Cyber threats impacting the safety and dignity of civilians in conflict

Cyber threats impacting the safety and dignity of civilians in conflict

Statement by the International Committee of the Red Cross (ICRC), delivered by Veronique Christory, Senior Arms Advisor, on the Existing and Potential Threats in the Sphere of Information Security, Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies 2021-2025, New York, 5 March 2024
Statement 05 March 2024 United States of America

Excellencies, dear colleagues,

The International Committee of the Red Cross (ICRC) is grateful for the opportunity to participate in this session of the Open-Ended Working Group.

As a neutral, impartial and independent humanitarian organization, we have been closely monitoring the use of ICTs in situations of armed conflict and the threats that arise for the safety and dignity of people.

We would like to commend the pertinent analysis of existing threats in the last progress report, and share our views on 5 threats that we consider of particular concern.

First, this group has noted that 'ICTs have already been used in conflicts in different regions'. We share this assessment, and the ICRC has expressed its concern about the human and societal costs of such uses. In some of today's armed conflicts, ICTs are used to disrupt critical civilian infrastructure, including ICT infrastructure needed to ensure access to water, petrol, electricity, or medical services. The ICRC encourages this group to reiterate its strong concern about these developments.

Second, since 2022, the ICRC has also repeatedly drawn the attention of this group to the threat of ICT activities that target humanitarian organizations. We commend its inclusion in the last progress report. In a global context marked by large humanitarian needs and an insufficient response capacity, cyber and information operations against humanitarian organizations create significant risk for their ability to operate. In recent years, the ICRC and other humanitarian organizations have been affected by such operations.

When our systems are disrupted, sensitive data exfiltrated, and our reputation undermine, our operations for people slow down and we spend scarce resources on feeding off malicious ICT activities and not on peoples needs.

Third, the ICRC also shares States' concerns about the increased involvement of non-state actors – individuals and groups – in ICT activities in situations of armed conflict. We see worrying trends of civilians being encouraged and supported, or otherwise deciding to, take part in cyber operations against the civilian infrastructure of countries affected by armed conflict.

It is the responsibility of States to impose limits on unlawful cyber operations by non-state actors withing their jurisdiction, and to ensure that civilians are aware of the risks posed to their activities.

Fourth, based on our first-hand experience operating in situations of armed conflict, the ICRC would also like to support the agreement in the progress report on the relevance of ICT enabled information operations. Disinformation and hate speech – for instance if directed against civilian populations or persons in situations of vulnerability – can cause harm to people and societies, directly and indirectly. Such operations risk raising tensions and can contribute to dangerous escalations of conflicts.

Fifth, we would like to draw your attention to one threat which is not yet reflected in the progress report. States have emphasized in the United Nations that the use of civilian ICT infrastructure, such as cloud computing or communication infrastructure, faces serious risks of disruption or destruction if it is used by the military in situations of armed conflict. In other words, if armed forces rely on the same infrastructure and services as civilians, there is a real risk that such infrastructure and services may be considered as military objectives and consequently attacked, and ultimately no longer available for civilian populations.

Against this background, together with a Global Group of Experts, we recommend that States and ICT companies segment, to the maximum extent feasible, data and communications infrastructure used for military purposes from civilian ones.

To conclude, the ICRC would like to commend your effort in reflecting these very concrete threats in the last progress report.

Thank you.