Promoting the Digital Emblem | IGF 2023 Open Forum #16

Report

During the discussion, concerns were raised about the offensive cyber capabilities that AI is reportedly enhancing. Automation and AI have increased the speed of cyber capabilities, leading to growing apprehension. The feasibility and effectiveness of the digital emblem solution were questioned, specifically regarding its ability to deal with the accelerated speed and wider reach of cyber capabilities.

Doubts were expressed regarding whether cyber capabilities would take the time to verify the authenticity of digital emblems.

The discussion emphasized the need for strong interest from states and sub-state organizations in the digital emblem solution. The successful implementation and socialization of the solution require a strong appetite among these entities.

Incentives were identified as necessary to encourage their engagement with the digital emblem solution. Additionally, the degree of interest among states and sub-state organizations was discussed, highlighting the importance of incentivizing their involvement.

The issue of incentivizing non-state actors and less organized groups to respect digital emblems was also raised.

There was an example of activists in Russia and Ukraine pledging to reduce the scale of their cyber operations, indicating some willingness to comply. However, motivating these actors to fully respect and adhere to digital emblems remains a challenge.

Attribution problems and issues with incentivizing state actors were discussed.

It was argued that problems with incentives and attribution could discourage state actors from respecting the digital emblem. This could potentially make emblem violations easier without clear attribution to a specific state.

The visibility of hospital targeting in the Asia-Pacific region was highlighted as evidence of the urgent need for the proposed emblem.

Hospitals in this region are targeted by nation-states on a daily basis, underscoring the necessity of finding a solution to prevent such attacks.

The discussion also touched upon the self-regulation within the criminal community. It was mentioned that the criminal community regulates itself against targeting perceived “soft targets.” This suggests that there may be a deterrent effect that discourages criminals from attacking certain entities.

Finally, the potential role of Internet Service Providers (ISPs) in validating adherence to the digital emblem was suggested.

ISPs possess the ability to identify operational nation-states and their infrastructure, which could provide insights into whether the emblem rules are being followed.

Overall, the discussions highlighted various challenges and concerns related to offensive cyber capabilities, the feasibility of the digital emblem solution, and the imperative of strong engagement from different actors.

The importance of incentivizing compliance and addressing attribution issues was emphasized. The visibility of hospital targeting and the potential role of ISPs were also significant points of discussion.

Report

The ADEM (Authentic Digital Emblem) system, developed by Felix Linker and his team, is a technological solution designed to address the need for verifiable authenticity and accountability in the digital landscape. It was developed in response to a request from the International Committee of the Red Cross (ICRC) for a digital emblem.

The purpose of ADEM is to provide a reliable and tamper-proof method of identification and endorsement for protected parties.

ADEM is designed to be a plug-in to the infrastructure of protected parties, such as the ICRC, allowing for the autonomous distribution of emblems.

Prototyping is ongoing with the ICRC, and plans are in place to deploy ADEM within their network. This move is seen as a positive step towards enhancing cybersecurity and supporting the mission of protected parties.

One key aspect highlighted in the discussions is the role of nation-states in endorsing protected parties.

ADEM allows nation-states to make sovereign decisions regarding the endorsement of protected parties, and emblems will be accompanied by multiple endorsements from nation-states. This approach empowers nation-states to exercise control and support protected missions according to their individual preferences and policies.

It is considered a positive development in promoting digital sovereignty and aligning with the goals of SDG 16 (Peace and Justice) and SDG 9 (Industry, Innovation, and Infrastructure).

However, challenges arise when it comes to verifying endorsement requests. Felix Linker raises concerns about technical organizations that control parts of the internet naming system, such as ICANN.

He believes that these organizations may struggle to authenticate requests for endorsement due to their technical nature. This argument carries a negative sentiment as it highlights a potential limitation in the current system.

In light of these challenges, Felix suggests that endorsement of protected parties could be undertaken by nation-states, supranational organizations, or entities with relevant experience and knowledge in the field, such as the ICRC.

He emphasizes the importance of not burdening technical organizations with additional responsibilities that may not align with their expertise. This perspective is seen as positive as it suggests a more suitable and effective approach to securing endorsements for protected missions.

ADEM consists of two main components.

The first component focuses on protecting entities identified using IP addresses and domain names. This aspect of ADEM aims to provide security and authenticity at the network level. The second component involves granting emblems through mechanisms such as TLS, UDP, and DNS.

These mechanisms serve as a means to validate and authenticate the emblems, ensuring their authenticity and reliability. This dual aspect of ADEM showcases its comprehensive approach to safeguarding the integrity and authenticity of protected parties.

Felix’s team is also working on the development of local emblems, which aim to protect against threats at the device level.

By addressing vulnerabilities such as malicious email attachments and network penetrations, this extension of ADEM provides an extra layer of security and ensures a holistic approach to safeguarding digital assets and missions.

Moreover, the discussions highlight the benefits of emblems in monitoring and reducing cyber attacks.

Emblems serve as a mechanism for verifying the authenticity and legitimacy of actors engaging in cyber activities. By recognizing and respecting emblems, actors can be monitored more effectively to prevent and mitigate potential cyber threats. This observation carries a neutral sentiment as it reflects the potential of emblems in enhancing cybersecurity efforts.

Lastly, the proposition of Internet Service Providers (ISPs) taking on the responsibility of monitoring emblem distribution is viewed positively.

Felix suggests that ISPs could play a crucial role in regularly checking whether emblems are being sent out as intended. This proposed role for ISPs aligns with SDG 16 and SDG 9 and potentially enhances the effectiveness of emblem distribution and validation.

In conclusion, the development of the ADEM system presents a promising solution for achieving authenticity and accountability in the digital realm.

By allowing the autonomous distribution of emblems within the infrastructure of protected parties, ADEM promotes enhanced cybersecurity and supports protected missions. The involvement of nation-states and the consideration of various endorsement mechanisms further strengthen the system’s reliability and effectiveness.

However, challenges exist in verifying endorsement requests, particularly concerning technical organizations’ ability to authenticate requests. The development of local emblems and the potential role of ISPs in monitoring emblem distribution offer additional layers of protection and monitoring. Overall, ADEM holds great potential for advancing digital security, ensuring authenticity, and supporting the goals of SDG 16 and SDG 9.

Report

The Cyber Peace Institute was established with the goal of mitigating the adverse effects of cyber attacks on people’s lives worldwide. It plays a crucial role in aiding vulnerable communities to stay safe in cyberspace, conducting investigations and analysis on cyber attacks, advocating for improved cybersecurity standards and regulations, and addressing emerging technological challenges.

The healthcare sector is identified as a particularly vulnerable sector to cyber attacks, which often lead to the loss of data and disruption of services. The Cyber Peace Institute has a platform that documents cyber attacks on the health sector, highlighting the breach of over 21 million patient records and significant disruption to healthcare services.

This demonstrates the urgent need for improved cybersecurity measures within the healthcare industry.

Cyber attacks during armed conflicts have a significant human impact as they threaten crucial services and spread disinformation. The borderless nature of cyberspace allows cyber operations to extend beyond belligerent countries, hitting critical infrastructures in third countries.

This highlights the need for increased international cooperation and measures to protect critical services during armed conflicts.

Risks in the medical and humanitarian sectors include the increasing accessibility of sophisticated malware and ready-to-use cyber tools, as well as the blurring line between state and non-state actors.

This presents a challenge as it lowers the barriers to entry for malicious actors and makes it difficult to attribute attacks to a specific entity. Thus, it is essential to develop strategies to effectively address these risks and protect vital infrastructures.

Education is identified as a vital component in understanding the importance of protecting healthcare and humanitarian organizations from cyber attacks.

By educating different stakeholders, including professionals and the general public, they can better comprehend the potential consequences of not safeguarding these crucial infrastructures.

Francesca Bosco, an advocate in the field, emphasizes the need for analyzing the human impact of cyber attacks and the long-term consequences in order to underline the importance of protecting vital infrastructures.

Efforts are being made to standardize a methodology to measure the societal harm from cyber attacks. The aim is to monitor responsible behavior in cyberspace and assess the societal costs of not adequately protecting vital infrastructure.

Basic cyber hygiene activities and information sharing are identified as critical elements in mitigating cyber attacks and improving cybersecurity.

It has been found that 99% of cyber attacks can be stopped by implementing basic cyber hygiene practices. Additionally, full cooperation in terms of information sharing is needed to effectively trace and address cyber incidents, as seen in the case of the healthcare sector.

Civil society organizations are recognized for their close proximity to the people impacted by cyber attacks and their firsthand experiences.

These organizations can play active roles in advancing knowledge and efforts in mitigating cyber attacks, working in collaboration with other stakeholders to address the challenges posed by cyber threats.

Sharing defense resources and enhancing cyber capacity building are recommended as important measures for protecting critical infrastructure.

This can be achieved through initiatives such as the Global Cyber Capacity Building Conference, which focuses on the protection of critical infrastructure from cyber attacks.

In conclusion, the Cyber Peace Institute is at the forefront of efforts to mitigate the harmful effects of cyber attacks globally.

Through its various activities, such as aiding vulnerable communities, investigating cyber attacks, advocating for better cybersecurity standards, and addressing emerging technological challenges, the Institute works to protect vital infrastructures, such as healthcare and humanitarian organizations. It is evident that education, cooperation, and capacity building are essential elements in effectively addressing cyber threats and safeguarding critical services.

By understanding the human impact and long-term consequences of cyber attacks, there is a growing recognition of the need to protect vital infrastructure and develop strategies to mitigate cyber risks.

Report

According to a report by the IISS, several Asian countries, including China, Australia, India, Indonesia, Iran, North Korea, and Vietnam, are significantly increasing their cybersecurity capabilities. This development has raised concerns about the escalation of cybersecurity capabilities in Asia.

Ransomware attacks have been on the rise, with damages increasing, and many of these attacks being driven by commercial profit.

Over the past year, there have been successful breaches of critical infrastructure, such as hospitals. This highlights the vulnerability of essential services to cyber threats.

Japan, traditionally known for refraining from cyber offense due to its peace constitution, has changed its stance on cyber offense in light of national security concerns.

This shift in policy indicates that Japan is recognising the need to enhance its cybersecurity capabilities.

To combat cybercriminal activities, the application of guidelines or emblems is suggested as a method to pressure criminal groups regarding their operations.

Such guidelines can establish a framework for acceptable behaviour, discouraging criminal activities in cyberspace.

Koichiro Komiyama, a prominent individual in the field, has expressed concerns about cybersecurity threats specifically targeting hospital and medical systems. He emphasises the need for proactive measures to safeguard vital systems against evolving cyber threats.

Moreover, the implementation of local environment concepts for critical systems is considered crucial.

Critical systems, whose offline or disconnected nature makes them less vulnerable to cyber attacks, do not use global IP address spaces or associate with any domain name. Implementing these concepts enhances the security of such systems.

Overall, the increasing cybersecurity capabilities of several Asian countries, coupled with the rise in ransomware attacks and successful breaches of critical infrastructure, highlight the urgent need for robust cybersecurity measures.

It is essential to address cybersecurity threats to hospital and medical systems. Furthermore, the adoption of local environment concepts can enhance the security of critical systems.

Report

The International Committee of the Red Cross (ICRC) considers the digitalization of the emblem to be crucial and necessary. The digital emblem is used to identify medical personnel, units, and organizations, providing a means of recognition during armed conflicts. The ICRC argues for flexibility in the usage of the digital emblem, limiting its use to selected entities solely during times of armed conflict.

Initiated in response to the need for increased protection during armed conflicts and the COVID-19 pandemic, the ICRC began researching the digitalization of emblems.

The digital emblem aims to provide security for medical facilities and Red Cross organizations.

Several technical requirements have been defined to ensure the effectiveness of the digital emblem. Ease of deployment, compatibility with different devices, and the ability to verify authenticity are among the key considerations.

It is essential that the emblem can be utilized by both state and non-state actors.

Despite the benefits of the digital emblem, there are various challenges associated with its implementation. Such challenges include the lack of separate internet infrastructure for armed forces and civilians, difficulties in modifying medical devices, and the complex nature of the internet environment.

To develop the digital emblem, the ICRC consulted with 44 experts, initiating the project in 2020.

This endeavor holds promise in reducing misuse through technological advancements. However, it is important to note that the authority to authorize the emblem’s use in physical space lies with the state, as stipulated by the Geneva Convention.

Both state and non-state actors are expected to comply with the conventions, including the digital emblem.

The Red Cross actively appeals to non-state actors to adhere to International Humanitarian Law (IHL), as violation of IHL could be deemed a war crime.

In conclusion, the digitalization of the emblem is deemed vital in order to enhance protection in both physical and digital realms.

The objective is to educate non-state actors on the significance of respecting IHL and the emblem to ensure the safeguarding of humanitarian efforts. Nevertheless, it is imperative to further assess the challenges and potential risks associated with the digital emblem.

Report

The digital emblem is an innovation in humanitarian protection aimed at extending protections into the digital realm. Its purpose is to safeguard medical and humanitarian entities from cyber operations. This concept acknowledges the evolving nature of warfare and conflict, where cyber operations play an increasingly impactful role.

By implementing the digital emblem, these entities can continue their work without fear of cyber operations.

Furthermore, the digital emblem represents a collective commitment to protecting the vulnerable from cyber threats. It highlights the intersection of technology, cybersecurity, and humanitarian protection, emphasizing the need for collaboration and advanced measures to ensure a secure digital future.

This collective commitment signifies the importance of addressing cyber threats within the broader context of humanitarian efforts.

Applying multi-factor authentication and zero-trust principles can significantly enhance cybersecurity. Studies have shown that 99% of cyber-attacks can be prevented by adopting basic cybersecurity practices, including these two measures.

By implementing multi-factor authentication, which requires multiple forms of verification for access, and following the zero-trust approach, which assumes no trust by default and verifies every action, organizations can greatly increase their cybersecurity resilience.

Keeping systems updated and employing data protection measures through encryption are also essential in minimizing the risks posed by cyber attacks.

By ensuring that software and patches are up to date, organizations can protect themselves from known vulnerabilities. Additionally, encryption provides an added layer of security by securing sensitive data and making it unreadable to unauthorized parties.

To bolster cybersecurity efforts, it is encouraged for tech and telecommunications companies to join initiatives such as the Cyber Security Tech Accord and the Paris Call for Trust and Security in Cyberspace.

The Cyber Security Tech Accord is a coalition of approximately 150 members committed to best practices and principles of responsible behavior in cyberspace. The Paris Call for Trust and Security in Cyberspace is the largest multi-stakeholder initiative aimed at advancing cyber resilience.

By becoming part of these initiatives, companies can contribute to collective efforts in maintaining a secure cyber environment.

Engaging with the Cyber Peace Institute can also aid in improving cybersecurity. The Cyber Peace Institute focuses on promoting norms and advocating for responsible behavior in cyberspace.

Collaborating with this institute can provide valuable insights and resources to enhance cybersecurity practices.

In the context of protecting medical facilities and humanitarian organizations, a multidimensional approach is required. This includes implementing technical solutions, fostering collaboration among various stakeholders, conducting research, and advocating for enhanced protection.

The challenges and potential solutions in safeguarding these facilities and organizations were discussed, emphasizing the importance of research and advocacy in the process.

The significance of audience engagement and the contributions of the speakers were acknowledged in supporting the protection of medical facilities and humanitarian organizations.

These discussions underline the critical importance of ensuring the safety of these entities, as the consequences of attacks can be just as devastating as physical assaults.

Overall, the digital emblem represents a critical innovation in humanitarian protection, offering safeguards against cyber operations for medical and humanitarian entities.

By promoting the intersection of technology, cybersecurity, and humanitarian protection, advocating for best practices and responsible behavior, and implementing advanced cybersecurity measures, organizations can enhance their resilience against cyber threats. Collaboration, research, and advocacy are also essential in protecting medical facilities and humanitarian organizations.

By joining together and adopting comprehensive strategies, we can create a more secure and resilient digital space.

Report

Tony highlights the necessity of a digital emblem in order to uphold International Humanitarian Law. This emblem should protect the end system data, its processing, and the communications involved. Moreover, it should be visible to those individuals who are committed to complying with international humanitarian law.

Significantly, the digital emblem should not burden the operations of humanitarian organizations.

Tony suggests implementing the digital emblem by leveraging existing Internet infrastructure and technology. The internet has the capability to employ cryptographic methods to safeguard fundamental data.

Critical data, such as naming and addressing required to operate the internet, can be protected through technology that is already established.

To implement the digital emblem, Tony proposes an implementation approach using secure DNS and secure routing. This approach involves inserting a special text record within the DNS record, which is signed by a trusted entity to validate the emblem.

Additionally, visible blocks of address can be segregated to accommodate humanitarian traffic flows.

International cooperation is crucial for the successful implementation of the digital emblem. Nation-states have the responsibility to regulate the use of the emblem, and working through existing organizations like the ICRC can facilitate the process.

Tony argues that regional internet registries should take on more responsibility for verifying the authenticity of humanitarian missions, rather than relying solely on ICANN.

This is particularly important because regional internet registries are better equipped to verify humanitarian organizations compared to ICANN, particularly in countries where there is a close coupling between the internet operator and the state, such as Egypt and China.

Coupling the verification of the humanitarian emblems with the operations of the internet can make the system more scalable.

Tony suggests using DNS to propagate the emblem, rather than verify it, to make the process manageable. This can be achieved by having a local ISP or an organization like the American Red Cross sign the digital record within the DNS record.

The control of internet operations by the state is not universally applicable, and it varies among countries.

In the United States, the government has little involvement in how names and numbers are allocated, whereas in countries like Egypt and China, the internet operator and the state have a close coupling.

There is a concern about the risk of unintended consequences and disruptions to humanitarian missions resulting from cyber attacks.

Unintended denial of service attacks can occur if focus is only placed on the attacked entity, and nation-state attacks often focus on the infrastructure rather than individual users.

Protective measures should rely on internet infrastructure for third-party queries, instead of solely relying on potentially attacked endpoints.

This proposed solution aims to mitigate the risks of cyber attacks by utilizing the infrastructure of the internet for third-party queries.

While basic cyber hygiene is essential, it is not a complete solution to cyber attacks. Existing technology can mitigate many damaging attacks, but sophisticated adversaries and high-value targets require more comprehensive defense strategies.

To address this, authorities, whether legal or ethical, should promote and normalize cyber hygiene practices.

Transparency and collective action can help expose and deter malicious activity. Initiatives tied to scalable internet infrastructure can be repurposed for monitoring and responding to digital threats.

Adversarial activities against sensitive institutions like hospitals and public utilities should be observable and provokable.

The current mechanisms and applications for protecting humanitarian operations in conflict zones should be expanded to other environments, even in peacetime. Ransomware attacks on peacetime institutions, such as hospitals, pose significant threats that current cybersecurity measures may not adequately address.

Implementing existing security mechanisms sector by sector is challenging and impractical.

In conclusion, Tony emphasises the need for a digital emblem to respect International Humanitarian Law. Implementing this emblem by leveraging existing Internet infrastructure and technology, using secure DNS and secure routing, and ensuring international cooperation are vital for its success.

Regional internet registries should play a larger role in verifying humanitarian missions, and coupling the verification process with internet operations can make the system more scalable. Cyberattacks pose a risk to humanitarian missions, and protective measures should rely on internet infrastructure.

While basic cyber hygiene is important, more comprehensive defense strategies are needed for sophisticated adversaries. Transparency and collective action can help deter malicious activity, and mechanisms for protecting humanitarian operations should be expanded to other environments.