For over 150 years, three distinctive emblems, the red cross, red crescent, and more recently the red crystal, have been used in times of armed conflict. International law protects people who wear them, and also the facilities (for instance buildings or transport) which use them.
In the context of a cyberwar, is it possible to have a digital version of these emblems? For instance, servers, laptops, mobile phones and other equipment of a hospital could be victims of a cyberattack launched by a state, causing damage not only to the equipment but also to their operations and impacting the people under their care. A digital emblem would allow to signal protection to state-based cyber-operations and thus permit attackers to recognise such systems as protected under international law . Naturally in this context several challenges arise: A digital emblem should be easy to embed in current systems and easy to recognise by attackers, but at the same time it should be hard to abuse in order to claim protection over assets not covered by international law.
In order to tackle this challenge, the International Committee of the Red Cross (ICRC) in Geneva is working with Johns Hopkins University, the ITMO University of St. Petersburg, Russia, and the Center for Cyber Trust, a joint research center of ETH Zurich and Germany’s University of Bonn, to develop a technological solution. One of the proposals, designed within the Center for Cyber Trust is called ADEM (Authenticated Digital EMblem). ADEM uses public key cryptography to create robust machine-readable certificates to be used by protected entities in network communications, allowing attackers to read them anonymously. Prof. Basin and Felix Linker explain this design in an article of the ICRC’s blog. ADEM has been included in an official report of the ICRC together with other digital emblem solutions. This report has been recently featured by several media outlets, including The Washington Post, The Lieber Institute at West Point, AP News and The Record.