperation and regulation in the digital realm to safeguard civilian lives and infrastructure.

Kiki Garba

Follow us on: