Until now, the cyber capabilities of a State have been primarily assessed on a technical and tactical perspective: the coordination of APT teams, the quality of malware, and the sophistication of exploits, to give some examples. However, describing such cyber operations is no longer sufficient to understand the capabilities that States deploy in the digital sphere during armed conflicts.
Cyber activities are part of a broader context, the digital one. Armies in conflict are increasingly digitized as are the involved populations. States may encourage civilians to engage in offensive cyber operations against targets associated with the enemy or encourage users to contribute to the military effort.
In this presentation, One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?, the ICRC’s Mauro Vignati discusses how technology has completely transformed the way civilians live through armed conflicts.
In recent conflicts, smartphones and apps especially have become weaponized, slowly removing traditional barriers that divide the roles of civilians and combatants. Mauro breaks down the dangers and consequences of this paradigm shift and discusses what states and private organizations can do to stop technological weaponization from harming civilians caught in wartime.
One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?: Audio automatically transcribed by Sonix
One Click from Conflict: Are Digital Technologies Eroding the Principle of Distinction in War?: this mp4 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Hi everyone. Thank you for having. Oh.
ICRC today, International Red Cross. So just
look at who knows, who knows what we do and
who we are. Just raise your hand. Okay.
So just to refresh the memory. So we are an
international organization, a humanitarian
organization. We are based in Geneva,
Switzerland. So our mandate is to provide
humanitarian help and help victims of armed
conflict in relief operations. And when there
is a need.
So and you start to think about why we are
here, right? What is doing humanitarian
organization here? So it’s because we are
seeing with the digitalization of societies
there is an increase, a transformation of how
the wars are fought. So states are adding
more and more digital means and methods to
their arsenal. And one of the worst trends we
are seeing nowadays is that digital
technologies are bringing civilians and
private sector technology companies into the
battlefield. So when I talk about private
companies, I mean cybersecurity companies,
technology companies that are bringing into
the battlefield. So one of the most important
principles in ICRC is international
humanitarian law. This is a body of law. And
one of the most important principles in this
law is that we define two main groups of
individuals and objects.
So the first one is the combatants, and the
military objectives and the competence are
the people that are fighting on behalf of an
army. And the second group are the civilians
and then civilians objects.
And they should refrain from the resource.
They should refrain to a combat to go in the
battlefield, and thus they should be
protected against the arms and dangers that
the war is producing.
So this is the principle of distinction. So
we have to distinguish between who is
fighting the war and the rest of the
So and this shift in the digital
technologies, so is bringing us to a to a
qualitative aspect, 1 to 1 qualitative
aspect, one quantitative one. So from the
qualitative perspective, so the
digitalization of societies is bringing some
some effect. One of them is that this
lowering the threshold of entering the
battlefield. So with some exaggeration, we
can say that everyone with a smartphone
nowadays can join the battlefield and do
something for an army to a conflict. And the
other perspective is that is also modifying
completely, modifying the sense of remoteness
that we have. So we can sit in our couch and
we can participate to to the battlefield on
the other side of of the planet. And from a
quantitative perspective is that the states
can scale up a massive amount of civilians to
do what they need to do, like hundreds of
thousands of civilians regrouping them in
hours, in days to be able to fight for them.
And another perspective is the expansion of
the attack surface. So the same smartphone
that they can use to attack could be also a
victim of of of an attack.
So it’s not just the smartphone, laptop,
computer server, whatever. So the attack
surface is way bigger than what we have in
the physical world. So this brings us to the
civilization. So we call the civilization of
the battlefield. So based on that, let’s have
a couple of scenarios to better explain the
situation and the challenges we are facing
So the first scenario is about states that
may encourage civilians to engage in
offensive cyber operations against targets
associated with the enemy. So it’s the states
that is asking its own civilians to
participate to a conflict in the digital
battlefield. So this has multiple advantages
for a state so individual can be easily
mobilized and coordinated. So as I said
before, you can put together hundreds of
thousands of people to fight in your name and
you can federate all already existing
activists that they can be deployed for, for
your purpose and all those characteristics
that bring us to this lower cost for entering
the battlefield and for the states to fight
in the battlefield because they can use the
civilians to do this work. So this is the
first scenario we are talking about. The
second scenario is
that the states may repurpose existing
e-government apps or create new ones that
will be used for the battlefield.
So here we are talking. In about two states
that are provide an app that you can use to,
for instance, take a picture of a tank of the
enemy and then send them back to a to the to
the army, to the Central Command and control
and be used for the effort on the on the
kinetic side. So this has multiple advantages
from the state’s perspective because you are
tapping into an existing community of digital
So can you imagine if you if you have a new
government app that is being used by three or
four or 5 million of people that some point,
you transform, you enhance this application
providing new methods in the application, and
then you provide these applications, this new
version of applications to already three or
four or five million people that are already
using these applications. So they are tapping
into this kind of situation. So this means
that you don’t need any training for the
people that are using the application because
they are already used using these
applications. So it’s everything. We open
download, take a picture, and send the
picture. This is a normal gesture we do
daily, so no training is required. This also
means that there is no latency. You don’t
have to train military people on the ground.
You just have civilians in the in the digital
battlefield that can adapt and use this
application in a very quick way.
And this means that the civilians are
becoming sensor sensors to the army, not just
for intelligence purposes, but for any other
kind of activity that the state would like to
start in in the digital battlefield. This
brings us to a third scenario where we have
the presence of technology companies, and
cybersecurity companies. And so, generally
speaking, private companies are jumping into
the digital battlefield.
So as you may know, I mean, the majority of
the networks are owned or managed by private
companies and they are also managing asset
that our military asset, not only civilian
assets. So when war start those companies,
they are inside the battlefield because they
are already providing support or they are
managing the networks of those governmental
bodies. So this may bring us to the
characteristic of that. Those companies are
defending against deliberate cyber attacks.
If you are already providing this kind of
situation to a to governmental bodies, you
find yourself in in defending against
deliberate cyber attacks and you share threat
intelligence with government bodies, with
states that are at the moment in war. So
those are the three scenarios of how
civilians and and private companies are
involved in the battlefield. And these are,
first a first batch of consideration about
the situation that we are expecting we are
seeing since the moment. So apt so state
sponsored cyber attack is not the only way to
assess no more, the only way to assess state
capabilities in the digital sphere.
So we have a lot of more digital means and
method that has to be integrated when we do
an analysis of the capacity of a state in
these in this sector. The second one is that
the private company of civilians are now
playing a preponderant role in the conflict.
What I mean with this is that when an army is
losing visibility or capability on the on the
on the battle ground, they can use civilians
to regain this visibility, this capability,
and even surpass the capability of a state in
the battlefield. So the consideration is that
we are assisting a civilization of the
battlefield that is is is a trend since the
And this is a worrisome trend because we are
bringing civilians into the battlefield. So a
second a second package of of considerations
that we still lack this cognitive process. So
what does it mean? It means that we are far
from from the battlefield, but at the same
time, we are in the battlefield using digital
means. So this is a distance between what we
are leaving and what we are doing. So these
kinds of process is something that we are
still lacking nowadays, even after 30, 40
years, that we are using it and still lacking
of cognitive process. And this brings us to
the perception of anonymity where we are
running a DDoS attack using a VPN, we think
to be anonymous from our couch or we do this
So this is perpetrating the anonymity and
with this also the sense of impunity. We
think nobody will find me because I’m using
all the security measures that I can put in
place to not be seen.
So another is the performative nudging of the
state. What does it mean? Does it mean that
the the state, when is there enhancing and
modifying application? Is proportionately to
be gentle, pushing the civilians to adopt
this application that is already on their
phone to use this application for for war
reason so and these performative because as
soon as these new capacity is is put in in a
new application and push on the store and
then push on the phones is use very quick.
So this is performative so the speed of
integration we already said so this very fast
how to integrate civilians into the
battlefield. And then we have the involvement
of private companies that are doing the
normal business in peaceful time, that at
some point they find themselves into the
battlefield. And the third group of
consideration is are civilians and private
companies directly participating in
hostilities? So this is the most important
part are people that are doing this kind of
business, participating in hostilities. So we
see three communities characteristic to be
declared as participating in the cities.
So this is just a way to explain you how it
is. I am not saying that one scenario or the
other is direct participating in stating the
three scenarios that were seen before. We can
say that depending from case to case could be
considered as participating in hostilities.
But normally we should look at these three
So one is the threshold of harm. So it means
that if you run, if you do this act, you
provide a you have an impact on the military
operation of a party to the conflict. So
there is a real impact of what you are doing.
The second one is the belligerent nexus is
knowing that if you have designed the act to
be to reach the threshold of harm.
So if there is a desire of designing this,
this act for providing this harm, and the
second the third one is that the direct
causation I mean, if we can know that from
the act that you are doing the the harm is
provided by your intervention.
So those are the three characteristics. So if
you are if you have this three characteristic
in the act that you are performing, you
probably participating in in a armed
conflict. So there are other characteristics
that we have to look at before saying that.
One of the other scenario is direct
participation in your city. What we are
saying is the temporary consideration for
So it does mean that so in our perspective,
ICRC perspective, if a civilian is opening an
application and taking a picture or doing a
DDOS attack and then closing the application,
only during that time a civilian could be and
say could be considering as participating in
hostilities as soon as you closed the
application is not is not more considered as
participating in stating some critics of our
will saying that this is too easy for
civilians to go in the battlefield and go out
from the battlefield. So a kind of a
revolving door, but again, case by case.
And then there is the territorial
consideration. Are you performing your act
from inside the battleground or from outside?
So are you doing this stuff from outside the
battlefield? So these are all the different
perspective that we’re going to check. After
all, what are the consequences of everything
here? So the first consequence, if you are so
directly participating, is that you are not
entitled to have the prisoner of war status
if you don’t have this title because you are
a civilian participating in hostilities. You
may lose immunity from domestic prosecution.
And I explain myself. So let’s imagine you
are attacking country with your means and at
some point the war is over and then some
years later you want to travel for for
vacation to this country. You could be
prosecuted in this country because you
participated in hostilities and then you have
no immunity for that.
So this means also that you lose protection
from attacks. And when we talk about attacks,
we is not just cyber attack, but also
physical attack. So someone that is
participating in society could lose the
protection from being attacked, although on a
physical on a physical way. So the
consequences for the states so states have
mandatory it’s mandatory for the state to
verify if one person that is participating to
a soldier is a combatant, is a civilian.
So distinguish what we said before, the the
principle of distinction for for the for the
states. The second one is the obligation of
cost and care. So this means that the states
have the obligation to help civilians to to
provide precaution to the civilians. But this
is absolutely in tension with the fact that
that states are nudging or pushing civilians
into the battlefield, how you can nudge and
push civilians on the battlefield. And the
same time, be sure to to provide cost and
care to the civilian.
The third one is that states have to respect
international humanitarian law. And the
reason are the law international human rights
law. So the right to life and such, such a
body of law that is fundamental. Also when we
talk about the territoriality of of the
battlefield. And so another consequence is
this time for the private companies is that
as the civilian is the possible loss of
protection from being attacked.
So even tech companies that are involved in
the battlefield, they could face this
situation if they are engaging in DPH for one
of the other party to the conflict.
And one very interesting point is that tech
and cybersecurity company property may become
a military objective. So let’s imagine you
have a platform for sharing intelligence with
the government body that this government is
involved in, in a in a in a in a war. And you
provide a cyber threat, intelligence to this
to this state through a platform. This
platform could become NSA could because
again, depend from case to case could become
a military objective of an army to the
conflict. So this platform could be disrupted
by one of the other parties to the conflict.
And so this brings us also to the territory
consideration that we have seen for
civilians. So it depends from my perspective,
from international maritime law, there is no
difference if you are doing this from inside
a battlefield territory or outside. But there
are other body of law, like human rights law,
that are taking in consideration territorial
territorial consideration for for this. And
technology and cybersecurity companies could
also be considered as an organized armed
group. Again here exception and case by case.
But it is possible that the tech companies
that is providing a defensive capability or
even active defensive capability could be
considered as organized armed group by to one
of the army, one of the ambit of the
So these you can imagine the consequence of
being considered an organized group. These
bring us to the conclusion. So the first one
about the civilians. So I just put this point
civilian must be aware. So we’re not talking
anymore here on taking down a server of a
ransomware group or snitching to a C2 of a
state sponsor of an APT group.
So we are talking about participating in a
conflict. This is changing completely. The
situation where you are involved.
You have to be aware of what you’re doing
when you when you type on your keyboard and
be sure what you’re doing here, because you
can be attacked again with distinction in
case by case, but you can have a kinetic and
non-kinetic answer to what you’re doing.
The second conclusion is for the states. So
we stress the fact that the states have to
respect the principle of distinction between
civilians and combatants is very important
and is something that is is very worrisome
because we seen a fusion between the two
groups. And if you are really bringing
civilians into the battlefield, please
prioritize harmless form of civilian
involvement, like, I don’t know, rebuilding,
disrupt the connections or setting up servers
or whatever, not using civilians for the aim
of of of the war.
The third one is provide civilians the
information. So as soon as the state is
providing all the information to civilians
saying, hey, you can do this and that, if you
do the other, you take responsibility for
your act, At least the state. It could be
said that he provided all the information
useful for civilians to judge the situation.
Logically comply with their duties, so with
the natural and human rights law. So we said
before that we see a tension here between the
duty and the and what in reality is happening
and the obligation, of course, care.
We have talked before, so do not involve
civilians, had civilians against these
civilians of the battlefield and try to
reverse the civilian ization of the
battlefield. So this trend must be stopped
because we are seeing more and more tech
companies, more and more civilians into the
battlefield and latest for the companies. So
we think that companies need more awareness
in training in international humanitarian
law. So we had a discussion with several tech
companies and cybersecurity companies on this
topic and they open their eyes are where we
were not aware about this. So this is very
important that they start to have an
awareness in training and then prevent target
mistakes. So when you do offensive offensive
security or something like that, just be sure
if you shut down a command and control that
this command and control is a military
dedicated command and control is not a dual
use command and control that is used also for
civilian purposes and proactively inform as a
company what you are doing to avoid being
So if you are doing protection or whatever,
just let the world know what you’re doing
during the conflict. And you should also
develop compliance in your companies and say,
Hey, how are we doing the right? How are we
now shifting to be a participant in the right
to a conflict or not?
So you have to be aware what you are doing
during this period and then try to lobby to
assure that civilian data should be protected
as civilian asset. So till now, the civilian
data do not have the same level of protection
as a civilian asset. So we advocate of
considering civilian data protected as
civilian asset, because when you disrupt
civilian, you can cause a very harmful
situation for civilians.
And most important stuff, we discuss all this
the other day with an attack against a
satellite infrastructure, try to do
segmentation of of the asset that you are
providing to a government. So if a government
wants to have an asset from your company, try
to split between civilian body of the
government and military body of the
government so that when there is a war
exploding and someone is trying to attack
those assets, is going to focus on the
military. One Thank you. One take question.
Tomorrow. We have time for questions.
Quickly, quickly. Just get your hands.
Hi there. Thanks. Really enjoyed the talk.
Just one kind of question. It seemed like an
overarching theme in this is that there’s
sort of a dual use nature to all of this
stuff that the you know, like you said, like
a cloud provider could be supporting a
military, could also be supporting civilian
businesses. And from a defenders perspective,
you know, threats, although they can be
nation state, they can be non nation state,
whatever. You might just not care as a
defender and you just want to protect your
own system. So I guess because that
distinction is hard on both sides, I think.
Do you see any room or what specifically
would you see like on a maybe on a policy
side or regulatory framework side that could
help clarify that and help like deal with
these dual use technologies in a way that
helps distinguish civilian and military
I’m thinking about if you. Thank you for the
question and thinking about if you have a
contract with the government as from the
starting point, you have to define if there
is a military asset, is this a civilian
asset? So you have to be to be open with the
government and saying what the purpose of of
of our help here, what kind of infrastructure
are we securing? And then it’s up to you as a
company saying, I don’t want to protect a
military entity because in case of war, I’m
protecting something that can bring me to the
battlefield. So this is up to the company
having these these capability of distinguish
already from the beginning of of the contract
and being clear with the government what
they’re doing. One of the.
One of the issues that you kind of have to
deal with in both hot and cyber conflicts
might be mercenaries. So what are your
thoughts on kind of identifying private
companies who might be affiliated with
That’s a good question. I mean, I chair
international maritime law does not prohibit
the participation in war. So this is up to an
up to everybody to know if they want to
participate to a war. I mean, but that you
have behaving in a in a manner that you are
not entitled to war crimes.
But from this point of view, you have to be
aware of the fact that if you are a mercenary
participating to a conflict, you can be
attacked afterward from one of the parties of
the conflict, even in kinetic ways. So we’re
talking about a kinetic reaction to a cyber
operation. So this is up to everyone to do
this. We we try to get in touch with those
mercenaries, with the groups of people that
are cooperating with the one of the other
party. Try to explain them. What are the
dangers bind into this, to this situation?
Just that they know what they what they are
facing. Thank you.
Yeah. We take one last.
Not more. One more last one, quickly. Get.
We have this man from Geneva all the way
here. We have to make all the use of its time
as we can get.
Go ahead with digital warfare, everyone.
Or more and more people have equal access to
be a part of war.
They don’t have to be in a military base.
They don’t have to grow up and go to boot
camp. And I think as a people in general, we
have a desire to fight for something.
So you talk about trying to stop this, the
civilian ization of warfare, but I think it’s
the civilians that are that are wanting to be
a part of something. Could there be a benefit
to having the states provide a way for the
civilians to actively defend their country,
which might, you know, shoo them away from
trying to be offensive and potentially more
damaging? And if so, is that even something
that’s realistic or possible for states to
give their citizens a way to defend without
also creating a vulnerability for other
countries to come in and know what’s not
defended or what needs to be fixed?
Yeah, I mean, I think it’s a it’s a human
being reaction if you want to take part of
not from one of the parts of the conflict. I
mean you feel engaged in something. But then
the other side, what we what I’m showing here
is with the digitalization way easier to get
into so and this is the lack of cognitive
process. So when you think I’m going to
participate, just open the laptop and doing
something right will be different. If you
have to go physically in the battlefield and
taking a gun and participating. So this is
the the war that is reframing you for doing
this. That’s why this is the problem of
civilization. So we’re bringing more and more
civilians into the company because the easy
with digital means and we have to think about
is, okay, it’s easy, but the consequences are
exactly the same as participating physically
into conflict. That’s the main message of of
the talk today is that. Thank you very much,
Mario, thank you.
Sonix is the world’s most advanced automated transcription, translation, and subtitling platform. Fast, accurate, and affordable.
Automatically convert your mp4 files to text (txt file), Microsoft Word (docx file), and SubRip Subtitle (srt file) in minutes.
Sonix has many features that you’d love including automated subtitles, collaboration tools, secure transcription and file storage, share transcripts, and easily transcribe your Zoom meetings. Try Sonix for free today.
About the Presenter
Mauro Vignati currently holds the role of Advisor on Digital Technologies of Warfare for the International Committee of the Red Cross (ICRC). Having worked with the Swiss Federal Department of Defense, the National Cyber Security Centre (NCSC), and now the ICRC, Mauro brings nearly two decades’ worth of expertise on the prevention, identification, and analysis of advanced persistent threats (APTs), mainly from state-sponsored groups.
This presentation was featured live at LABScon 2022, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.