LABScon Replay | Are Digital Technologies Eroding the Principle of Distinction in War?

Until now, the cyber capabilities of a State have been primarily assessed on a technical and tactical perspective: the coordination of APT teams, the quality of malware, and the sophistication of exploits, to give some examples. However, describing such cyber operations is no longer sufficient to understand the capabilities that States deploy in the digital sphere during armed conflicts.

Cyber activities are part of a broader context, the digital one. Armies in conflict are increasingly digitized as are the involved populations. States may encourage civilians to engage in offensive cyber operations against targets associated with the enemy or encourage users to contribute to the military effort.

In this presentation, One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?, the ICRC’s Mauro Vignati discusses how technology has completely transformed the way civilians live through armed conflicts.

In recent conflicts, smartphones and apps especially have become weaponized, slowly removing traditional barriers that divide the roles of civilians and combatants. Mauro breaks down the dangers and consequences of this paradigm shift and discusses what states and private organizations can do to stop technological weaponization from harming civilians caught in wartime.

One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?: Audio automatically transcribed by Sonix

One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?: this mp4 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.

Mauro Vignati:
Hi everyone. Thank you for having. Oh.

Mauro Vignati:
ICRC today, International Red Cross. So just
look at who knows, who knows what we do and

Mauro Vignati:
who we are. Just raise your hand. Okay.

Mauro Vignati:
So just to refresh the memory. So we are an
international organization, a humanitarian

Mauro Vignati:
organization. We are based in Geneva,
Switzerland. So our mandate is to provide

Mauro Vignati:
humanitarian help and help victims of armed
conflict in relief operations. And when there

Mauro Vignati:
is a need.

So and you start to think about why we are
here, right? What is doing humanitarian

organization here? So it’s because we are
seeing with the digitalization of societies

there is an increase, a transformation of how
the wars are fought. So states are adding

more and more digital means and methods to
their arsenal. And one of the worst trends we

are seeing nowadays is that digital
technologies are bringing civilians and

private sector technology companies into the
battlefield. So when I talk about private

companies, I mean cybersecurity companies,
technology companies that are bringing into

the battlefield. So one of the most important

principles in ICRC is international

humanitarian law. This is a body of law. And
one of the most important principles in this

law is that we define two main groups of
individuals and objects.

So the first one is the combatants, and the
military objectives and the competence are

the people that are fighting on behalf of an
army. And the second group are the civilians

and then civilians objects.

Mauro Vignati:
And they should refrain from the resource.
They should refrain to a combat to go in the

Mauro Vignati:
battlefield, and thus they should be
protected against the arms and dangers that

Mauro Vignati:
the war is producing.

Mauro Vignati:
So this is the principle of distinction. So
we have to distinguish between who is

Mauro Vignati:
fighting the war and the rest of the

So and this shift in the digital
technologies, so is bringing us to a to a

qualitative aspect, 1 to 1 qualitative
aspect, one quantitative one. So from the

qualitative perspective, so the
digitalization of societies is bringing some

some effect. One of them is that this
lowering the threshold of entering the

battlefield. So with some exaggeration, we
can say that everyone with a smartphone

nowadays can join the battlefield and do
something for an army to a conflict. And the

other perspective is that is also modifying
completely, modifying the sense of remoteness

that we have. So we can sit in our couch and
we can participate to to the battlefield on

the other side of of the planet. And from a
quantitative perspective is that the states

can scale up a massive amount of civilians to
do what they need to do, like hundreds of

thousands of civilians regrouping them in
hours, in days to be able to fight for them.

And another perspective is the expansion of
the attack surface. So the same smartphone

that they can use to attack could be also a
victim of of of an attack.

Mauro Vignati:
So it’s not just the smartphone, laptop,
computer server, whatever. So the attack

Mauro Vignati:
surface is way bigger than what we have in
the physical world. So this brings us to the

Mauro Vignati:
civilization. So we call the civilization of
the battlefield. So based on that, let’s have

Mauro Vignati:
a couple of scenarios to better explain the
situation and the challenges we are facing

Mauro Vignati:

So the first scenario is about states that
may encourage civilians to engage in

offensive cyber operations against targets
associated with the enemy. So it’s the states

that is asking its own civilians to
participate to a conflict in the digital

battlefield. So this has multiple advantages
for a state so individual can be easily

mobilized and coordinated. So as I said
before, you can put together hundreds of

thousands of people to fight in your name and
you can federate all already existing

activists that they can be deployed for, for
your purpose and all those characteristics

that bring us to this lower cost for entering
the battlefield and for the states to fight

in the battlefield because they can use the
civilians to do this work. So this is the

first scenario we are talking about. The
second scenario is

that the states may repurpose existing
e-government apps or create new ones that

will be used for the battlefield.

Mauro Vignati:
So here we are talking. In about two states
that are provide an app that you can use to,

Mauro Vignati:
for instance, take a picture of a tank of the
enemy and then send them back to a to the to

Mauro Vignati:
the army, to the Central Command and control
and be used for the effort on the on the

Mauro Vignati:
kinetic side. So this has multiple advantages
from the state’s perspective because you are

Mauro Vignati:
tapping into an existing community of digital

So can you imagine if you if you have a new
government app that is being used by three or

four or 5 million of people that some point,
you transform, you enhance this application

providing new methods in the application, and
then you provide these applications, this new

version of applications to already three or
four or five million people that are already

using these applications. So they are tapping
into this kind of situation. So this means

that you don’t need any training for the
people that are using the application because

they are already used using these
applications. So it’s everything. We open

download, take a picture, and send the
picture. This is a normal gesture we do

daily, so no training is required. This also
means that there is no latency. You don’t

have to train military people on the ground.
You just have civilians in the in the digital

battlefield that can adapt and use this
application in a very quick way.

Mauro Vignati:
And this means that the civilians are
becoming sensor sensors to the army, not just

Mauro Vignati:
for intelligence purposes, but for any other
kind of activity that the state would like to

Mauro Vignati:
start in in the digital battlefield. This
brings us to a third scenario where we have

Mauro Vignati:
the presence of technology companies, and
cybersecurity companies. And so, generally

Mauro Vignati:
speaking, private companies are jumping into
the digital battlefield.

So as you may know, I mean, the majority of
the networks are owned or managed by private

companies and they are also managing asset
that our military asset, not only civilian

assets. So when war start those companies,
they are inside the battlefield because they

are already providing support or they are
managing the networks of those governmental

bodies. So this may bring us to the
characteristic of that. Those companies are

defending against deliberate cyber attacks.
If you are already providing this kind of

situation to a to governmental bodies, you
find yourself in in defending against

deliberate cyber attacks and you share threat
intelligence with government bodies, with

states that are at the moment in war. So
those are the three scenarios of how

civilians and and private companies are
involved in the battlefield. And these are,

first a first batch of consideration about
the situation that we are expecting we are

seeing since the moment. So apt so state
sponsored cyber attack is not the only way to

assess no more, the only way to assess state
capabilities in the digital sphere.

Mauro Vignati:
So we have a lot of more digital means and
method that has to be integrated when we do

Mauro Vignati:
an analysis of the capacity of a state in
these in this sector. The second one is that

Mauro Vignati:
the private company of civilians are now
playing a preponderant role in the conflict.

Mauro Vignati:
What I mean with this is that when an army is
losing visibility or capability on the on the

Mauro Vignati:
on the battle ground, they can use civilians
to regain this visibility, this capability,

Mauro Vignati:
and even surpass the capability of a state in
the battlefield. So the consideration is that

Mauro Vignati:
we are assisting a civilization of the
battlefield that is is is a trend since the

Mauro Vignati:
moment now.

And this is a worrisome trend because we are
bringing civilians into the battlefield. So a

second a second package of of considerations
that we still lack this cognitive process. So

what does it mean? It means that we are far
from from the battlefield, but at the same

time, we are in the battlefield using digital
means. So this is a distance between what we

are leaving and what we are doing. So these
kinds of process is something that we are

still lacking nowadays, even after 30, 40
years, that we are using it and still lacking

of cognitive process. And this brings us to
the perception of anonymity where we are

running a DDoS attack using a VPN, we think
to be anonymous from our couch or we do this

and that.

Mauro Vignati:
So this is perpetrating the anonymity and
with this also the sense of impunity. We

Mauro Vignati:
think nobody will find me because I’m using
all the security measures that I can put in

Mauro Vignati:
place to not be seen.

Mauro Vignati:
So another is the performative nudging of the
state. What does it mean? Does it mean that

Mauro Vignati:
the the state, when is there enhancing and
modifying application? Is proportionately to

Mauro Vignati:
be gentle, pushing the civilians to adopt
this application that is already on their

Mauro Vignati:
phone to use this application for for war
reason so and these performative because as

Mauro Vignati:
soon as these new capacity is is put in in a
new application and push on the store and

Mauro Vignati:
then push on the phones is use very quick.

So this is performative so the speed of
integration we already said so this very fast

how to integrate civilians into the
battlefield. And then we have the involvement

of private companies that are doing the
normal business in peaceful time, that at

some point they find themselves into the
battlefield. And the third group of

consideration is are civilians and private
companies directly participating in

hostilities? So this is the most important
part are people that are doing this kind of

business, participating in hostilities. So we
see three communities characteristic to be

declared as participating in the cities.

Mauro Vignati:
So this is just a way to explain you how it
is. I am not saying that one scenario or the

Mauro Vignati:
other is direct participating in stating the
three scenarios that were seen before. We can

Mauro Vignati:
say that depending from case to case could be
considered as participating in hostilities.

Mauro Vignati:
But normally we should look at these three
cumulative aspects.

So one is the threshold of harm. So it means
that if you run, if you do this act, you

provide a you have an impact on the military
operation of a party to the conflict. So

there is a real impact of what you are doing.
The second one is the belligerent nexus is

knowing that if you have designed the act to
be to reach the threshold of harm.

So if there is a desire of designing this,
this act for providing this harm, and the

second the third one is that the direct
causation I mean, if we can know that from

the act that you are doing the the harm is
provided by your intervention.

So those are the three characteristics. So if
you are if you have this three characteristic

in the act that you are performing, you
probably participating in in a armed

conflict. So there are other characteristics
that we have to look at before saying that.

One of the other scenario is direct
participation in your city. What we are

saying is the temporary consideration for
such time.

Mauro Vignati:
So it does mean that so in our perspective,
ICRC perspective, if a civilian is opening an

Mauro Vignati:
application and taking a picture or doing a
DDOS attack and then closing the application,

Mauro Vignati:
only during that time a civilian could be and
say could be considering as participating in

Mauro Vignati:
hostilities as soon as you closed the
application is not is not more considered as

Mauro Vignati:
participating in stating some critics of our
will saying that this is too easy for

Mauro Vignati:
civilians to go in the battlefield and go out
from the battlefield. So a kind of a

Mauro Vignati:
revolving door, but again, case by case.

And then there is the territorial
consideration. Are you performing your act

from inside the battleground or from outside?
So are you doing this stuff from outside the

battlefield? So these are all the different
perspective that we’re going to check. After

all, what are the consequences of everything
here? So the first consequence, if you are so

directly participating, is that you are not
entitled to have the prisoner of war status

if you don’t have this title because you are
a civilian participating in hostilities. You

may lose immunity from domestic prosecution.
And I explain myself. So let’s imagine you

are attacking country with your means and at
some point the war is over and then some

years later you want to travel for for
vacation to this country. You could be

prosecuted in this country because you
participated in hostilities and then you have

no immunity for that.

Mauro Vignati:
So this means also that you lose protection
from attacks. And when we talk about attacks,

Mauro Vignati:
we is not just cyber attack, but also
physical attack. So someone that is

Mauro Vignati:
participating in society could lose the
protection from being attacked, although on a

Mauro Vignati:
physical on a physical way. So the
consequences for the states so states have

Mauro Vignati:
mandatory it’s mandatory for the state to
verify if one person that is participating to

Mauro Vignati:
a soldier is a combatant, is a civilian.

So distinguish what we said before, the the
principle of distinction for for the for the

states. The second one is the obligation of
cost and care. So this means that the states

have the obligation to help civilians to to
provide precaution to the civilians. But this

is absolutely in tension with the fact that
that states are nudging or pushing civilians

into the battlefield, how you can nudge and
push civilians on the battlefield. And the

same time, be sure to to provide cost and
care to the civilian.

The third one is that states have to respect
international humanitarian law. And the

reason are the law international human rights
law. So the right to life and such, such a

body of law that is fundamental. Also when we
talk about the territoriality of of the

battlefield. And so another consequence is
this time for the private companies is that

as the civilian is the possible loss of
protection from being attacked.

Mauro Vignati:
So even tech companies that are involved in
the battlefield, they could face this

Mauro Vignati:
situation if they are engaging in DPH for one
of the other party to the conflict.

Mauro Vignati:
And one very interesting point is that tech
and cybersecurity company property may become

Mauro Vignati:
a military objective. So let’s imagine you
have a platform for sharing intelligence with

Mauro Vignati:
the government body that this government is
involved in, in a in a in a in a war. And you

Mauro Vignati:
provide a cyber threat, intelligence to this
to this state through a platform. This

Mauro Vignati:
platform could become NSA could because
again, depend from case to case could become

Mauro Vignati:
a military objective of an army to the
conflict. So this platform could be disrupted

Mauro Vignati:
by one of the other parties to the conflict.

And so this brings us also to the territory
consideration that we have seen for

civilians. So it depends from my perspective,
from international maritime law, there is no

difference if you are doing this from inside
a battlefield territory or outside. But there

are other body of law, like human rights law,
that are taking in consideration territorial

territorial consideration for for this. And
technology and cybersecurity companies could

also be considered as an organized armed
group. Again here exception and case by case.

But it is possible that the tech companies
that is providing a defensive capability or

even active defensive capability could be
considered as organized armed group by to one

of the army, one of the ambit of the

Mauro Vignati:
So these you can imagine the consequence of
being considered an organized group. These

Mauro Vignati:
bring us to the conclusion. So the first one
about the civilians. So I just put this point

Mauro Vignati:
civilian must be aware. So we’re not talking
anymore here on taking down a server of a

Mauro Vignati:
ransomware group or snitching to a C2 of a
state sponsor of an APT group.

Mauro Vignati:
So we are talking about participating in a
conflict. This is changing completely. The

Mauro Vignati:
situation where you are involved.

Mauro Vignati:
You have to be aware of what you’re doing
when you when you type on your keyboard and

Mauro Vignati:
be sure what you’re doing here, because you
can be attacked again with distinction in

Mauro Vignati:
case by case, but you can have a kinetic and
non-kinetic answer to what you’re doing.

The second conclusion is for the states. So
we stress the fact that the states have to

respect the principle of distinction between
civilians and combatants is very important

and is something that is is very worrisome
because we seen a fusion between the two

groups. And if you are really bringing
civilians into the battlefield, please

prioritize harmless form of civilian
involvement, like, I don’t know, rebuilding,

disrupt the connections or setting up servers
or whatever, not using civilians for the aim

of of of the war.

Mauro Vignati:
The third one is provide civilians the
information. So as soon as the state is

Mauro Vignati:
providing all the information to civilians
saying, hey, you can do this and that, if you

Mauro Vignati:
do the other, you take responsibility for
your act, At least the state. It could be

Mauro Vignati:
said that he provided all the information
useful for civilians to judge the situation.

Mauro Vignati:
Logically comply with their duties, so with
the natural and human rights law. So we said

Mauro Vignati:
before that we see a tension here between the
duty and the and what in reality is happening

Mauro Vignati:
and the obligation, of course, care.

We have talked before, so do not involve
civilians, had civilians against these

civilians of the battlefield and try to
reverse the civilian ization of the

battlefield. So this trend must be stopped
because we are seeing more and more tech

companies, more and more civilians into the
battlefield and latest for the companies. So

we think that companies need more awareness
in training in international humanitarian

law. So we had a discussion with several tech
companies and cybersecurity companies on this

topic and they open their eyes are where we
were not aware about this. So this is very

important that they start to have an
awareness in training and then prevent target

mistakes. So when you do offensive offensive
security or something like that, just be sure

if you shut down a command and control that
this command and control is a military

dedicated command and control is not a dual
use command and control that is used also for

civilian purposes and proactively inform as a
company what you are doing to avoid being


Mauro Vignati:
So if you are doing protection or whatever,
just let the world know what you’re doing

Mauro Vignati:
during the conflict. And you should also
develop compliance in your companies and say,

Mauro Vignati:
Hey, how are we doing the right? How are we
now shifting to be a participant in the right

Mauro Vignati:
to a conflict or not?

So you have to be aware what you are doing
during this period and then try to lobby to

assure that civilian data should be protected
as civilian asset. So till now, the civilian

data do not have the same level of protection
as a civilian asset. So we advocate of

considering civilian data protected as
civilian asset, because when you disrupt

civilian, you can cause a very harmful
situation for civilians.

And most important stuff, we discuss all this
the other day with an attack against a

satellite infrastructure, try to do
segmentation of of the asset that you are

providing to a government. So if a government
wants to have an asset from your company, try

to split between civilian body of the
government and military body of the

government so that when there is a war
exploding and someone is trying to attack

those assets, is going to focus on the
military. One Thank you. One take question.

Tomorrow. We have time for questions.
Quickly, quickly. Just get your hands.

Hi there. Thanks. Really enjoyed the talk.
Just one kind of question. It seemed like an

overarching theme in this is that there’s
sort of a dual use nature to all of this

stuff that the you know, like you said, like
a cloud provider could be supporting a

military, could also be supporting civilian
businesses. And from a defenders perspective,

you know, threats, although they can be
nation state, they can be non nation state,

whatever. You might just not care as a
defender and you just want to protect your

own system. So I guess because that
distinction is hard on both sides, I think.

Do you see any room or what specifically
would you see like on a maybe on a policy

side or regulatory framework side that could
help clarify that and help like deal with

these dual use technologies in a way that
helps distinguish civilian and military


Mauro Vignati:
I’m thinking about if you. Thank you for the
question and thinking about if you have a

Mauro Vignati:
contract with the government as from the
starting point, you have to define if there

Mauro Vignati:
is a military asset, is this a civilian
asset? So you have to be to be open with the

Mauro Vignati:
government and saying what the purpose of of
of our help here, what kind of infrastructure

Mauro Vignati:
are we securing? And then it’s up to you as a
company saying, I don’t want to protect a

Mauro Vignati:
military entity because in case of war, I’m
protecting something that can bring me to the

Mauro Vignati:
battlefield. So this is up to the company
having these these capability of distinguish

Mauro Vignati:
already from the beginning of of the contract
and being clear with the government what

Mauro Vignati:
they’re doing. One of the.

One of the issues that you kind of have to
deal with in both hot and cyber conflicts

might be mercenaries. So what are your
thoughts on kind of identifying private

companies who might be affiliated with

Mauro Vignati:
That’s a good question. I mean, I chair
international maritime law does not prohibit

Mauro Vignati:
the participation in war. So this is up to an
up to everybody to know if they want to

Mauro Vignati:
participate to a war. I mean, but that you
have behaving in a in a manner that you are

Mauro Vignati:
not entitled to war crimes.

Mauro Vignati:
But from this point of view, you have to be
aware of the fact that if you are a mercenary

Mauro Vignati:
participating to a conflict, you can be
attacked afterward from one of the parties of

Mauro Vignati:
the conflict, even in kinetic ways. So we’re
talking about a kinetic reaction to a cyber

Mauro Vignati:
operation. So this is up to everyone to do
this. We we try to get in touch with those

Mauro Vignati:
mercenaries, with the groups of people that
are cooperating with the one of the other

Mauro Vignati:
party. Try to explain them. What are the
dangers bind into this, to this situation?

Mauro Vignati:
Just that they know what they what they are
facing. Thank you.

Mauro Vignati:
Yeah. We take one last.

Not more. One more last one, quickly. Get.

We have this man from Geneva all the way
here. We have to make all the use of its time

as we can get.

Go ahead with digital warfare, everyone.

Or more and more people have equal access to
be a part of war.

They don’t have to be in a military base.
They don’t have to grow up and go to boot

camp. And I think as a people in general, we
have a desire to fight for something.

So you talk about trying to stop this, the
civilian ization of warfare, but I think it’s

the civilians that are that are wanting to be
a part of something. Could there be a benefit

to having the states provide a way for the
civilians to actively defend their country,

which might, you know, shoo them away from
trying to be offensive and potentially more

damaging? And if so, is that even something
that’s realistic or possible for states to

give their citizens a way to defend without
also creating a vulnerability for other

countries to come in and know what’s not
defended or what needs to be fixed?

Mauro Vignati:
Yeah, I mean, I think it’s a it’s a human
being reaction if you want to take part of

Mauro Vignati:
not from one of the parts of the conflict. I
mean you feel engaged in something. But then

Mauro Vignati:
the other side, what we what I’m showing here
is with the digitalization way easier to get

Mauro Vignati:
into so and this is the lack of cognitive
process. So when you think I’m going to

Mauro Vignati:
participate, just open the laptop and doing
something right will be different. If you

Mauro Vignati:
have to go physically in the battlefield and
taking a gun and participating. So this is

Mauro Vignati:
the the war that is reframing you for doing
this. That’s why this is the problem of

Mauro Vignati:
civilization. So we’re bringing more and more
civilians into the company because the easy

Mauro Vignati:
with digital means and we have to think about
is, okay, it’s easy, but the consequences are

Mauro Vignati:
exactly the same as participating physically
into conflict. That’s the main message of of

Mauro Vignati:
the talk today is that. Thank you very much,

Thank you.

Mario, thank you.

Sonix is the world’s most advanced automated transcription, translation, and subtitling platform. Fast, accurate, and affordable.

Automatically convert your mp4 files to text (txt file), Microsoft Word (docx file), and SubRip Subtitle (srt file) in minutes.

Sonix has many features that you’d love including automated subtitles, collaboration tools, secure transcription and file storage, share transcripts, and easily transcribe your Zoom meetings. Try Sonix for free today.

About the Presenter

Mauro Vignati currently holds the role of Advisor on Digital Technologies of Warfare for the International Committee of the Red Cross (ICRC). Having worked with the Swiss Federal Department of Defense, the National Cyber Security Centre (NCSC), and now the ICRC, Mauro brings nearly two decades’ worth of expertise on the prevention, identification, and analysis of advanced persistent threats (APTs), mainly from state-sponsored groups.

About LABScon

This presentation was featured live at LABScon 2022, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.