Promoting the Digital Emblem | IGF 2023 Open Forum #16

10 Oct 2023 02:00h - 03:30h UTC

Table of contents

Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.

Full session report

Koichiro Komiyama

According to a report by the IISS, several Asian countries, including China, Australia, India, Indonesia, Iran, North Korea, and Vietnam, are significantly increasing their cybersecurity capabilities. This development has raised concerns about the escalation of cybersecurity capabilities in Asia.

Ransomware attacks have been on the rise, with damages increasing, and many of these attacks being driven by commercial profit. Over the past year, there have been successful breaches of critical infrastructure, such as hospitals. This highlights the vulnerability of essential services to cyber threats.

Japan, traditionally known for refraining from cyber offense due to its peace constitution, has changed its stance on cyber offense in light of national security concerns. This shift in policy indicates that Japan is recognising the need to enhance its cybersecurity capabilities.

To combat cybercriminal activities, the application of guidelines or emblems is suggested as a method to pressure criminal groups regarding their operations. Such guidelines can establish a framework for acceptable behaviour, discouraging criminal activities in cyberspace.

Koichiro Komiyama, a prominent individual in the field, has expressed concerns about cybersecurity threats specifically targeting hospital and medical systems. He emphasises the need for proactive measures to safeguard vital systems against evolving cyber threats.

Moreover, the implementation of local environment concepts for critical systems is considered crucial. Critical systems, whose offline or disconnected nature makes them less vulnerable to cyber attacks, do not use global IP address spaces or associate with any domain name. Implementing these concepts enhances the security of such systems.

Overall, the increasing cybersecurity capabilities of several Asian countries, coupled with the rise in ransomware attacks and successful breaches of critical infrastructure, highlight the urgent need for robust cybersecurity measures. It is essential to address cybersecurity threats to hospital and medical systems. Furthermore, the adoption of local environment concepts can enhance the security of critical systems.

Audience

During the discussion, concerns were raised about the offensive cyber capabilities that AI is reportedly enhancing. Automation and AI have increased the speed of cyber capabilities, leading to growing apprehension. The feasibility and effectiveness of the digital emblem solution were questioned, specifically regarding its ability to deal with the accelerated speed and wider reach of cyber capabilities. Doubts were expressed regarding whether cyber capabilities would take the time to verify the authenticity of digital emblems.

The discussion emphasized the need for strong interest from states and sub-state organizations in the digital emblem solution. The successful implementation and socialization of the solution require a strong appetite among these entities. Incentives were identified as necessary to encourage their engagement with the digital emblem solution. Additionally, the degree of interest among states and sub-state organizations was discussed, highlighting the importance of incentivizing their involvement.

The issue of incentivizing non-state actors and less organized groups to respect digital emblems was also raised. There was an example of activists in Russia and Ukraine pledging to reduce the scale of their cyber operations, indicating some willingness to comply. However, motivating these actors to fully respect and adhere to digital emblems remains a challenge.

Attribution problems and issues with incentivizing state actors were discussed. It was argued that problems with incentives and attribution could discourage state actors from respecting the digital emblem. This could potentially make emblem violations easier without clear attribution to a specific state.

The visibility of hospital targeting in the Asia-Pacific region was highlighted as evidence of the urgent need for the proposed emblem. Hospitals in this region are targeted by nation-states on a daily basis, underscoring the necessity of finding a solution to prevent such attacks.

The discussion also touched upon the self-regulation within the criminal community. It was mentioned that the criminal community regulates itself against targeting perceived “soft targets.” This suggests that there may be a deterrent effect that discourages criminals from attacking certain entities.

Finally, the potential role of Internet Service Providers (ISPs) in validating adherence to the digital emblem was suggested. ISPs possess the ability to identify operational nation-states and their infrastructure, which could provide insights into whether the emblem rules are being followed.

Overall, the discussions highlighted various challenges and concerns related to offensive cyber capabilities, the feasibility of the digital emblem solution, and the imperative of strong engagement from different actors. The importance of incentivizing compliance and addressing attribution issues was emphasized. The visibility of hospital targeting and the potential role of ISPs were also significant points of discussion.

Felix Linker

The ADEM (Authentic Digital Emblem) system, developed by Felix Linker and his team, is a technological solution designed to address the need for verifiable authenticity and accountability in the digital landscape. It was developed in response to a request from the International Committee of the Red Cross (ICRC) for a digital emblem. The purpose of ADEM is to provide a reliable and tamper-proof method of identification and endorsement for protected parties.

ADEM is designed to be a plug-in to the infrastructure of protected parties, such as the ICRC, allowing for the autonomous distribution of emblems. Prototyping is ongoing with the ICRC, and plans are in place to deploy ADEM within their network. This move is seen as a positive step towards enhancing cybersecurity and supporting the mission of protected parties.

One key aspect highlighted in the discussions is the role of nation-states in endorsing protected parties. ADEM allows nation-states to make sovereign decisions regarding the endorsement of protected parties, and emblems will be accompanied by multiple endorsements from nation-states. This approach empowers nation-states to exercise control and support protected missions according to their individual preferences and policies. It is considered a positive development in promoting digital sovereignty and aligning with the goals of SDG 16 (Peace and Justice) and SDG 9 (Industry, Innovation, and Infrastructure).

However, challenges arise when it comes to verifying endorsement requests. Felix Linker raises concerns about technical organizations that control parts of the internet naming system, such as ICANN. He believes that these organizations may struggle to authenticate requests for endorsement due to their technical nature. This argument carries a negative sentiment as it highlights a potential limitation in the current system.

In light of these challenges, Felix suggests that endorsement of protected parties could be undertaken by nation-states, supranational organizations, or entities with relevant experience and knowledge in the field, such as the ICRC. He emphasizes the importance of not burdening technical organizations with additional responsibilities that may not align with their expertise. This perspective is seen as positive as it suggests a more suitable and effective approach to securing endorsements for protected missions.

ADEM consists of two main components. The first component focuses on protecting entities identified using IP addresses and domain names. This aspect of ADEM aims to provide security and authenticity at the network level. The second component involves granting emblems through mechanisms such as TLS, UDP, and DNS. These mechanisms serve as a means to validate and authenticate the emblems, ensuring their authenticity and reliability. This dual aspect of ADEM showcases its comprehensive approach to safeguarding the integrity and authenticity of protected parties.

Felix’s team is also working on the development of local emblems, which aim to protect against threats at the device level. By addressing vulnerabilities such as malicious email attachments and network penetrations, this extension of ADEM provides an extra layer of security and ensures a holistic approach to safeguarding digital assets and missions.

Moreover, the discussions highlight the benefits of emblems in monitoring and reducing cyber attacks. Emblems serve as a mechanism for verifying the authenticity and legitimacy of actors engaging in cyber activities. By recognizing and respecting emblems, actors can be monitored more effectively to prevent and mitigate potential cyber threats. This observation carries a neutral sentiment as it reflects the potential of emblems in enhancing cybersecurity efforts.

Lastly, the proposition of Internet Service Providers (ISPs) taking on the responsibility of monitoring emblem distribution is viewed positively. Felix suggests that ISPs could play a crucial role in regularly checking whether emblems are being sent out as intended. This proposed role for ISPs aligns with SDG 16 and SDG 9 and potentially enhances the effectiveness of emblem distribution and validation.

In conclusion, the development of the ADEM system presents a promising solution for achieving authenticity and accountability in the digital realm. By allowing the autonomous distribution of emblems within the infrastructure of protected parties, ADEM promotes enhanced cybersecurity and supports protected missions. The involvement of nation-states and the consideration of various endorsement mechanisms further strengthen the system’s reliability and effectiveness. However, challenges exist in verifying endorsement requests, particularly concerning technical organizations’ ability to authenticate requests. The development of local emblems and the potential role of ISPs in monitoring emblem distribution offer additional layers of protection and monitoring. Overall, ADEM holds great potential for advancing digital security, ensuring authenticity, and supporting the goals of SDG 16 and SDG 9.

Moderator – Michael Karimian

The digital emblem is an innovation in humanitarian protection aimed at extending protections into the digital realm. Its purpose is to safeguard medical and humanitarian entities from cyber operations. This concept acknowledges the evolving nature of warfare and conflict, where cyber operations play an increasingly impactful role. By implementing the digital emblem, these entities can continue their work without fear of cyber operations.

Furthermore, the digital emblem represents a collective commitment to protecting the vulnerable from cyber threats. It highlights the intersection of technology, cybersecurity, and humanitarian protection, emphasizing the need for collaboration and advanced measures to ensure a secure digital future. This collective commitment signifies the importance of addressing cyber threats within the broader context of humanitarian efforts.

Applying multi-factor authentication and zero-trust principles can significantly enhance cybersecurity. Studies have shown that 99% of cyber-attacks can be prevented by adopting basic cybersecurity practices, including these two measures. By implementing multi-factor authentication, which requires multiple forms of verification for access, and following the zero-trust approach, which assumes no trust by default and verifies every action, organizations can greatly increase their cybersecurity resilience.

Keeping systems updated and employing data protection measures through encryption are also essential in minimizing the risks posed by cyber attacks. By ensuring that software and patches are up to date, organizations can protect themselves from known vulnerabilities. Additionally, encryption provides an added layer of security by securing sensitive data and making it unreadable to unauthorized parties.

To bolster cybersecurity efforts, it is encouraged for tech and telecommunications companies to join initiatives such as the Cyber Security Tech Accord and the Paris Call for Trust and Security in Cyberspace. The Cyber Security Tech Accord is a coalition of approximately 150 members committed to best practices and principles of responsible behavior in cyberspace. The Paris Call for Trust and Security in Cyberspace is the largest multi-stakeholder initiative aimed at advancing cyber resilience. By becoming part of these initiatives, companies can contribute to collective efforts in maintaining a secure cyber environment.

Engaging with the Cyber Peace Institute can also aid in improving cybersecurity. The Cyber Peace Institute focuses on promoting norms and advocating for responsible behavior in cyberspace. Collaborating with this institute can provide valuable insights and resources to enhance cybersecurity practices.

In the context of protecting medical facilities and humanitarian organizations, a multidimensional approach is required. This includes implementing technical solutions, fostering collaboration among various stakeholders, conducting research, and advocating for enhanced protection. The challenges and potential solutions in safeguarding these facilities and organizations were discussed, emphasizing the importance of research and advocacy in the process.

The significance of audience engagement and the contributions of the speakers were acknowledged in supporting the protection of medical facilities and humanitarian organizations. These discussions underline the critical importance of ensuring the safety of these entities, as the consequences of attacks can be just as devastating as physical assaults.

Overall, the digital emblem represents a critical innovation in humanitarian protection, offering safeguards against cyber operations for medical and humanitarian entities. By promoting the intersection of technology, cybersecurity, and humanitarian protection, advocating for best practices and responsible behavior, and implementing advanced cybersecurity measures, organizations can enhance their resilience against cyber threats. Collaboration, research, and advocacy are also essential in protecting medical facilities and humanitarian organizations. By joining together and adopting comprehensive strategies, we can create a more secure and resilient digital space.

Mauro Vignati

The International Committee of the Red Cross (ICRC) considers the digitalization of the emblem to be crucial and necessary. The digital emblem is used to identify medical personnel, units, and organizations, providing a means of recognition during armed conflicts. The ICRC argues for flexibility in the usage of the digital emblem, limiting its use to selected entities solely during times of armed conflict.

Initiated in response to the need for increased protection during armed conflicts and the COVID-19 pandemic, the ICRC began researching the digitalization of emblems. The digital emblem aims to provide security for medical facilities and Red Cross organizations.

Several technical requirements have been defined to ensure the effectiveness of the digital emblem. Ease of deployment, compatibility with different devices, and the ability to verify authenticity are among the key considerations. It is essential that the emblem can be utilized by both state and non-state actors.

Despite the benefits of the digital emblem, there are various challenges associated with its implementation. Such challenges include the lack of separate internet infrastructure for armed forces and civilians, difficulties in modifying medical devices, and the complex nature of the internet environment.

To develop the digital emblem, the ICRC consulted with 44 experts, initiating the project in 2020. This endeavor holds promise in reducing misuse through technological advancements. However, it is important to note that the authority to authorize the emblem’s use in physical space lies with the state, as stipulated by the Geneva Convention.

Both state and non-state actors are expected to comply with the conventions, including the digital emblem. The Red Cross actively appeals to non-state actors to adhere to International Humanitarian Law (IHL), as violation of IHL could be deemed a war crime.

In conclusion, the digitalization of the emblem is deemed vital in order to enhance protection in both physical and digital realms. The objective is to educate non-state actors on the significance of respecting IHL and the emblem to ensure the safeguarding of humanitarian efforts. Nevertheless, it is imperative to further assess the challenges and potential risks associated with the digital emblem.

Francesca Bosco

The Cyber Peace Institute was established with the goal of mitigating the adverse effects of cyber attacks on people’s lives worldwide. It plays a crucial role in aiding vulnerable communities to stay safe in cyberspace, conducting investigations and analysis on cyber attacks, advocating for improved cybersecurity standards and regulations, and addressing emerging technological challenges.

The healthcare sector is identified as a particularly vulnerable sector to cyber attacks, which often lead to the loss of data and disruption of services. The Cyber Peace Institute has a platform that documents cyber attacks on the health sector, highlighting the breach of over 21 million patient records and significant disruption to healthcare services. This demonstrates the urgent need for improved cybersecurity measures within the healthcare industry.

Cyber attacks during armed conflicts have a significant human impact as they threaten crucial services and spread disinformation. The borderless nature of cyberspace allows cyber operations to extend beyond belligerent countries, hitting critical infrastructures in third countries. This highlights the need for increased international cooperation and measures to protect critical services during armed conflicts.

Risks in the medical and humanitarian sectors include the increasing accessibility of sophisticated malware and ready-to-use cyber tools, as well as the blurring line between state and non-state actors. This presents a challenge as it lowers the barriers to entry for malicious actors and makes it difficult to attribute attacks to a specific entity. Thus, it is essential to develop strategies to effectively address these risks and protect vital infrastructures.

Education is identified as a vital component in understanding the importance of protecting healthcare and humanitarian organizations from cyber attacks. By educating different stakeholders, including professionals and the general public, they can better comprehend the potential consequences of not safeguarding these crucial infrastructures.

Francesca Bosco, an advocate in the field, emphasizes the need for analyzing the human impact of cyber attacks and the long-term consequences in order to underline the importance of protecting vital infrastructures. Efforts are being made to standardize a methodology to measure the societal harm from cyber attacks. The aim is to monitor responsible behavior in cyberspace and assess the societal costs of not adequately protecting vital infrastructure.

Basic cyber hygiene activities and information sharing are identified as critical elements in mitigating cyber attacks and improving cybersecurity. It has been found that 99% of cyber attacks can be stopped by implementing basic cyber hygiene practices. Additionally, full cooperation in terms of information sharing is needed to effectively trace and address cyber incidents, as seen in the case of the healthcare sector.

Civil society organizations are recognized for their close proximity to the people impacted by cyber attacks and their firsthand experiences. These organizations can play active roles in advancing knowledge and efforts in mitigating cyber attacks, working in collaboration with other stakeholders to address the challenges posed by cyber threats.

Sharing defense resources and enhancing cyber capacity building are recommended as important measures for protecting critical infrastructure. This can be achieved through initiatives such as the Global Cyber Capacity Building Conference, which focuses on the protection of critical infrastructure from cyber attacks.

In conclusion, the Cyber Peace Institute is at the forefront of efforts to mitigate the harmful effects of cyber attacks globally. Through its various activities, such as aiding vulnerable communities, investigating cyber attacks, advocating for better cybersecurity standards, and addressing emerging technological challenges, the Institute works to protect vital infrastructures, such as healthcare and humanitarian organizations. It is evident that education, cooperation, and capacity building are essential elements in effectively addressing cyber threats and safeguarding critical services. By understanding the human impact and long-term consequences of cyber attacks, there is a growing recognition of the need to protect vital infrastructure and develop strategies to mitigate cyber risks.

Tony

Tony highlights the necessity of a digital emblem in order to uphold International Humanitarian Law. This emblem should protect the end system data, its processing, and the communications involved. Moreover, it should be visible to those individuals who are committed to complying with international humanitarian law. Significantly, the digital emblem should not burden the operations of humanitarian organizations.

Tony suggests implementing the digital emblem by leveraging existing Internet infrastructure and technology. The internet has the capability to employ cryptographic methods to safeguard fundamental data. Critical data, such as naming and addressing required to operate the internet, can be protected through technology that is already established.

To implement the digital emblem, Tony proposes an implementation approach using secure DNS and secure routing. This approach involves inserting a special text record within the DNS record, which is signed by a trusted entity to validate the emblem. Additionally, visible blocks of address can be segregated to accommodate humanitarian traffic flows.

International cooperation is crucial for the successful implementation of the digital emblem. Nation-states have the responsibility to regulate the use of the emblem, and working through existing organizations like the ICRC can facilitate the process.

Tony argues that regional internet registries should take on more responsibility for verifying the authenticity of humanitarian missions, rather than relying solely on ICANN. This is particularly important because regional internet registries are better equipped to verify humanitarian organizations compared to ICANN, particularly in countries where there is a close coupling between the internet operator and the state, such as Egypt and China.

Coupling the verification of the humanitarian emblems with the operations of the internet can make the system more scalable. Tony suggests using DNS to propagate the emblem, rather than verify it, to make the process manageable. This can be achieved by having a local ISP or an organization like the American Red Cross sign the digital record within the DNS record.

The control of internet operations by the state is not universally applicable, and it varies among countries. In the United States, the government has little involvement in how names and numbers are allocated, whereas in countries like Egypt and China, the internet operator and the state have a close coupling.

There is a concern about the risk of unintended consequences and disruptions to humanitarian missions resulting from cyber attacks. Unintended denial of service attacks can occur if focus is only placed on the attacked entity, and nation-state attacks often focus on the infrastructure rather than individual users.

Protective measures should rely on internet infrastructure for third-party queries, instead of solely relying on potentially attacked endpoints. This proposed solution aims to mitigate the risks of cyber attacks by utilizing the infrastructure of the internet for third-party queries.

While basic cyber hygiene is essential, it is not a complete solution to cyber attacks. Existing technology can mitigate many damaging attacks, but sophisticated adversaries and high-value targets require more comprehensive defense strategies. To address this, authorities, whether legal or ethical, should promote and normalize cyber hygiene practices.

Transparency and collective action can help expose and deter malicious activity. Initiatives tied to scalable internet infrastructure can be repurposed for monitoring and responding to digital threats. Adversarial activities against sensitive institutions like hospitals and public utilities should be observable and provokable.

The current mechanisms and applications for protecting humanitarian operations in conflict zones should be expanded to other environments, even in peacetime. Ransomware attacks on peacetime institutions, such as hospitals, pose significant threats that current cybersecurity measures may not adequately address. Implementing existing security mechanisms sector by sector is challenging and impractical.

In conclusion, Tony emphasises the need for a digital emblem to respect International Humanitarian Law. Implementing this emblem by leveraging existing Internet infrastructure and technology, using secure DNS and secure routing, and ensuring international cooperation are vital for its success. Regional internet registries should play a larger role in verifying humanitarian missions, and coupling the verification process with internet operations can make the system more scalable. Cyberattacks pose a risk to humanitarian missions, and protective measures should rely on internet infrastructure. While basic cyber hygiene is important, more comprehensive defense strategies are needed for sophisticated adversaries. Transparency and collective action can help deter malicious activity, and mechanisms for protecting humanitarian operations should be expanded to other environments.

Session transcript

Moderator – Michael Karimian:
There we go. Hopefully everyone can hear me. So, distinguished guests and esteemed panelists, good morning, good afternoon, good evening, or good night, depending on where you are joining us from. Welcome to this important session on promoting the digital emblem. I am Michael Karamean, Director of Digital Diplomacy for Asia and the Pacific at Microsoft, and I have the privilege to serve as moderator today. In today’s digital age, the concept of the digital emblem represents a critical innovation in humanitarian protection. Much like the Red Cross, Red Crescent, and Red Crystal emblems have safeguarded lives during times of conflict in the physical world, the digital emblem aims to extend these protections into the digital realm. It is intended to be a symbol of hope and security, ensuring that medical and humanitarian entities can continue their life-saving work without the fear of malicious cyber operations. Importantly, the digital emblem concept is an acknowledgment of the evolving nature of warfare and conflict, where cyber operations play an increasingly impactful and harmful role. It emphasizes the criticality of upholding the principles of international humanitarian law in the digital space, where the consequences of attacks on hospitals and humanitarian organizations can be just as devastating as physical assaults. Our esteemed panel of experts today will delve deep into the technical, legal, and humanitarian aspects of the digital emblem. They will explore how it can be developed, deployed, and upheld, ensuring that it becomes a recognized symbol of protection in an increasingly digital yet vulnerable world. As we embark on this discussion, it is important to recognize that the digital emblem has profound importance. It not only signifies a collective commitment to safeguarding the vulnerable, but also highlights the intersection of technology, cybersecurity, and humanitarian protection. Through this dialogue, we aim to advance our understanding, share insights, and collectively work toward a more secure and resilient digital future. So, let us begin this exploration into the digital emblem concept, its significance, and the path forward. Together, we can hopefully promote digital peace and protect those who need it most. To help us achieve that goal, I am pleased to say that we are joined by Felix Linker, researcher at ETH Zurich, who joins us online. Dr. Antonio DeSimone, chief scientist at Johns Hopkins Applied Physics Laboratory, who also joins us online. Francesca Bosca, chief of strategy and partnerships at the Cyberpeace Institute, who is also joining us online. And in person, we are joined by Koichiro Komiyama, director of the Global Coordination Division at JPCERT, and also affiliated with APCERT, and Mauro Vignetti, advisor on digital technologies of warfare at the ICRC. So, to help set the scene, Mauro, please let’s begin with an overview of the digital emblem. Yeah, thank you very much,

Mauro Vignati:
Michael and everyone. So, I’m going to give an overview about the emblem, also the physical one, just to bring everybody at the same speed by discussing the digital emblem. So, the Red Cross, Red Crescent, and more recently, the Red Crystal have been symbols of protection. So, meaning that facilities, people, vehicles showing this emblem should not be attacked, they should be spared by the consequences of armed conflict. So, this is why the international military law requires part of the conflict to ensure the visibility of the emblem, so that combatants can identify the persons and the objects that they must protect and respect. And we’re going to see that this is a very important aspect, also in the digitalization of the emblem. So, the rules on the use of the distinctive emblems, or signals, are governing in the Annex I of the first additional protocol of the Geneva Conventions of 1977. So, and there is an article, it’s an article, it’s the article one of the Annex, that mandates the ICRC to see whether new systems of identification should be adopted. And that’s why we’re here to discuss the project of the digital emblem, because we think it’s fundamental to have a digital version of the emblem. So, the emblem marks medical personnel, medical unit, vehicle, and organization like the Red Cross and the Red Crescent organization. So, and there are two use of the emblem. So, there are, there is the distinctive use of the emblem. So, so to say it’s always on, in the way that organization like the International Committee of the Red Cross and the National Societies can use the emblem at all time. And then there is another use of the emblem that is the protective use. This means that the selected, dedicated entities can use the emblem only during armed conflict. This was a very important point because the emblem was in the digital space, must be flexible in this respect and in use only during armed conflict. So, that said, so it’s a general review about the emblem and, and we’re gonna go into the detail why we need to digitalize the

Moderator – Michael Karimian:
emblem to have a digital version of it. Thank you. Thank you, Mauro. So, today’s session will have three segments. For approximately 30 minutes, our speakers will frame the discussion from their perspectives. We’ll then spend approximately 20 minutes with the speakers having a conversation among themselves on the technical, legal, and humanitarian aspects. And we aim to dedicate 30 minutes for audience Q&A. So, please start to think of your questions now. In terms of framing the discussion, Francesca will turn to you first and it’ll be great to have your overview of the CPI’s role in protecting vulnerable entities in cyberspace. Overview of the trends in healthcare, sorry, cyber attacks against hospitals and medical facilities, including in times of conflict, and also importantly the role of neutral organizations in promoting digital peace. So, Francesca, over to

Francesca Bosco:
you. Thank you so much, Michael, and it’s a pleasure to be here with you all. Can you see my screen? We can, thank you. Great, thank you. So, thanks a lot, Mauro, for the excellent introduction in framing the discussion around the digital emblem. Let me take a step back, or better, to share some reflections on the work that we’ve been doing at the Cyber Peace Institute, specifically to understand the context. of the why it’s so important to protect civilian infrastructure like the healthcare sector and humanitarian organizations, both in peace time and during armed conflict. So let me share some also, some reflections on how the Cyber Peace Institute was created and is operating to try to understand some of the considerations that I hope will help the discussion further. So recognizing that our digitizing societies are particularly vulnerable to cyber attacks and often lack the resources to strengthen their cyber security. The Cyber Peace Institute was founded in 2019 in response to the escalating dangers posed by sophisticated cyber attacks. The mission, the overarching mission of the Institute is to mitigate the adverse effects of cyber attacks on people’s lives worldwide. This is extremely important because this will bring us to the focus of the Institute, which is to understand the human impact of cyber attacks. We accomplish this through key synergistic pillars that you can see here. So first, we aid vulnerable communities to stay safe in cyberspace, focusing especially on vital sectors as mentioned, like healthcare, non-profit and humanitarian organizations. Second, as you might see, we conduct investigation and analysis on cyber attacks. Our cyber threat analysis team has been focusing on cyber attacks against the healthcare since 2020 and since February, 2022, specifically on cyber attacks in the context of armed conflict. Now we are building the same capability to monitor attacks against NGOs, including humanitarian ones. Then we advocate for improved cybersecurity standards and regulations with evidence-based knowledge. And we complete, let’s say, the cycle by proactively addressing those emerging technological challenges and disruption to the work of humanitarian organizations caused, for example, by artificial intelligence or quantum computing. I wanted to explain this to understand also, I mean, how we came about, let’s say, the analysis that I’m going to offer some insight today for further discussion. All the information and specific data are available on our website and our different platform. As mentioned, I mean, when we think about the healthcare sector, what we did at the institute was that amid the pandemic, we focus on our work aimed by supporting the so-called the most vulnerable, specifically on the unique vulnerabilities of the healthcare sector and the real impact of the increasing numbers of cyber attacks against it. And you can see that we created a fairly unique platform that is called the Cyber Incident Tracer Health. And the platform serves to document cyber attacks. And not only to, you will find the, let’s say, the numbers in terms of like data collection, but also try to understand which are the criteria, which are the metrics that are relevant to understand the real impact that they have on people. So you will see how many attacks per week, so the total record breach, how many countries, but also you will find what it means in terms of, for example, how many days of disruption in hospital and medical facilities, how many people could not get the vaccines because a certain facility was attacked, how many people could not get the proper care, how many ambulances redirected. In total, I mean, and just to give an idea, this has led to the breach of over 21 million patient records, which has leaked or exposed in 69% of the incident. Again, the important aspect is that disruption to patient care endanger lives and create the stress and suffering for patients and medical professionals. And on the long term, it also erodes the trust in healthcare providers. We apply the same capability, we’re currently applying the same capability also to assess cyber attacks in terms of what is happening when civilian infrastructures are attacked during armed conflict. Again, no need to stress it again, but cyberspace is borderless, and so cyber operations go well beyond the belligerent countries to hit critical infrastructure and populations, also in third countries. We have to consider the anonymity of the digital world, so the actors involved in cyber warfare are numerous and diverse, and their true intention are even more complex, let’s say, to define and predict. And again, cyber operations have a significant human impact on population living in conflict. They are threatening crucial services, healthcare is a good example, and also other civilian infrastructure areas. And also there are, let’s say, kind of like a very peculiar dimension about the, let’s say, the digital space, and this is why the emblem is so important. For example, the spread of disinformation can make it harder to distinguish between fact and fiction, both inside and outside of countries in conflict. I would like to basically to stop here, maybe sharing these first insights, and we can possibly continue the discussion further. Thank you so much, Michael.

Moderator – Michael Karimian:
Francesca, thank you very much, and absolutely we can come back to more of these topics in the discussion later on. I think if anything, the pandemic showed in a perverse way that with the severe vulnerability of the healthcare sector there is a need for this sort of collective action together and hence the importance of the ICRC’s leadership in this space. Now moving on, Koichiro, it’ll be great to have a presentation from you or to hear your thoughts on the cybersecurity challenges in Asia and the Pacific, and the insights that you might have into the evolving threat landscape, and of course the importance of global coordination.

Koichiro Komiyama:
Thank you, Mike. And good morning, everyone. My name is Koichiro Sparky-Komiyama from Japan CERT and AP CERT. I think in this session I’d like to represent the technical community in this region, Asia-Pacific. I’ve been working for on-the-ground incident response for like dozens of years, and I’m also a scholar for international relation and related area. So. So from my perspective, I’d like to share with you a few things. First of all, in Asia, states are racing for expanding capacity and capability of offensive side of their cyber capabilities. And for instance, UK think tank IISS recently published a report on the cyber power of 20 major states. And quite a few, some of Asian countries are ranked as, for example, Australia, China. They are the tier two countries where we have only one tier one country, United States. So we have two major players in Asia. And for tier three, we have India, Indonesia, Iran, Malaysia, North Korea, Vietnam. They are all, well, by assessment from an independent think tank, they have well-established offensive cyber capabilities. So there’s an urgent need for a country like Japan to de-escalate the group of militarization of cyberspace. And then talking about Japan itself, we have been refraining to go offensive. Mainly due to our peace constitution prohibit us to use the force, except the case it is recognized as a part of collective defense. So historically, we do not have, and we did not try to equip offensive cyber capability. But that has been changed. That was changed December last year with new national security strategy. Japan also seeking to have an offensive. Well, in our wording, it is active cyber defense, not offensive. But, well, there’s a subtle difference. But anyway, it’s not something we haven’t even tried for the last 50 years. And my last point is we see many damages caused by ransomware attack. And most of those, they are mostly driven by a commercial profit. So they hack, they launch ransomware attack for profit. Now, for last 12 months, we see many successful breach to our hospitals, one of our very critical infrastructure. However, they are usually very strong in protecting their own network. And going back to the emblem, of course, I know it’s not for, you know, it doesn’t have any direct effect to criminals in a peacetime, of course. However, having this type of document and guideline, I expect there’s some pretty. can also put some pressures on criminal groups on what they cannot do for their operation. So that’s my initial contribution and I’m happy to discuss with you for further details. Thank you.

Moderator – Michael Karimian:
Koichiro, thank you very much. Interesting to hear you reference the intention for Japan to introduce active cyber defense as part of the new national security strategy. Of course, different actors always define active cyber defense in different ways. It’ll be interesting to see how Japan approaches it in line with responsible behavior and cyberspace norms and the pacifist constitution. Mara, returning to you, it’ll be helpful to hear more on the ICRC’s role in researching and developing the digital emblem, the importance of addressing the need for extending international humanitarian law into cyberspace, and the insights that you might have on the application of the digital emblem in practice. Thank you very much. So,

Mauro Vignati:
Michael, you and Francesca, you mentioned the pandemic. So this is exactly the point in 2020 when we start to think about the digitalization of the emblem by observing what was happening during 2019 in the pandemic time, but also observing what is happening during armed conflict. So that’s the period we start to research the possibility to digitalize the Red Cross and Red Crescent emblem to signal the protection against cyber operations for medical facilities and the Red Cross and Red Crystal organizations. So to start the project, we define some technical aspects that the emblem should have, a potential digital emblem should have. So these are the requirements that we define. So first one was it must be easy to deploy. So we know that during armed conflict, it’s always difficult to find, it’s already difficult the situation in armed conflict, but it’s also difficult to find IT personnel that is able to work in this domain. So the emblem must be very easy to deploy, like the physical one, also the digital one must be easy to deploy. So it must be able to be installed on a number of different devices. That’s a very important aspect because we know that, for instance, medical devices, they cannot be modified because of different reasons, the guarantee, the functioning of medical devices. So we have to find a way to put the emblem on those devices without touching them, without installing anything on those devices. So we do not have to generate costs for the entities that are showing the emblem. So if we think a medical unit, a doctor that has to show the emblem, he has not… to have a relative cost to deploy and show the emblem. And most importantly, he has to be seen and understood. So the logic of the emblem is from the perspective of the attacker. So when we have an operator running a cyber operation, they have to understand that they are confronted with an emblem. And they have to be able to recognize this is the emblem of the Red Cross Red Crescent. And they have to understand this emblem. And they have to be able to also check the authenticity of the emblem. Not that this is a fake emblem, but this is an original one. And another aspect is the emblem should be used by state and non-state actors. So we see many state actors who are involved in conflict. So not only thinking about states able to deploy the emblem, but also by non-state actors. So on that, we are seeing some challenges in deploying this. First of all, and I think it’s one of the most important challenges, that we don’t have an internet for armed forces. And we don’t have an internet only for civilians. So the infrastructure is mixed. The nature of internet is mixed. And that’s why we need a digital element that can go granular on identifying assets on network. Because networks are intermingled. And we cannot divide. So I’m thinking about cloud infrastructure, satellite infrastructure, and so on. So we can have a doctor that has a computer that should be protected with the emblem that is using a military network that is a target. So we have to think in those scenarios. And then, so the challenge is also the medical devices I mentioned before. And then the environment. So it’s very complex, fluid, dynamic field. So we have a very stressful situation in armed conflict. So we have to be aware of this. And that’s why the digital element must adapt to this kind of field. So that’s why we start to talk with John Hawkins University that we’re going to have later on in this panel, and with ATHZ and the University of Bonn Center for Cyber Trust. And we start to talk with them, and they start to develop. a potential way to digitalize the emblem. Then we consulted, during the last year, 44 experts from 16 countries. And we submitted the ideas that have been developed so far. And they identified benefits and risks in digitalizing the emblem of the Red Cross. So among the benefits, logically, the digital emblem will extend the existing protection from the physical space to the digital world. So this is a very positive aspect. And the emblem will make it easy for operators to avoid arming protected entities. So those are the main benefits resulting from the consultation, but also the risks. So we risk, based on the expert consultation, to increase visibility of sensitive and less protected entities, like hospitals. Knowing that all of the experts reflect on that, saying that nowadays there are already multiple, several possibilities to identify less protected entities, scanning the internet and finding out which IPs, which domain names, belongs to hospitals. So in their opinion, we are not aggravating the situation. We are not increasing, because there are already methods and means to identify those. But we have to keep in mind that putting an emblem on something, someone, an object, could be putting a target on a personal object if the parties do not respect the emblem. And then as a second big risk is the possible misuse. So we know in the physical world, there are several cases of misuse of the emblem. We’re going to see, with the presentation from the two universities, that we can reduce in the digital space the possible misuses through the technology that they are developing. So this is a positive development in this respect. So we published the first report in November last year. So if you are interested. on the website of the ICC, you’re going to find the report. So this is generally how the genesis of the project in this time. Thank you very much Mauro, and you mentioned the role, the issues

Moderator – Michael Karimian:
surrounding non-state actors. During the Q&A, perhaps we can discuss the ICC’s recent principles on non-state actors. I know a question has already been posed on the Zoom platform, I encourage more questions as well, and of course encourage the audience to think about their questions when we come to the Q&A portion later on. Felix, turning to you, ETH Zurich, it’ll be tremendous to hear your thoughts on the technical solution of the Center for Cybertrust to implement the digital emblem, your thoughts on the feasibility and design considerations, and any insights that you might have on the role of technology in protecting medical and humanitarian organizations. Felix,

Felix Linker:
over to you. Thank you for a great introduction Michael, and also thank you to the other speakers for setting the flow so well. So as Mauro said, we were contacted by the ICRC in 2020, and in response to their question of how a digital emblem could work, we developed a system that we call ADEM, which stands for an authentic digital emblem. And in the next minutes, I’d like to give you an overview of the key design concepts that went into ADEM. So first, Mauro mentioned it, an emblem must be verifiably authentic. We looked at this problem more generally and asked ourselves the question, when is the digital emblem trustworthy? And we identified three security requirements in response to that. So as I said, an emblem must be verifiably authentic. That means parties who observe an emblem can check that it is legitimate and develop trust in the emblem itself. Second, a digital emblem must provide accountability. As Mauro said, there can be misuse, but we designed our digital emblem in such a way that whenever parties misuse it, they commit to irrefutable evidence that could be admitted to court, for example, to prove that they misbehaved and to hold them accountable for that misbehavior. And finally, attackers must stay undetected when inspecting the emblem. I put attackers in quality because it’s a bit of a funny attacker model. We are thinking about parties here who are willing to engage in offensive cyber operations, but not when their target has a digital emblem on it. These people must feel safe in using the digital emblem and trust that it doesn’t harm the operations. For example, that it would reveal in other cases that they’re about to attack entities. Coming to ATEM itself, we envision our design to be used by three types of parties. First, nation-states who endorse protected parties, then protected parties who send out digital emblems to attackers. With ATEM, nation-states can make sovereign decisions as to who they do or not endorse. Protected parties can distribute emblems autonomously, and this touches on what Mauro said earlier. This is a means for protected parties to decide individually whether or not they want to show the emblem, whether or not they feel safe to showing it. ATEM was also designed as a plug-in to the protected parties infrastructure. You can just add a device into their networks and it will distribute emblems for you. And for attackers, these parties can verify an emblem as authentic while staying undetected. And critically, we designed ATEM so that it also fits the standard workflow of attackers. Looking more at the technical side of ATEM, we identify parties via domain names for countries, for example via their .gov address, and protected parties as well. For example, let’s say pp.org. Governments cryptographically endorse a protected party, and a protected party, for example, would cryptographically endorse a hospital that has some IP address. In practice, these hospitals have multiple protected digital assets, for example, a website, tablets of the medical staff, or general purpose medical devices that cannot be touched, as Mauro explained. With ATEM, you can deploy an emblem server additionally within the hospital that would signal protection via TLS, UDP, and DNS to aforementioned attackers. This emblem server would distribute emblems that have multiple parts. First, the emblem itself in the center that is a cryptographically signed statement of protection. And this emblem would be accompanied by multiple endorsements. Endorsements from all the nation states that endorse the protected party and an endorsement from the protected party itself. An attacker could learn from this emblem that multiple conflicting states endorse the emblem and thus deem it as trustworthy. This reasoning might be simpler for military units who are bound by AHL. For these military units, it might suffice that they see that a nation state they trust, for example, their own nation state or an ally endorse the emblem. In summary, our design, ADEM, provides three security requirements. It’s verifiably authentic, it provides accountability, and it lets attackers stay undetected. Our design is to appear in a top tier security conference and our publication is accompanied by formal mathematical proofs of security. Currently, we have prototyping ongoing with the ICRC and we hope to deploy ADEM within the ICRC’s network, as I just showed for hospitals soon. If you want to learn more about the digital emblem, I encourage you to follow the QR code on the right hand side or reach out to me via my contact details. And I look forward to the discussion later.

Moderator – Michael Karimian:
Felix, thank you very much. And it is important to note that Felix and Francesca are dialing in at approximately 4.30 AM their time. So real kudos to them and thank you for their generosity. Tony, I think has a slightly better time zone, but still up a little bit late. So turning to you, please, Tony, if we can hear your thoughts on similar aspects as Felix’s presentation, but from the perspective of Johns Hopkins APL. Thank you.

Tony:
Yes, happy to do that and happy to be here. Thank you very much for inviting us to this and also to participate in the larger effort. We, the Applied Physics Lab or division of the university, we have a variety of technical efforts, many focused on protecting critical infrastructure. The project we’re discussing here is actually part of a broader set of activities we have, recognizing that while we are a laboratory, major technology activities, if we expect to have significant impact have to be tied into a legal and even a legal policy and even a social framework to be successful. And so that’s what this is about. We’ve had a longstanding effort to look beyond the technology into the other policy, ethical norms based issues associated with critical infrastructure. And when we discussed with ICRC, some of their objectives for the digital emblem, there was a significant overlap, particularly because within the context of international humanitarian law, we had a fairly specific way of thinking about what needed to be done in order to provide that emblem to the parties that needed to be able to implement it and observe it and respect it. So I’ll tell you a little bit about what we envisioned for the technical solution, but I wanna back up a little bit to kind of our thoughts on what is it that a digital emblem has to do. And this is a recapitulating a little bit of what we’ve heard, but I think the important thing to think about here is twofold. Who is it that has to respect the emblem and who is it that has to observe that set of behaviors? And it’s important that we are looking at actors who would desire to comply with international humanitarian law. So there’s a large class of cyber actors, a large class of cyber attacks. There are hacktivists, cyber criminals, script kiddies who are doing it for fun. And then there are nation states or organized militaries or organized combatants who employ cyber in conjunction typically with other means of power. And those are the types of cyber operators we’re focused on. That’s the nature of the emblem for international humanitarian laws. It applies to those types of actors. And one thing we observe is that if you look at how nation states have employed cyber means in conflict, they typically have fairly broad capabilities and will do things like major disruptions to the internet in order to support whatever it is that they would like to do, suppressing activity within their state or limiting the ability of combatants to operate within their domain. So what that means is from a protection point of view, we can’t just think about protecting the end systems, the data, the processing. We also have to be able to protect the communication. Many of the operations that we look to protect rely not just on the ability to process locally, but the ability to reach back and communicate either for logistics purposes, to receive advice, receive supplies. So the emblem needs to protect both the end system, its data and processing and the communications. And it has to do that with a degree of assurance. It has to do that in a way that’s visible to operators. And then to some of Francesca’s points, it also has to be visible to third parties in a way that doesn’t disrupt the operations of the humanitarian mission. So we were looking for a solution that had those kinds of attributes. It needs to be scalable. It needs to be visible globally. And it can’t be a burden on the operations of the humanitarian organization beyond what they need to do in order to operate on the internet. And in order to do that, what we tried to do was look at how we would leverage the infrastructure that is in place in the internet, rather than looking at developing a new capability that would require new infrastructure. And what we were looking at was the way to leverage what is on the internet today in order to secure the internet. The internet technology has grown the capability to employ cryptographic methods to protect the fundamental data that you need to operate the internet. And that is the naming and the addressing that’s used in order to enable communications. So with that infrastructure in place, we have an asset that we can use that doesn’t require us to roll out new capability in support of the emblem. We leverage what’s out there that gives us the global reach and the scale that we think we need. And a lot of these technologies are well understood. What we have to understand is how to adapt it into this mission, into the mission of supporting a digital emblem. And the fundamental problem, you know, in our opinion, isn’t the technology to protect information on the internet or to indicate your presence on the internet, protecting IP addresses, protecting names as established technologies. What needs to be done is adapting it into the model for how international humanitarian law and the emblem are used. And there’s a very strong analogy with what’s done physically, and I think we’ve touched on some of this. The emblem is understood globally through the good work of the International Committee of the Red Cross and the National Societies, but the the emblem itself is regulated under the laws of each state, and so it’s different in each state. And what has to be done then is to tie the assurance that the emblem is valid to that authority that the state has to determine how to regulate the use of the emblem, which is different in different states. In some places, there’s a very close coupling to the National Societies. In other places, there are state agencies that are responsible for regulating the emblem. But that’s the new connection that has to be made from a technology point of view, and that is all about the ability to use the same cryptographic techniques that are used to protect the Internet, but to protect the emblem. Now that’s the premise for what we’re doing. Let me talk specifically about what we think would be a valid implementation of the emblem that has these properties of global visibility and scalability. What we’ve looked at doing is simply leveraging what’s already in place for secure naming, secure DNS, and for routing for securing the BGP system used for global routing. And what that means is that we have cryptographic protection for that information, for names and addresses. How do we now layer on top of that the cryptographic protection for the emblem? Well, to do that, we can leverage what’s available already within DNS, and we have a prototype running where what we have done is taken part of our DNS namespace at JHU, and as part of our demonstration said that that subset of the namespace is for humanitarian missions. Now the name itself isn’t the emblem because the name is not something that can easily be assured, but what we do in addition to assuring the name, which shows that the name is legitimate, we insert within the DNS record a special text record that is signed by a different entity that is trusted to verify that the emblem is being used properly. And that’s what then has to be tied back to the way international humanitarian law is regulated in the different states and in the different jurisdictions. So that’s the first part of what we’ve suggested, that we use the DNS in order to propagate this information, make that available within the DNS record using standard technology, thereby inheriting the scalability and global reach. But it’s not enough to have names. In order to see what’s happening on the internet, you actually have to focus on addresses and you get an address from the namespace. But if you just relied on that, you’d run into the problem of being able to do that at scale. If you are Francesca’s organization, you don’t wanna have to look for each individual name and collect each individual address. What you’d like to do is operate in a way where the addresses used for these protected missions are part of a distinguished part of the IP address space. And again, that’s something that can be done. It is used all the time in order to segregate some of the traffic for the normal users of the internet. Commercial internet operators, nation states that operate the internet, will distinguish how they handle traffic based on what they know about the meaning of that address, but they do that based on local considerations. What we’re seeking to do is make that context by which you determine how to handle an address global and global tied to international humanitarian law. So the suggestion then is to have designated blocks of addresses that are associated with the humanitarian missions and assigned through the normal process to provision internet services tied to the infrastructure in place for secure routing. What that means is, an entity that would like to have a service supporting a humanitarian mission would number that out of the address space that is designated for humanitarian missions and register that within the RPKI, the Resource Public Key Index that exists for routing and thereby gain the global scaling and visibility for the address so that if an entity like the Cyber Peace Institute would like to see if internet traffic disruptions are affecting humanitarian traffic flows, that is done based on aggregated blocks of addresses so that it’s quickly visible to a third party observer that a state action has in fact affected a humanitarian mission. So those are the core technical concepts. Adopt a naming technology and the means to do secure naming in order to provide a distinguished record that serves as the namespace address and rely on blocks of addresses in order to have traffic flows that can be monitored that are associated with humanitarian missions. All of that secured by standard cryptographic techniques that then need to be tied to essentially a route of trust associated with the way that international humanitarian law is implemented. That last piece really is where we see, excuse me a second. That last piece is where we see a great opportunity to work with international organizations on how that would be done. If it’s done country by country, we again have a scalability problem. Every country would have to be able to, every country, not just every country. Everyone interested in participating would have to essentially touch every country. Better would be to work through existing organizations, national societies and the ICRC or the IFRC or perhaps regional associations that countries might use in order to coordinate how they would implement the regulation of the entity that they do under their domestic laws. That piece again is at the intersection of the technical solution that I’ve sketched out here and the legal policy frameworks that are in place to allow cooperation among nations and then a cooperation with third party entities. So that’s where we are. As I mentioned, what we’re doing now is prototyping focused not on showing you can do this. Like I said, most of this is very well established technologies, but showing that if you do it on the operational internet, it will behave the way you expect. It will have the scaling properties, the global visibility. We will have the ability to bring up or take down an emblem. We have to understand what those time constants are given the way the internet works. And that’s an experiment that we hope to do over the next few months with some technical partners. And in parallel to that, as I say, we should be doing some work with the appropriate bodies that would look at how the nations that are responsible for putting in place regulation of the use of the emblem would cooperate in order to make the assurance of the emblem something that also scales globally. And that’s what I have. Thank you.

Moderator – Michael Karimian:
Tony, thank you very much. I think both yourself and Felix, your remarks have highlighted the technical feasibility of the emblem. And of course, that in itself demonstrates the innovative nature of the emblem itself. And also I think speaks to the credit of the ICRC for taking so much time to go through the due diligence to identify and design how this could be rolled out in practice. In the next 15, 20 minutes, we have. the privilege of engaging in what I hope to be a dynamic conversation among the speakers and that will delve into the technical policy, cybersecurity and humanitarian aspects surrounding the digital emblem. This is intended to be a conversation among the speakers so that they all have a chance to react to and build upon each other’s thoughts. If I can please request for the AV team to have Antonio, Felix and Francesca on the screen at the same time so we can see them simultaneously, that’ll be very helpful. Thank you. So let’s start by discussing the mix of technological and policy dimensions of the digital emblem. I think it’s crucial to consider the involvement of international organizations such as ICANN and the ITU in this endeavor. I wonder if any speakers have any thoughts on how these organizations can play a role in the development and implementation of the emblem and what collaborative efforts we can envision on this front. Felix, I think maybe you have some thoughts on this topic. Yeah, this touches a bit on what

Felix Linker:
Tony said last time. So we, in our design of ADEM, we feature a notion of authorities as well and we are deliberately vague in what these authorities are supposed to be because we don’t know which authorities like the world in the end will agree upon which are the good ones to be endorsed by. So one of these authorities could be the ICRC that endorses protected parties to run humanitarian missions. It could also be organizations like ICANN. But what we thought is that organizations that, for example, control parts of the naming system of the internet are not particularly well suited to verify whether someone that reaches out to them and tells them, hey, I run a protected mission, can you please endorse me? Organizations that are more of technical nature would have a hard time verifying these requests as genuine, is what we feared. So we didn’t want to put any legal burdens on technical organizations, so to speak, and rather focused on nation-states or maybe supranational organizations like the Arab League or organizations that know what they’re doing in the space anyways, like the ICRC. Thank you, Felix. Do any other speakers have

Tony:
thoughts on this? I agree with Felix that it’s really the regional registries more than ICANN. They are responsible for operations, but their role is the validity of the information used to run the internet. They are not in general in a position to verify humanitarian organizations. but that’s not true as a blanket statement. And the difference is it is a state responsibility as the ICRC has written to regulate the use of the emblem. And in many states, there is a very close coupling between the internet operator and the state. And so in that world, under the ICANN and the regional registries, there is a state authority that controls names and numbers. And if that’s the case, then there’s a natural place for that to be the authority that controls the use of the emblem, not as the numbering authority, but as the state authority for the use of the internet. Now that’s not global. In the United States, that’s not the way the internet operates. In the United States, the government has very little involvement in how names and numbers are allocated. But in other countries, Egypt, for example, China, the coupling is very close. So the answer, Michael, to your question is not simple. In some places, you’d expect a close coupling. In other places, it really needs to be distinct, but it does need to be tied into the way that the internet itself is operated, or you have to overlay another global scalable system, for example. So we envision using DNS, not to use DNS to verify that the emblem is correct, but to use DNS to propagate the emblem, regardless of who has signed the digital record within the DNS record that says the emblem is valid. That can be an ISP, as I say, in certain countries. In the United States, it almost certainly would not be. It could be the American Red Cross, or it could be the US as part of the supranational organization. But the general technical solution does have to maintain that separation, recognizing that operationally, to make this scalable, it does have to couple to what’s done by the registries and ICANN.

Moderator – Michael Karimian:
Thank you, Tony. Mauro?

Mauro Vignati:
Yeah, just to give a couple more thoughts on the legal and policy perspective. So the use of the emblem is not decided by the ICRC. So this is decided by states on the Geneva Convention. And this is in the annex ones of the additional protocol. So that’s where we have to operate from a legal perspective. So buying to the technological development, we are working on the legal process. And we are presenting the idea to states so that for the international conference in October 2024, where the state’s going to come to Geneva also to discuss about the emblem. States are aware about the project, and national societies too, and then we look for them to give us the mandate to continue to explore this project. Because at the end of the day, we have to amend the Geneva Convention. So we have to amend the additional protocol or to create a new protocol. So this is the basic legal process that we have to go through to be able to have a digital version of the emblem. So that said, in the offline physical space, then are the state’s authority that decide who is able to use the emblem. So the Ministry of Health or other ministries entitled for this, they decide who internally in their nation or in their territory, because we are always talking about a non-state actor that occupy territory and control territory. So these could be also a non-state actor. They are entitled to give the permission to selected entities to display the emblem for protection. So the distinctive use is already in the Geneva Convention, so the ICRC and the national societies. But at the end of the day, the entity that decide who is able to display the emblem in the physical space is the state. So we try to replicate the same. process that we have in the offline or in the online. We’re going to see the difficulties that we can have in this specific domain, but we would like to replicate exactly the same process for the authorization. Then the implementation is another topic. Thank you Mauro, very

Moderator – Michael Karimian:
helpful. Let’s turn to the cybersecurity implications because of course we must recognize that with innovation comes great responsibility, and so let’s examine the risks and benefits associated with this concept. I wonder if any speakers have any thoughts on potential vulnerabilities that we should be vigilant about, and of course conversely how the overall cybersecurity of cybersecurity posture of critical medical and humanitarian organizations can be enhanced by the emblem, but also recognizing that in a world where cyber threats evolve and sometimes in predictable ways, sometimes in unpredictable ways, what proactive and best practices can we put in place to safeguard these vital systems? Would anyone like to start? Kojiro, please.

Koichiro Komiyama:
So I don’t have a clear answer for the question, but to protect the, or talking about the protecting the, for example, infrastructure at the hospital or medical system, so this is more like a question to Felix or Antonio. You mentioned the ADEM or the implementation of digital emblems right now is, it can sign on DNS domain name or IP address or TLS, DNS. Could it be possible to sign like individual files or medical, the physical systems that are used in factory or hospitals?

Felix Linker:
Felix, you have your hand up? Can I jump right in? Yeah, great. Yeah, so we need to distinguish two types of, two parts of ADEM. just talking about my design now, or our design. So there is, for one, what you say that is protected, right? Like how you speak about the entities that are protected, in which direction you point. And what we use in Atom are IP addresses and domain names for that, right? This is how we identify an entity that is protected. And then TLS and UDP and DNS are our mechanisms by which we give someone the emblem, right? And then this emblem includes the pointer, we give it via, for example, UDP, and then this emblem says, ah, this is the protected IP address, this is the protected domain name. Now, a colleague of mine is currently working also on local emblems, where the idea is that malware that infested some device could check whether this device is protected, or whether parts of this device are protected. In the work that I presented, we focused on the network level, and on the network level, we thought it only makes sense to talk about things that you can also see from the network level, right? We found it would be kind of like, what would a verifier do with the information? Oh, like looking at their notes, file f.txt on this computer is protected, allegedly. But I mean, I have no access to this computer, right? What am I supposed to do with this information, yeah? So on the internet, we wanted people to only say, something is protected that they can also recognize as that thing that is protected. But for local emblems, we are looking on future work, yeah. And this, for example, would target especially the devices of medical staff, because not every penetration happens through the network layer, right? It could be malware in a malicious email attachment that just gets sent out en masse, right? And then the malware happens to find itself, wake up within the hospital network. And we also want to cater those designs, or those problems, rather, not designs.

Moderator – Michael Karimian:
Oh, thank you, that’s great. So, I’ll, Rik.

Tony:
Let me make, can I make one comment on some of the risks? We worried a bit about unintended consequences, and what we have to be careful of is not to create an emblem in a way that itself potentially causes a disruption to the humanitarian mission. And really, the important thing here is to think about how a third party, not the cyber actor, how a third party would observe that, the emblem was being respected. What we wanted to avoid was depending on the humanitarian organization itself to field a query from an arbitrary third party in order to avoid the potential for an unintended denial of service attack. The scenario to think about is, you would like to be able to observe a cyber attack in progress. If the only way to do that is to query the attacked entity, what you are doing is focusing traffic on the attacked entity. That’s how unintended denial of service happens. There’s no way to check for malware on a machine without checking the machine. But given what we have seen, that nation-state attacks typically are focused more on the infrastructure than on the individual user. We want to make sure that the observation of attacks on the infrastructure don’t depend on observing the endpoint. I’m talking about a set of mechanisms that have actually manifested many times on the Internet with the loss of certain critical capabilities because of a focused overload on the endpoint. You can imagine that kind of thing happening if all the news organizations in the world or all of the third parties that care to monitor compliance with international humanitarian law, address a endpoint that is intended to be protected. That’s a little aspect of this that is still a concern to me. Our solution tries to mitigate that by relying on Internet infrastructure to query for third parties. But there’s nothing that prevents those third parties from actually, now that they know where the attack is manifesting, from actually focusing their attention on it, unintentionally disabling the humanitarian operation.

Moderator – Michael Karimian:
Thank you, Tony. Kojiro?

Koichiro Komiyama:
Just a very quick comment. But I do agree with, or I strongly believe that the local environment is something. We really need to implement this concept because the more a system is critical is, those system tend to be completely offline or not connected, or doesn’t use the global IP address spaces, do not associate with any domain name and others. That’s something I need to see your future proposal.

Moderator – Michael Karimian:
Thank you, Kojiro. Francesca, if I may put you on the spot at 5 AM your time. I know strategic foresight is a speciality of yours. I wonder if you have any thoughts on where risks to the medical and humanitarian sector might go in the future, and how we can proactively mitigate those risks.

Francesca Bosco:
Actually, can I share a reflection that was, I think, a connection point across different aspects that were mentioned, starting from what Mauro was mentioning in terms of one of the key requirements of the emblem is that it needs to be understandable by the different parties, let’s say. Let me share specifically also to address your point, Michael, in terms of we chart the evolutions in cyberspace that we are seeing. I’m sharing an evolution that we are all aware about, for example, the kind of like civilization of conflict, for example, that we’ve seen and why the emblem is so relevant. More than an evolution in terms of technology, I would like to share an evolution, which is a combination of, let’s say, technological disruption, like, for example, the availability of certain tools. And I’m thinking, for example, about the accessibility of harmful and sophisticated malware, for example, the diffusion of ready-to-use cyber tools that are accessible online, link-to-sold, and so they lower the barriers of entry for malicious actors. One of the key elements that Mauro mentioned before is that the emblem needs to be understandable also by the attackers. And here we’ve been talking more about, let’s say, the technological vulnerability, but let’s also think about the human vulnerabilities, let’s say, in terms of lowering the barrier to entry means also that, again, as we’ve seen, let’s say there is a blurring line between the state and non-state actors, the complexity, clearly, of the, I mean, the attribution of cyber attacks and the increased complexity of having civilians, for example, engaging in cyber operations. This is to say that one of the problems is also understanding the real impact that certain actions might have. What we have observed is, for example, that there is a combination between, for example, state-sponsored actors and activist collectives that usually conduct more basic attacks and focus on disruptive effects, but you can never completely, let’s say, foresee the spillover effect or without fully understanding the consequences that their actions might have, often because they don’t understand the full impact, basically, that they might have with their actions. So I think this is an interesting evolution, let’s say, in cyberspace, where, again, to Mauro’s point in terms of the value of the digital emblem is indeed something to consider. And let me also allow another comment, which was also, I was seeing some of the comments in the chat about the education. I think that the education needs to go in different directions. Again, going back to why it’s important, let’s say, to protect healthcare organisations, institutions and facilities, but also, at the same time, humanitarian organisations. Before understanding, let’s say, why it’s important to protect, often the easier argument is to offer concrete examples of what it means if we’re not protecting them. And we’ve seen this. We have not necessarily learned from that, but this needs to go across, let’s say, the different stakeholders involved. I started with the malicious actors, but then let me go back also to what the, let’s say, which are, let’s say, the ones that need to decide on the emblem, as Mauro was mentioning, are states at the end of the day. Also, in terms of like states, we need to educate in terms of which are the real consequences and the real impact of attacks. And to this end, one of the work that we’re currently doing is also analysing, basically starting exactly with the work that I was mentioning on the healthcare, to understand the real human impact, but also to foresee potential consequences on the long term. We started doing this work by which we are working on a standardised methodology to measure the societal harm from cyber attack and monitor also the responsible behaviour in cyberspace. And to the points that have been made, this needs to be applicable in peacetime, in armed conflict time, and be able to assess which are the costs that we are paying as society if we are not protecting vital infrastructure like healthcare and humanitarian organisations.

Moderator – Michael Karimian:
Francesca, thank you very much. We now have approximately 22 minutes for audience Q&A. For anyone in the room who has a question, if you could please approach the microphone at the stand. I don’t say that to make things awkward, but just it is important for accessibility and so that questions are captioned on the screen as well. But just to help kick things off, there is a question in the Q&A chat on Zoom which I will pose. It is actually a very helpful big picture question. Then we can zoom back in. The question comes from Aliou Shabashi. They ask, can we stop cyber attacks in all sectors by investing a huge amount of funds for developing highly sophisticated software tools slash systems, or are there other means to at least minimise cyber attacks that harm countries? It is a big picture question, not just specific to the digital emblem. It helps us expand the conversation on cyber security more broadly. If any of the other speakers have thoughts on this, I will just quickly mention the Microsoft perspective. At Microsoft, we talk about five specific actions which are recommended that are taken. One, this is true for individuals and systems administrators, is to apply multi-factor authentication. I know that can sometimes seem very annoying, but it does make an enormous difference, as studies have shown. Secondly, apply zero-trust principles, that is specific to systems administrators. Extend detection and anti-malware software and solutions. Keep up to date, in other words, patch systems and use the latest available versions of software and protect data, ideally through encryption. Studies have shown that 99% of cyber attacks can be stopped by those basic cyber hygiene activities. I would also encourage tech and telco companies to join the Cyber Security Tech Accord, which is a coalition of approximately 150 members who have committed to best practices and principles of responsible behaviour in cyberspace, as well as the Paris Call for Trust and Security in cyberspace, which actually applies to all sectors. It is the largest multi-stakeholder initiative to advance cyber resilience. I would encourage anyone to engage with Francesca’s organisation, the Cyber Peace Institute. Does anyone else have any thoughts on this? Francesca, I see your hand is up.

Francesca Bosco:
I was waiting for this moment. Because actually, when we worked on the cyber incident to trace our health, in full transparency, we started receiving many requests. like, can you do it also for the banking sector, for example? Can you do it also for other vital infrastructure? On purpose, we decided to focus on all civilian infrastructure. And so we started looking into that. So I get the point. So I’m talking here more about like understanding the full landscape. I’m not gonna go into the weeds, let’s say, of the definitions and let’s say the landscape of different laws and regulations that apply that are making also difficult, let’s say, to do some proper collection work. But let’s stick to our own experience and to answer to the question, would the funding be enough from a technical standpoint? And I spent all my life in cybersecurity. I would say, no, stopping, let’s say, cyber attacks worldwide, not possible. But on the mitigation side, indeed, there’s work that can be done. You mentioned, you started basically already answering, Michael, in mentioning, I mean, basic cyber hygiene. And to me, this should be kind of like the minimum requirements, let’s say, of all society education. But the sticking more in terms of like what the different stakeholders can do. I think there’s one basic point, which is full cooperation in terms of like information sharing. One of the challenges that we encountered, for example, in the cyber incident trace of health was to collect the data, analyze the data, and also share the data among the different partners. So information sharing is still a challenge. And there is one part which is also related to then how to transform the knowledge into, let’s say, palatable and understandable knowledge that can help the international community to advance the mitigation efforts, notably when it comes to, for example, accountability. But also I’m thinking in terms of like the active role that civil society organization or non-state actors, Michael, you mentioned the tech accord, for example, or civil society organization like us and like many other attendee, for example, the IGF and for sure in the room can play a role because they are the ones that are often either impacted or they are the last mile, let’s say, very close to the people that are impacted by cyber attacks. So to understand, again, the consequences and for potentially advancing knowledge for the mitigation efforts, we need to have this constant dialogue. And then the third part that we have not discussed so much about, but in the end, it’s also, I mean, the framing of the conversation, which is protecting the protectors, meaning sharing also defense resources, because there is one part which is the information sharing when it comes to the attacks, but then there is also, okay, so what we can do about it and therefore how we can mitigate. Enhancing cyber capacity building, there are different efforts in that regard. I would like to mention there is going to be a high level meeting in Ghana at the end of November, the Global Cyber Capacity Building Conference. I’m mentioning this because this goes also into the mitigation effort side and that there will be also one focus specifically on protection of critical infrastructure, both in, let’s say, I would say developed and in developing countries. But then also, again, sharing the knowledge, the good practices, and also sharing active, let’s say, defense initiatives. To this end, and considering the humanitarian context, we launched the Humanitarian Cyber Security Center, which is a sort of like umbrella platform by which we are collaborating with different entities exactly to go, I mean, hopefully to stop cyber attacks, but especially to mitigate the impact of cyber attacks specifically on humanitarian organizations, because they are the ones, again, that they are protecting society as a whole.

Moderator – Michael Karimian:
Thank you, Francesca. Tony, your hand is up.

Tony:
Yeah, I just wanted to, first, Michael, very much endorse your points about the importance of some basic cyber hygiene. Many, many of the kinds of attacks you see that are very damaging, we have the technology to mitigate, and it’s just not done. Having said that, I think we can’t count on a technology solution to these problems because some of the adversaries are so sophisticated, some of the targets are so valuable that there has to be more than a technical solution. And that’s one of the things that got us started down this path. We think there’s a lot of value to exposing malicious behavior and looking for collective action, which is one of the reasons why we’ve tied a lot of the mechanisms we’ve used specifically for the IHL application to general mechanisms available on the internet because IHL is very important but very limited to the humanitarian operations in conflict. So you wanna have a solution that works in that environment, but you’d like to be able to extend it under different authorities into other environments. And authorities could be legal authorities or it could just be ethical or norm-based behavior that says, we will be able to observe that there seems to be hostile activity against a hospital, not in conflict, a hospital or a public utility. And to do that, you have to make, you have to provide some more transparency so those who are interested in watching know what they’re seeing. And again, to do that globally and scalably, you have to tie it to the scalable infrastructure that’s in place. You can’t hope to do that sector by sector and still scale. And that’s one of our motivations to try to tie what we’re doing to the infrastructure that’s in place that can then be repurposed for these purposes. IHL, very good special case, but would not address, for example, ransomware at a hospital in peacetime. That’s not an IHL problem, but it’s very much an important problem that could be solved by looking for those same kinds of bad behaviors.

Moderator – Michael Karimian:
Tony, thank you very much. Again, in terms of questions in the room, please do approach the microphone, which is on that side to my right, if you’re looking at the screen. Yasmin, I believe you have a question, please.

Audience:
Hi, it’s a bit awkward to be standing in front of a microphone, but thank you very much for this very interesting and fascinating panel. I’m Yasmin, I’m a researcher at the UN Institute for Disarmament Research. So I do have a few questions, so I hope you bear with me. First on the question of offensive cyber capabilities that are being enhanced by AI. I know that there’s a lot of hype around it, but fact is that there will be cyber capabilities that are increasing in speed, even without automation and AI. And I was wondering how the digital emblem solutions would deal with issues surrounding the need for the emblem to be verifiable and in an authentic way, but at the same time, how do you deal with the increase of speed of the cyber capabilities that might not even take the time to verify the authenticity of these emblems, or they don’t even care about the emblems in a way. And second is my question of surrounding the appetite of states and sort of sub-state level organizations and agencies for these solutions. So obviously I’ve heard a lot about your efforts at socializing the idea, which I think is great, but at the same time, how much appetite do you see concretely at the moment and what sort of incentivization have worked so far? Because I saw, I think it was just yesterday, a couple of days ago, I saw an article about, for example, the activists in Russia and Ukraine who actually pledged to sort of lower, like de-scale the level of cyber operations that they’re conducting. But at the same time, how would you incentivize, for example, activists that are less organized in these groups to respect solutions such as the digital emblem? And yeah, I think that’s about it, right? Because I’m aware of the limitations.

Moderator – Michael Karimian:
Yasmin, thank you very much. I know we have more questions, and so we can… good if we can have the questions bunched together and then allow the panelists to respond in whatever makes most sense for them. So another question

Audience:
please. Sure, so hello my name is Glyn Glasser. I’m actually with the Syravese Institute. Hi Francesca. But we don’t work directly together so I’m not a plant. My question actually follows on quite well from this last one about incentives. I’m wondering given problems around attribution that Francesca mentioned, would you foresee kind of fewer state actors being motivated to respect the emblem given that there’s maybe an easier or higher probability that they could, the emblem could be violated without the attack being attributed to a state? That’s my question, thank you. Thank you. It looks like we have a third question. Hello, thank you very much everyone. This has been really interesting. I didn’t actually know about this proposal. I’m Jess Woodall and I work in policy and national security for Telstra, which is Australia’s incumbent ISP and telco provider. So it’s been really fascinating and I have a background in international relations so this really hit me. A couple of kind of observations and then a question. I think just to kind of add to what kind of Sparky was saying, I think there’s a real kind of need for this. Like we have excellent kind of visibility on the targeting in the Asia Pacific region given our kind of network and this is a real threat. This is stuff that is happening now. There’s hospitals being hit by nation-states that we can see kind of almost every day. So there’s, you know, from the outset say there’s a case for this and it’s really interesting. I think to kind of answer the question before my question, the first question, what I think you might say is like the malicious kind of criminal community is very self-regulating. So they will go after people who target people that they perceive as soft targets. Like they don’t like that amongst their own community. So whilst this is kind of primarily targeted at nation-states, you might even see that trickle-down impact within the criminal community itself. So yeah, I think that there might be broader kind of impacts than what you’ve even outlined here. On the kind of issue of validating kind of who is adhering to the emblem, because I’m a real kind of, you know, how do we implement this? This is great but what will it look like in reality? Like how do we roll it out? How do we do it? You could even look to ISPs because we can see, we have really good knowledge of who the key nation-states are that are operating in our jurisdictions, what their C2s are, what their infrastructure is. So if you were to implement something like this, you could reach out to kind of those organisations and be like, okay, is this actually being adhered to? Are people following these kind of rules? And we could give you kind of some insight, you know, is that happening or is that not happening? So yeah, my question is like, do you think that there’s kind of a role for, you know, ISPs and that kind of situation to help validate that people are adhering to, you know, an emblem type

Moderator – Michael Karimian:
scenario? Thank you. Thank you Jess, tremendously helpful. So just to briefly summarise there, we’ve had a question on how to deal with the implications of AI empowered attacks but also AI empowered defence, the appetite for states here and similarly how we can ensure that states respect the emblem. How do we think about knock-on consequences of the emblem and the role for ISPs? piece. We have approximately six minutes left. So if I could encourage our speakers to exercise some brevity, that would be great. Who would like to go first? Felix, I see your hand is up.

Felix Linker:
Yes, I hope I can be brief. I’ll do my best. So I actually would like to comment on all of the questions or parts of them. So in the context of the question regarding AI, it was like, how do we then even deal with attackers who might not even verify the emblem as authentic? And here I think it’s important to recontextualize the emblem. So the emblem is a mechanism that aims to reduce cyber attacks, but only by design from those people who verify it and pay respect to it. So I think it’s important in all discussion to focus just on these actors, because otherwise there is no point and there’s nothing we can do. Regarding the last question, I appreciate that the second question was already answered by the person asking the question themselves. A role that we were exploring for our design in general, not regarding ISPs, was because our design is so active, it functions like a heartbeat protocol, right? Emblems are just sent out regularly or not. We were wondering if monitors that regularly, but not too often, check whether these emblems are actually sent out to be able to attest, for example, to other people. I mean, you say you didn’t see the emblem, but look, we saw how it was sent out. It was not dropped. I’ve never thought of ISPs taking this role, but it could be one of the possible

Moderator – Michael Karimian:
roles, yeah. Thank you. Thank you, Felix. Four minutes remaining. Who would like to go next? Mauro?

Mauro Vignati:
Yeah, probably on the non-state actor and the incentive for the state actor to respect the emblem. So from the state’s perspective, there is a legislation that they signed, or other conventions, so they should comply with the Geneva Conventions if they’re going to sign this amendment or the new protocol. So they are bind by law. Knowing that inside the space you can be a little bit more anonymous than the physical one when you do operation, it’s one thing. We have to test the emblem when it’s going to be out there. But we tend to think that countries that are respecting the physical emblem will also be in respect of the digital one. Another story is about the non-state actor. So we published a couple of days ago in the European Journal of International Law an article about eight rules that non-state actors should respect. Those are not new rules. So some newspaper thought that we are doing a new Geneva Convention or new commandments in this respect. Those are just rules based on IHL, so rooted on IHL, and we call non-state actors to respect IHL. We formulate in a little bit new way because of the recent conflicts, but those rules are rooted in IHL. So what is the goal is to talk to, through the publication of this rule, to talk to those non-state actor and to ask them to respect IHL and not to attack civilian objects and not to attack civilian people and so on and so on. So you can find this on our blog and on the European Journal. So through this work we are doing, we are teaching those people what is IHL, what is the respect of IHL, and then an infringement of IHL could be considered as a war crime. So this is what we try to do. We do in the physical space with armed forces and now we try to do also on a digital space, knowing that the people in the digital space are physically somewhere. So that’s the goal. Thank you Mauro. Two minutes

Moderator – Michael Karimian:
remaining. Would anyone like to be the final speaker for this session? If not, then… Sure, I’ll help to wrap up. You don’t need me to reiterate the significance or importance of protecting medical facilities and humanitarian organizations. We know that. I think this session has helped demonstrate how we further help those sectors to be protected. But of course, as we’ve also discussed, technical solutions are not enough. We need a broad range of multidimensional solutions involving many, many actors. And so I hope that those of you here who have joined us in the room or online have found that this has been relevant to your work and that you can also contribute in ways that are necessary. Of course, Mara will be here. And of course, feel free to email or connect to any one of us if it is necessary to do so. I think we clearly need to have more collaboration. But also, there’s a space for more research and more advocacy on these matters as well. This session alone doesn’t achieve all those goals. But with that, I’d like to thank our great speakers for what I hope has been an interesting session and thank our attendees as well for their tremendous engagement and questions. Thank you all very much.

Audience

Speech speed

189 words per minute

Speech length

931 words

Speech time

296 secs

Felix Linker

Speech speed

163 words per minute

Speech length

1710 words

Speech time

631 secs

Francesca Bosco

Speech speed

151 words per minute

Speech length

2487 words

Speech time

989 secs

Koichiro Komiyama

Speech speed

102 words per minute

Speech length

677 words

Speech time

397 secs

Mauro Vignati

Speech speed

165 words per minute

Speech length

2236 words

Speech time

811 secs

Moderator – Michael Karimian

Speech speed

186 words per minute

Speech length

2465 words

Speech time

796 secs

Tony

Speech speed

168 words per minute

Speech length

3499 words

Speech time

1253 secs