ICRC statement on existing and potential threats in the sphere of information security

Statement given by Véronique Christory, ICRC’s Senior Arms Control Adviser, at the Fourth substantive meeting of the Open-Ended Working Group on security of and in the use of information and communications technologies 2021-2025 in New York
News release 06 March 2023 United States of America

Excellencies, dear colleagues,

The International Committee of the Red Cross (ICRC) is grateful for the opportunity to participate in this fourth session of the Open-Ended Working Group.

As a neutral, impartial and independent humanitarian organization, we have been closely monitoring the use of information and communication technologies in armed conflict. Today, we would like to bring to your attention two trends in existing and emerging threats that we believe are important for this working group. These two trends deepen our concerns about the increasing threat to civilians and to civilian infrastructure resulting from the digitalization of societies and warfare.

The first trend has existed for several years, namely cyber operations against civilian infrastructure, such as power plants, medical facilities, civilian e-governance systems, and private companies. As the OEWG expressed in its 2021 report, these operations risk having ‘potentially devastating security, economic, social and humanitarian consequences’. We would like to reiterate the threat that such operations pose to humans: the more societies use and rely on digital apps, devices, industrial control systems and networks, the more vulnerabilities exist and risk being targeted and disrupted.

The second trend concerns the growing involvement of civilians in digital operations during armed conflicts and the use of digital civilian infrastructure for military purposes. This trend manifests in several ways.

For civilians, digital technologies have seemingly lowered the threshold for engaging in digital operations in support of warring parties. While people may be physically remote from the theatre of hostilities, they are only one click away from the digital battlefield. In several conflicts, civilians have decided, or been encouraged to use ICT devices to take part in cyber operations that rely on mass participation, and seemingly private hacker groups have been instructed – or tolerated – to conduct operations linked to ongoing armed conflicts.

These operations have two worrying commonalities:

One, when civilians conduct cyber operations in relation to an armed conflict, there is a real risk that they get caught in digital and physical hostilities and suffer harm. States need to be conscious of these risks, especially when asking civilians to support digital operations during armed conflicts.

And two, on many occasions civilians have targeted their ICT operations against civilian objects. States have an obligation to ensure that even civilians respect IHL, in particular that they do not conduct cyber operations against civilians Moreover, providing digital tools to civilians or tolerating hacking groups to conduct their operations risk long-term destabilization. When conflicts between regular armies stop, who will control the non-State actors that are increasingly equipped and able to conduct harmful operations?

The ICRC is also concerned about a growing threat of damage to digital civilian infrastructure and services that are used for military purposes. Much of the Internet infrastructure was not designed with sufficient consideration of separating military and civilian use. This means that the more the military is relying on cables, satellites or clouds that are otherwise civilian, the more likely it becomes that such infrastructure is being targeted in times of armed conflict, with significant adverse consequences for civilians. International law provides protection for civilian infrastructure, but these protections are not absolute, in particular when civilian infrastructure is used for military purposes. It does not matter whether infrastructure and service are publicly or privately owned, whether they are used in offence or in defense – the harm to civilians will be similar.

One way to halt this worrying development could be to increasingly separate Internet infrastructure used by the military from civilian infrastructure, and to refrain from using civilian infrastructure and services for military purposes. Separation will not be absolute – but technically, stronger separation is feasible. It is a political choice to move into this direction.

Thank you


For more information, please contact:

Yuriy Shafarenko, ICRC New York,
yshafarenko@icrc.org or +1 917 631-1913