Until now, the cyber capabilities of a State have been primarily assessed on a technical and tactical perspective: the coordination of APT teams, the quality of malware, and the sophistication of exploits, to give some examples. However, describing such cyber operations is no longer sufficient to understand the capabilities that States deploy in the digital sphere during armed conflicts.
Cyber activities are part of a broader context, the digital one. Armies in conflict are increasingly digitized as are the involved populations. States may encourage civilians to engage in offensive cyber operations against targets associated with the enemy or encourage users to contribute to the military effort.
In this presentation, One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?, the ICRC’s Mauro Vignati discusses how technology has completely transformed the way civilians live through armed conflicts.
In recent conflicts, smartphones and apps especially have become weaponized, slowly removing traditional barriers that divide the roles of civilians and combatants. Mauro breaks down the dangers and consequences of this paradigm shift and discusses what states and private organizations can do to stop technological weaponization from harming civilians caught in wartime.
One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?: Audio automatically transcribed by Sonix
One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?: this mp4 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Mauro Vignati:
Hi everyone. Thank you for having. Oh.
Mauro Vignati:
ICRC today, International Red Cross. So just
look at who knows, who knows what we do and
Mauro Vignati:
who we are. Just raise your hand. Okay.
Mauro Vignati:
So just to refresh the memory. So we are an
international organization, a humanitarian
Mauro Vignati:
organization. We are based in Geneva,
Switzerland. So our mandate is to provide
Mauro Vignati:
humanitarian help and help victims of armed
conflict in relief operations. And when there
Mauro Vignati:
is a need.
So and you start to think about why we are
here, right? What is doing humanitarian
organization here? So it’s because we are
seeing with the digitalization of societies
there is an increase, a transformation of how
the wars are fought. So states are adding
more and more digital means and methods to
their arsenal. And one of the worst trends we
are seeing nowadays is that digital
technologies are bringing civilians and
private sector technology companies into the
battlefield. So when I talk about private
companies, I mean cybersecurity companies,
technology companies that are bringing into
the battlefield. So one of the most important
principles in ICRC is international
humanitarian law. This is a body of law. And
one of the most important principles in this
law is that we define two main groups of
individuals and objects.
So the first one is the combatants, and the
military objectives and the competence are
the people that are fighting on behalf of an
army. And the second group are the civilians
and then civilians objects.
Mauro Vignati:
And they should refrain from the resource.
They should refrain to a combat to go in the
Mauro Vignati:
battlefield, and thus they should be
protected against the arms and dangers that
Mauro Vignati:
the war is producing.
Mauro Vignati:
So this is the principle of distinction. So
we have to distinguish between who is
Mauro Vignati:
fighting the war and the rest of the
population.
So and this shift in the digital
technologies, so is bringing us to a to a
qualitative aspect, 1 to 1 qualitative
aspect, one quantitative one. So from the
qualitative perspective, so the
digitalization of societies is bringing some
some effect. One of them is that this
lowering the threshold of entering the
battlefield. So with some exaggeration, we
can say that everyone with a smartphone
nowadays can join the battlefield and do
something for an army to a conflict. And the
other perspective is that is also modifying
completely, modifying the sense of remoteness
that we have. So we can sit in our couch and
we can participate to to the battlefield on
the other side of of the planet. And from a
quantitative perspective is that the states
can scale up a massive amount of civilians to
do what they need to do, like hundreds of
thousands of civilians regrouping them in
hours, in days to be able to fight for them.
And another perspective is the expansion of
the attack surface. So the same smartphone
that they can use to attack could be also a
victim of of of an attack.
Mauro Vignati:
So it’s not just the smartphone, laptop,
computer server, whatever. So the attack
Mauro Vignati:
surface is way bigger than what we have in
the physical world. So this brings us to the
Mauro Vignati:
civilization. So we call the civilization of
the battlefield. So based on that, let’s have
Mauro Vignati:
a couple of scenarios to better explain the
situation and the challenges we are facing
Mauro Vignati:
here.
So the first scenario is about states that
may encourage civilians to engage in
offensive cyber operations against targets
associated with the enemy. So it’s the states
that is asking its own civilians to
participate to a conflict in the digital
battlefield. So this has multiple advantages
for a state so individual can be easily
mobilized and coordinated. So as I said
before, you can put together hundreds of
thousands of people to fight in your name and
you can federate all already existing
activists that they can be deployed for, for
your purpose and all those characteristics
that bring us to this lower cost for entering
the battlefield and for the states to fight
in the battlefield because they can use the
civilians to do this work. So this is the
first scenario we are talking about. The
second scenario is
that the states may repurpose existing
e-government apps or create new ones that
will be used for the battlefield.
Mauro Vignati:
So here we are talking. In about two states
that are provide an app that you can use to,
Mauro Vignati:
for instance, take a picture of a tank of the
enemy and then send them back to a to the to
Mauro Vignati:
the army, to the Central Command and control
and be used for the effort on the on the
Mauro Vignati:
kinetic side. So this has multiple advantages
from the state’s perspective because you are
Mauro Vignati:
tapping into an existing community of digital
citizens.
So can you imagine if you if you have a new
government app that is being used by three or
four or 5 million of people that some point,
you transform, you enhance this application
providing new methods in the application, and
then you provide these applications, this new
version of applications to already three or
four or five million people that are already
using these applications. So they are tapping
into this kind of situation. So this means
that you don’t need any training for the
people that are using the application because
they are already used using these
applications. So it’s everything. We open
download, take a picture, and send the
picture. This is a normal gesture we do
daily, so no training is required. This also
means that there is no latency. You don’t
have to train military people on the ground.
You just have civilians in the in the digital
battlefield that can adapt and use this
application in a very quick way.
Mauro Vignati:
And this means that the civilians are
becoming sensor sensors to the army, not just
Mauro Vignati:
for intelligence purposes, but for any other
kind of activity that the state would like to
Mauro Vignati:
start in in the digital battlefield. This
brings us to a third scenario where we have
Mauro Vignati:
the presence of technology companies, and
cybersecurity companies. And so, generally
Mauro Vignati:
speaking, private companies are jumping into
the digital battlefield.
So as you may know, I mean, the majority of
the networks are owned or managed by private
companies and they are also managing asset
that our military asset, not only civilian
assets. So when war start those companies,
they are inside the battlefield because they
are already providing support or they are
managing the networks of those governmental
bodies. So this may bring us to the
characteristic of that. Those companies are
defending against deliberate cyber attacks.
If you are already providing this kind of
situation to a to governmental bodies, you
find yourself in in defending against
deliberate cyber attacks and you share threat
intelligence with government bodies, with
states that are at the moment in war. So
those are the three scenarios of how
civilians and and private companies are
involved in the battlefield. And these are,
first a first batch of consideration about
the situation that we are expecting we are
seeing since the moment. So apt so state
sponsored cyber attack is not the only way to
assess no more, the only way to assess state
capabilities in the digital sphere.
Mauro Vignati:
So we have a lot of more digital means and
method that has to be integrated when we do
Mauro Vignati:
an analysis of the capacity of a state in
these in this sector. The second one is that
Mauro Vignati:
the private company of civilians are now
playing a preponderant role in the conflict.
Mauro Vignati:
What I mean with this is that when an army is
losing visibility or capability on the on the
Mauro Vignati:
on the battle ground, they can use civilians
to regain this visibility, this capability,
Mauro Vignati:
and even surpass the capability of a state in
the battlefield. So the consideration is that
Mauro Vignati:
we are assisting a civilization of the
battlefield that is is is a trend since the
Mauro Vignati:
moment now.
And this is a worrisome trend because we are
bringing civilians into the battlefield. So a
second a second package of of considerations
that we still lack this cognitive process. So
what does it mean? It means that we are far
from from the battlefield, but at the same
time, we are in the battlefield using digital
means. So this is a distance between what we
are leaving and what we are doing. So these
kinds of process is something that we are
still lacking nowadays, even after 30, 40
years, that we are using it and still lacking
of cognitive process. And this brings us to
the perception of anonymity where we are
running a DDoS attack using a VPN, we think
to be anonymous from our couch or we do this
and that.
Mauro Vignati:
So this is perpetrating the anonymity and
with this also the sense of impunity. We
Mauro Vignati:
think nobody will find me because I’m using
all the security measures that I can put in
Mauro Vignati:
place to not be seen.
Mauro Vignati:
So another is the performative nudging of the
state. What does it mean? Does it mean that
Mauro Vignati:
the the state, when is there enhancing and
modifying application? Is proportionately to
Mauro Vignati:
be gentle, pushing the civilians to adopt
this application that is already on their
Mauro Vignati:
phone to use this application for for war
reason so and these performative because as
Mauro Vignati:
soon as these new capacity is is put in in a
new application and push on the store and
Mauro Vignati:
then push on the phones is use very quick.
So this is performative so the speed of
integration we already said so this very fast
how to integrate civilians into the
battlefield. And then we have the involvement
of private companies that are doing the
normal business in peaceful time, that at
some point they find themselves into the
battlefield. And the third group of
consideration is are civilians and private
companies directly participating in
hostilities? So this is the most important
part are people that are doing this kind of
business, participating in hostilities. So we
see three communities characteristic to be
declared as participating in the cities.
Mauro Vignati:
So this is just a way to explain you how it
is. I am not saying that one scenario or the
Mauro Vignati:
other is direct participating in stating the
three scenarios that were seen before. We can
Mauro Vignati:
say that depending from case to case could be
considered as participating in hostilities.
Mauro Vignati:
But normally we should look at these three
cumulative aspects.
So one is the threshold of harm. So it means
that if you run, if you do this act, you
provide a you have an impact on the military
operation of a party to the conflict. So
there is a real impact of what you are doing.
The second one is the belligerent nexus is
knowing that if you have designed the act to
be to reach the threshold of harm.
So if there is a desire of designing this,
this act for providing this harm, and the
second the third one is that the direct
causation I mean, if we can know that from
the act that you are doing the the harm is
provided by your intervention.
So those are the three characteristics. So if
you are if you have this three characteristic
in the act that you are performing, you
probably participating in in a armed
conflict. So there are other characteristics
that we have to look at before saying that.
One of the other scenario is direct
participation in your city. What we are
saying is the temporary consideration for
such time.
Mauro Vignati:
So it does mean that so in our perspective,
ICRC perspective, if a civilian is opening an
Mauro Vignati:
application and taking a picture or doing a
DDOS attack and then closing the application,
Mauro Vignati:
only during that time a civilian could be and
say could be considering as participating in
Mauro Vignati:
hostilities as soon as you closed the
application is not is not more considered as
Mauro Vignati:
participating in stating some critics of our
will saying that this is too easy for
Mauro Vignati:
civilians to go in the battlefield and go out
from the battlefield. So a kind of a
Mauro Vignati:
revolving door, but again, case by case.
And then there is the territorial
consideration. Are you performing your act
from inside the battleground or from outside?
So are you doing this stuff from outside the
battlefield? So these are all the different
perspective that we’re going to check. After
all, what are the consequences of everything
here? So the first consequence, if you are so
directly participating, is that you are not
entitled to have the prisoner of war status
if you don’t have this title because you are
a civilian participating in hostilities. You
may lose immunity from domestic prosecution.
And I explain myself. So let’s imagine you
are attacking country with your means and at
some point the war is over and then some
years later you want to travel for for
vacation to this country. You could be
prosecuted in this country because you
participated in hostilities and then you have
no immunity for that.
Mauro Vignati:
So this means also that you lose protection
from attacks. And when we talk about attacks,
Mauro Vignati:
we is not just cyber attack, but also
physical attack. So someone that is
Mauro Vignati:
participating in society could lose the
protection from being attacked, although on a
Mauro Vignati:
physical on a physical way. So the
consequences for the states so states have
Mauro Vignati:
mandatory it’s mandatory for the state to
verify if one person that is participating to
Mauro Vignati:
a soldier is a combatant, is a civilian.
So distinguish what we said before, the the
principle of distinction for for the for the
states. The second one is the obligation of
cost and care. So this means that the states
have the obligation to help civilians to to
provide precaution to the civilians. But this
is absolutely in tension with the fact that
that states are nudging or pushing civilians
into the battlefield, how you can nudge and
push civilians on the battlefield. And the
same time, be sure to to provide cost and
care to the civilian.
The third one is that states have to respect
international humanitarian law. And the
reason are the law international human rights
law. So the right to life and such, such a
body of law that is fundamental. Also when we
talk about the territoriality of of the
battlefield. And so another consequence is
this time for the private companies is that
as the civilian is the possible loss of
protection from being attacked.
Mauro Vignati:
So even tech companies that are involved in
the battlefield, they could face this
Mauro Vignati:
situation if they are engaging in DPH for one
of the other party to the conflict.
Mauro Vignati:
And one very interesting point is that tech
and cybersecurity company property may become
Mauro Vignati:
a military objective. So let’s imagine you
have a platform for sharing intelligence with
Mauro Vignati:
the government body that this government is
involved in, in a in a in a in a war. And you
Mauro Vignati:
provide a cyber threat, intelligence to this
to this state through a platform. This
Mauro Vignati:
platform could become NSA could because
again, depend from case to case could become
Mauro Vignati:
a military objective of an army to the
conflict. So this platform could be disrupted
Mauro Vignati:
by one of the other parties to the conflict.
And so this brings us also to the territory
consideration that we have seen for
civilians. So it depends from my perspective,
from international maritime law, there is no
difference if you are doing this from inside
a battlefield territory or outside. But there
are other body of law, like human rights law,
that are taking in consideration territorial
territorial consideration for for this. And
technology and cybersecurity companies could
also be considered as an organized armed
group. Again here exception and case by case.
But it is possible that the tech companies
that is providing a defensive capability or
even active defensive capability could be
considered as organized armed group by to one
of the army, one of the ambit of the
conflict.
Mauro Vignati:
So these you can imagine the consequence of
being considered an organized group. These
Mauro Vignati:
bring us to the conclusion. So the first one
about the civilians. So I just put this point
Mauro Vignati:
civilian must be aware. So we’re not talking
anymore here on taking down a server of a
Mauro Vignati:
ransomware group or snitching to a C2 of a
state sponsor of an APT group.
Mauro Vignati:
So we are talking about participating in a
conflict. This is changing completely. The
Mauro Vignati:
situation where you are involved.
Mauro Vignati:
You have to be aware of what you’re doing
when you when you type on your keyboard and
Mauro Vignati:
be sure what you’re doing here, because you
can be attacked again with distinction in
Mauro Vignati:
case by case, but you can have a kinetic and
non-kinetic answer to what you’re doing.
The second conclusion is for the states. So
we stress the fact that the states have to
respect the principle of distinction between
civilians and combatants is very important
and is something that is is very worrisome
because we seen a fusion between the two
groups. And if you are really bringing
civilians into the battlefield, please
prioritize harmless form of civilian
involvement, like, I don’t know, rebuilding,
disrupt the connections or setting up servers
or whatever, not using civilians for the aim
of of of the war.
Mauro Vignati:
The third one is provide civilians the
information. So as soon as the state is
Mauro Vignati:
providing all the information to civilians
saying, hey, you can do this and that, if you
Mauro Vignati:
do the other, you take responsibility for
your act, At least the state. It could be
Mauro Vignati:
said that he provided all the information
useful for civilians to judge the situation.
Mauro Vignati:
Logically comply with their duties, so with
the natural and human rights law. So we said
Mauro Vignati:
before that we see a tension here between the
duty and the and what in reality is happening
Mauro Vignati:
and the obligation, of course, care.
We have talked before, so do not involve
civilians, had civilians against these
civilians of the battlefield and try to
reverse the civilian ization of the
battlefield. So this trend must be stopped
because we are seeing more and more tech
companies, more and more civilians into the
battlefield and latest for the companies. So
we think that companies need more awareness
in training in international humanitarian
law. So we had a discussion with several tech
companies and cybersecurity companies on this
topic and they open their eyes are where we
were not aware about this. So this is very
important that they start to have an
awareness in training and then prevent target
mistakes. So when you do offensive offensive
security or something like that, just be sure
if you shut down a command and control that
this command and control is a military
dedicated command and control is not a dual
use command and control that is used also for
civilian purposes and proactively inform as a
company what you are doing to avoid being
attacked.
Mauro Vignati:
So if you are doing protection or whatever,
just let the world know what you’re doing
Mauro Vignati:
during the conflict. And you should also
develop compliance in your companies and say,
Mauro Vignati:
Hey, how are we doing the right? How are we
now shifting to be a participant in the right
Mauro Vignati:
to a conflict or not?
So you have to be aware what you are doing
during this period and then try to lobby to
assure that civilian data should be protected
as civilian asset. So till now, the civilian
data do not have the same level of protection
as a civilian asset. So we advocate of
considering civilian data protected as
civilian asset, because when you disrupt
civilian, you can cause a very harmful
situation for civilians.
And most important stuff, we discuss all this
the other day with an attack against a
satellite infrastructure, try to do
segmentation of of the asset that you are
providing to a government. So if a government
wants to have an asset from your company, try
to split between civilian body of the
government and military body of the
government so that when there is a war
exploding and someone is trying to attack
those assets, is going to focus on the
military. One Thank you. One take question.
Speaker2:
Tomorrow. We have time for questions.
Quickly, quickly. Just get your hands.
Speaker3:
Hi there. Thanks. Really enjoyed the talk.
Just one kind of question. It seemed like an
Speaker3:
overarching theme in this is that there’s
sort of a dual use nature to all of this
Speaker3:
stuff that the you know, like you said, like
a cloud provider could be supporting a
Speaker3:
military, could also be supporting civilian
businesses. And from a defenders perspective,
Speaker3:
you know, threats, although they can be
nation state, they can be non nation state,
Speaker3:
whatever. You might just not care as a
defender and you just want to protect your
Speaker3:
own system. So I guess because that
distinction is hard on both sides, I think.
Speaker3:
Do you see any room or what specifically
would you see like on a maybe on a policy
Speaker3:
side or regulatory framework side that could
help clarify that and help like deal with
Speaker3:
these dual use technologies in a way that
helps distinguish civilian and military
Speaker3:
objectives?
Mauro Vignati:
I’m thinking about if you. Thank you for the
question and thinking about if you have a
Mauro Vignati:
contract with the government as from the
starting point, you have to define if there
Mauro Vignati:
is a military asset, is this a civilian
asset? So you have to be to be open with the
Mauro Vignati:
government and saying what the purpose of of
of our help here, what kind of infrastructure
Mauro Vignati:
are we securing? And then it’s up to you as a
company saying, I don’t want to protect a
Mauro Vignati:
military entity because in case of war, I’m
protecting something that can bring me to the
Mauro Vignati:
battlefield. So this is up to the company
having these these capability of distinguish
Mauro Vignati:
already from the beginning of of the contract
and being clear with the government what
Mauro Vignati:
they’re doing. One of the.
Speaker3:
One of the issues that you kind of have to
deal with in both hot and cyber conflicts
Speaker3:
might be mercenaries. So what are your
thoughts on kind of identifying private
Speaker3:
companies who might be affiliated with
governments?
Mauro Vignati:
That’s a good question. I mean, I chair
international maritime law does not prohibit
Mauro Vignati:
the participation in war. So this is up to an
up to everybody to know if they want to
Mauro Vignati:
participate to a war. I mean, but that you
have behaving in a in a manner that you are
Mauro Vignati:
not entitled to war crimes.
Mauro Vignati:
But from this point of view, you have to be
aware of the fact that if you are a mercenary
Mauro Vignati:
participating to a conflict, you can be
attacked afterward from one of the parties of
Mauro Vignati:
the conflict, even in kinetic ways. So we’re
talking about a kinetic reaction to a cyber
Mauro Vignati:
operation. So this is up to everyone to do
this. We we try to get in touch with those
Mauro Vignati:
mercenaries, with the groups of people that
are cooperating with the one of the other
Mauro Vignati:
party. Try to explain them. What are the
dangers bind into this, to this situation?
Mauro Vignati:
Just that they know what they what they are
facing. Thank you.
Mauro Vignati:
Yeah. We take one last.
Speaker2:
Not more. One more last one, quickly. Get.
Speaker2:
We have this man from Geneva all the way
here. We have to make all the use of its time
Speaker2:
as we can get.
Speaker3:
Go ahead with digital warfare, everyone.
Speaker3:
Or more and more people have equal access to
be a part of war.
Speaker3:
They don’t have to be in a military base.
They don’t have to grow up and go to boot
Speaker3:
camp. And I think as a people in general, we
have a desire to fight for something.
Speaker3:
So you talk about trying to stop this, the
civilian ization of warfare, but I think it’s
Speaker3:
the civilians that are that are wanting to be
a part of something. Could there be a benefit
Speaker3:
to having the states provide a way for the
civilians to actively defend their country,
Speaker3:
which might, you know, shoo them away from
trying to be offensive and potentially more
Speaker3:
damaging? And if so, is that even something
that’s realistic or possible for states to
Speaker3:
give their citizens a way to defend without
also creating a vulnerability for other
Speaker3:
countries to come in and know what’s not
defended or what needs to be fixed?
Mauro Vignati:
Yeah, I mean, I think it’s a it’s a human
being reaction if you want to take part of
Mauro Vignati:
not from one of the parts of the conflict. I
mean you feel engaged in something. But then
Mauro Vignati:
the other side, what we what I’m showing here
is with the digitalization way easier to get
Mauro Vignati:
into so and this is the lack of cognitive
process. So when you think I’m going to
Mauro Vignati:
participate, just open the laptop and doing
something right will be different. If you
Mauro Vignati:
have to go physically in the battlefield and
taking a gun and participating. So this is
Mauro Vignati:
the the war that is reframing you for doing
this. That’s why this is the problem of
Mauro Vignati:
civilization. So we’re bringing more and more
civilians into the company because the easy
Mauro Vignati:
with digital means and we have to think about
is, okay, it’s easy, but the consequences are
Mauro Vignati:
exactly the same as participating physically
into conflict. That’s the main message of of
Mauro Vignati:
the talk today is that. Thank you very much,
guys.
Speaker2:
Thank you.
Mario, thank you.
Sonix is the world’s most advanced automated transcription, translation, and subtitling platform. Fast, accurate, and affordable.
Automatically convert your mp4 files to text (txt file), Microsoft Word (docx file), and SubRip Subtitle (srt file) in minutes.
Sonix has many features that you’d love including automated subtitles, collaboration tools, secure transcription and file storage, share transcripts, and easily transcribe your Zoom meetings. Try Sonix for free today.
About the Presenter
Mauro Vignati currently holds the role of Advisor on Digital Technologies of Warfare for the International Committee of the Red Cross (ICRC). Having worked with the Swiss Federal Department of Defense, the National Cyber Security Centre (NCSC), and now the ICRC, Mauro brings nearly two decades’ worth of expertise on the prevention, identification, and analysis of advanced persistent threats (APTs), mainly from state-sponsored groups.
About LABScon
This presentation was featured live at LABScon 2022, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.