Humanitarian action in the digital age: Reflections from CYBERUK

It was a privilege to be invited by Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), to participate in a session on leadership through crisis. 

Attending the wider conference was also an invaluable opportunity to learn from and share experiences with the sector, because developments in cybersecurity and digital technologies are raising fundamental questions not only for government, business and society as a whole, but also challenge the very core of how we operate at the ICRC.

How do we handle highly sensitive data of people we serve in conflict zones while also leveraging digital tools to better support them? How do we engage with governments, private companies and individuals who shape much of the digital transformation impacting our operating environment? How do we ensure we are upholding our ways of working and neutrality, independence and impartiality in a digital age? 

These are not abstract questions. They are central to our capacity to fulfil our mission to provide humanitarian assistance to people affected by armed conflict and other violence.

As a more concrete example, keeping our dialogue with warring parties confidential is essential – that includes both with states and non-state armed groups. It helps us secure access across frontlines, keep our colleagues safe and maintain the trust people need to have in us to operate in these dangerous environments. It is important that cybersecurity experts in government and the technology sector understand this. Many of those attending the conference are central to these issues, and I greatly appreciated the exchanges with experts from government and tech and hope to return next year. 

While our organisations may be very different, there are similarities in some of the work we do. Like cybersecurity professionals working to protect citizens and clients, we are working to protect people affected by war and violence. In digital terms, this means ensuring their personal data remains safe – very much a shared objective across organisations, whatever the field of work. Beyond that, for the ICRC, this also means doing what we can to make sure people in conflict zones are better protected from further harm and able to access the essential services they depend on for their health, wellbeing, and livelihoods. Much of this sits offline, but there are an increasing number of digital dimensions, both positive and negative.

Despite these differences, one principle holds true across all sectors: it is always the people who make the difference. 

What I’ve learned in over two decades of humanitarian work with the ICRC, and which we discussed with NCSC’s Richard Horne and Colt Technologies’ Keri Gilder during our panel on leadership through crisis, is that regardless of how much we invest in technology, it is people who ultimately determine outcomes and whether we succeed or fail in our respective missions.

Tweet: https://twitter.com/ICRC_uk/status/2047356315983307155

We must not only strengthen our cybersecurity posture, but we must also realise that the people who lead and support organisations through crises are our most critical assets. That applies whether you are responding to a cybersecurity incident or to a humanitarian crisis.

Ensuring staff are trained and supported on all dimensions of crisis preparedness and management is important. Taking care of them before, during and after every crisis, is essential. 

The way modern wars are conducted is already blurring the lines between combatants and civilians, military and civilian infrastructure, even military and civilian information and data.

It is no longer necessary to have “boots on the ground” or planes overhead to cause civilian harm. Harm can be caused remotely, instantly with a strike of a key, and across borders. When connectivity is disrupted, people lose access to life-saving information. If electricity fails, hospitals, water systems, and other essential services collapse. Disease, injury, and loss of life follow without a single bomb being dropped.

Yet even though cyber operations are transforming warfare, they don’t change the obligation to protect civilians under international humanitarian law (IHL).

Technology is not developed or used in a legal vacuum; IHL applies even in cyberspace. Warring parties should only use weapons which they can control and use in compliance with the law: if it cannot reliably distinguish between civilian and military objects, it must not be used. In fact, it should not even be developed. This places clear responsibility on engineers, developers, states, and companies for the real-world consequences of the technologies they design and deploy. 

Cyber operations can also directly impact our ability to operate. When sensitive data is exposed or manipulated, already vulnerable people face even greater harm. Without secure access to data or reliable connectivity for medical, logistics, and transport systems, our capacity to provide aid quickly and at scale is severely constrained. 

For the ICRC, protecting data and other operational information also means protecting lives, and maintaining the trust we need to access those most vulnerable and those who are in a position to control their fate, which is why we invest heavily in safeguarding it. This is why we are deliberate about the technologies we use and the partners we work with. We must balance the benefits of innovation with strong cybersecurity, while operating in fragile environments shaped by political pressures and infrastructure disruption.

Ultimately, humanitarian action depends on trust, continuity, and the ability to operate under degraded conditions. The key question - one reflected in this year’s CYBERUK discussions - is how we design, secure, and govern technologies that remain reliable and responsible in crisis contexts.

Access to reliable data, information, and connectivity underpins almost everything we do. We all depend on digital technologies to live, learn, work, and run essential services - from governments and businesses to universities and aid organisations.

But technology, data and information are also sources of power and are therefore subject to a political, economic, and military competition in an increasingly polarised world where the mechanisms for international cooperation are under immense pressure. 

This is not a distant or technical issue. It affects all of us, regardless of where we live or what we do. And while that can feel overwhelming, it is important to recognise that everyone has a role to play in shaping how technology is used.

From individuals to private companies, states and armed groups, the way we design, use, and sell technology can make a real difference. We must stay grounded in what it means to be human and let that guide our approach to technology. 

That is why dialogue across sectors is essential – to build common ground and navigate these challenges. It was with this goal in mind, the ICRC through its Global Cyber Hub in Luxembourg launched the Symposium Series in 2022: a geographically inclusive and neutral platform to explore avenues for cross-sectoral and interdisciplinary dialogue and collaboration at the intersection of new technology, cybersecurity, data protection, and humanitarian action.