The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> MODERATOR: Distinguished guests and esteemed panelists, good morning, good afternoon, good evening, or good night, depending on where you are joining us from. Welcome to this important session on promoting of the digital emblem. I am Michael Karimian. Director of Digital Diplomacy for Asia and the Pacific at Microsoft. I have privilege to serve as moderator today.
In today's Digital Age, the concept of the digital emblem represents a critical innovation in humanitarian protection. Much like the Red Cross, Red Crescent, and Red Crystal emblems have safeguarded lives during times of conflict in the physical world, the digital emblem aims to extend these protections into the digital realm. It is intended to be a symbol of hope and security ensuring that medical and humanitarian entities can continue their life‑saving work without the fear of malicious cyber operations.
Importantly the digital emblem concept is the acknowledgment of the evolving nature of warfare and conflict where cyberoperations play an increasingly impactful and harmful role. It emphasises the criticality of upholding the principles of international humanitarian law in the digital space where consequences of attacks on hospitals and humanitarian organisations can be just as devastating as physical assaults.
Our esteemed panel of experts today will delve deep into the technical, legal, and humanitarian aspects of the digital emblem. They will explore how it can be developed, deployed,and upheld, ensuring it becomes a recognized symbol of protection in increasingly digital yet vulnerable world.
As we embark on this discussion, it is important to recognise that the digital emblems has profound importance. It not only signifies a collective commitment to safeguard the vulnerable, but also highlights the intersection of technology, cybersecurity, and humanitarian protection. Through this dialogue, we aim to enhance our understanding, share insights, and collectively work towards a more secure and resilient digital future.
Let us begin this exploration into the digital emblem concept, its significance, and the path forward. Together, we can hopefully promote digital peace and protect those who need it most. To help us achieve that goal, I am pleased to say that we are joined by Felix Linker, research and ETH Zurich, who joins us online, Dr. Antonio, Tony to friends, chief scientist at Johns Hopkins Applied Physics Laboratory, who also joins us online, Francesca Bosco, Chief of Strategy and Partnerships at the South Peace Institute and joining us also online and in‑person, we are joined by Cochiro Komila, Director of the Global coordination division at JPCERT and also affiliated with APCERT. And Maro Vinetti, advisor on digital technologies of warfare at the ICRC.
So to help set the scene, Maro, please let's begin with an overview of the digital emblem.
>> Thank you very much, Michael and everyone. I'm going to give an overview about the emblem, also the physical one just to bring everybody up to same speed. The Red Cross, Red Crescent and more recently the Red Crystal, have been the symbols of protection, so it means that facilities, people, vehicles showing this emblem should not be attacked and should be spared by the consequences of the armed conflict. This is why international humanitarian law requires part of the conflict to ensure the visibility of the emblem so that combatants can identify the persons and the objects they must protect and respect, and we will see this is a very important aspect also in the digitalization of the emblems.
So the rules on the use of the distinctive emblems or signals are governed in the Annex 1 of the first edition of the protocol of the Geneva conventions of 1977. It's article 1 of the annex that mandates the ICRC to see whether new systems of identification should be adopted, and that's why we're here to discuss the project of the digital image because we think it's fundamental to have a digital version of the emblem.
So the emblem marked medical personal unit vehicle and organisation like the Red Cross and the Red Crescent organisation. There are two uses of the emblem. There is the distinctive use of the emblem so to say it's always on, and the way that the organisation like the International Committee of the Red Cross and international societies can use the emblem at all time, and the reason other use of the emblem is the protective use. This means that selected dedicated entities can use the emblem only during armed conflict. This was a very important point because the emblem in the digital space must be flexible in this respect and use only during armed conflict.
So that said, it's a general overview about the emblem, and we're going to go into the detail why we need to digitalise the emblem into a digital version of it. Thank you.
>> MODERATOR: Thank you, Maro. So today's session will have three segments for approximately 30 minutes. Speakers will frame the discussion from their perspectives. We'll then spend approximately 20 minutes with the speakers having a discussion amongst themselves on the technical, legal, humanitarian aspects, and we aim to dedicate 30 minutes for audience Q&A. So think of your questions now.
In terms of framing the discussion, Francesca, we'll turn to you first. It will be great to have your overview of the CPI’s role in protecting vulnerable entities in cyberspace, overview the trends in healthcare, stop cyberattacks against hospitals and medical facilities including in times of conflicts and also the role of organisations promoting digital peace. Francesca, over to you.
>> FRANCESCA BOSCO: Thank you so much, Michael. It's a pleasure to be here with you all. Can you see my screen?
>> MODERATOR: We can. Thank you.
>> FRANCESCA BOSCO: Great. Thank you. So thanks a lot, Maro, for the excellent introduction in framing the discussion around the digital emblem. Let me to take a step back and better share some reflections on the work that we've been doing at the cyberpeace institute specifically to understand the concept of the why it's so important to protect civilian infrastructure like the healthcare sector and humanitarian organisations both in peace time and during a time of armed conflict. So let me share also some reflections on how the cyberpeace institute was created and is operating to try to understand some of the considerations that I hope will help the discussion further.
Recognising that our digitising societies are particularly vulnerable to cyberattacks and often lack the resources to strengthen their cybersecurity. The Cyberpeace institution was founded in 2019 in response to the escalating dangers posed by sophisticated cyberattacks. The overarching mission of the institute is to mitigate the adverse effects of cyberattacks on people’s lives worldwide. This is extremely important because this will bring us to the focus of the institute, which is to understand the human impact of cyberattacks. We accomplish this through key synergistic pillars that we see here. First, we aid vulnerable communities to stay safe in cyberspace, focusing especially on vital sectors, as mentioned like healthcare, nonprofit, and humanitarian organisations.
Second as you might see, we conduct investigation and analysis on cyberattacks. Our cyberthreat analysis team has been focused on cyberattacks on healthcare since 2020 and since February 2022 and specifically cyberattacks in the context of armed conflicts. Now, we are developing the same capability to monitor attacks against NGOs, including humanitarian ones. Then we advocate to improve for the cybersecurity standards and regulations with evidence‑based knowledge, and we complete let's say the cycle by practically addressing the emerging technology challenges and disruption to the work of humanitarian organisations caused for example by artificial intelligence or quantum computing. I wanted to explain this to understand also how we came about let's say the analysis that I'm going to offer some insight today for further discussion, all the information and specifically that are available on our web site and our different platform.
As mentioned, I mean, when we think about the healthcare sector, what we did at the institute was amid during the pandemic we focused on our work aimed by supporting the most vulnerable, and specifically on the unique vulnerabilities of the healthcare sector and the real impact of the increasing numbers of cyberattacks against it, and as you can see that we created a fairly unique platform called the cyber incident tracer health, and the platform serves to document cyberattacks and not only to ‑‑ you would find let's say the numbers in terms of like data collection, but also try to understand -- we tried the criteria – we tried the metrics that are relevant to understand the real impact they have on people. So you will see how many attacks per week, so the total record breach, how many countries, but you will find how many days of disruption in hospital and medical facilities. How many people could not get the vaccines because a certain facility was attacked, how many people could not get the proper care, how many ambulances were redirected. In total, I mean, just to give an idea, this has led to the breach of over 21 million patient records which were leaked or exposed in 69% of the incidents.
Again, the important aspect is that disruption to patient care endangered lives and creating suffering for medical professionals and in the long term it breaks trust for healthcare providers. We applied the same capability also to assess several taxing terms of what is happening when civilian infrastructures are attacked during the conflict. Again, no need to stress it again, but cyberspace is borderless, and so cyber operations go well beyond countries to hit critical infrastructure and populations in countries. We have to consider the anonymity of the actors involved in cyber warfare are numerous and diverse, and their true intention are even more complex let's say to the final predict, and again cyber operation have a significant human impact on population living in conflict. There are many services, healthcare is a good example, and some civil infrastructure areas and there are a very particular dimension about the let's say the digital space. This is why the emblem is so important. For example, this intervention can make it hard to distinguish between fact and fiction between countries inside and outside of countries of conflict. I would like to basically stop here maybe sharing these first insights and we can possibly continue the discussion further. Thank you so much, Michael.
>> MODERATOR: Francesca, thank you so much. Absolutely we can come back to more of these topics in the discussion later on. If anything, the pandemic showed in a perverse way the severe vulnerability of the healthcare sector there is a need for this collective action together and the importance of the ICRC's leadership in this space.
Moving on, it will be great to have your thoughts in the Asia‑Pacific and the insights you might have into the evolving landscape and, of course, the involvements of global coordination.
>> Thank you, Mike. Good morning, everyone. I am from Japan. CERT and APCERT and I think in this session I would like to report on the technical community in this region, Asia‑Pacific.
I've been working for -- on the ground incident response for dozens of years, and I'm also a scholarist for international mediation in the digital area. So from my perspective, I'd like to share with you a few things. First of all, in Asia, you know, states are racing for expanding capacity of ‑‑ capacity and capability of offensive side of their cyber capabilities. And for instance, UK, sink tank ISS recently published a report on the cyber power to 20 major states, and quite a few some Asian countries, for example, Australia, China, they are the tier 2 countries where only we have only one tier 1 country, the United States. So we have two major players in Asia, and we have India, Indonesia, Iran, Malaysia, North Korea, Vietnam, they are all by assessment by independent think tank, they have more extensive cyber capabilities. So there's an urgent need for a country like Japan to deescalate this group of militarization of cyberspace.
And talking about Japan itself, we have deframing co-offensive ‑‑ I mean, mainly due to the peace constitution prohibit us to use the force, use of force, except the case it is recognized as a part of collective difference. Historically, we do not have, and we did not try to equip offensive cyber capability, but that was changed December of last year. It was new. National security shortages. Japan also thinking to have a offensive ‑‑ in our wording it is an active cyber offense ‑‑ or defense ‑‑ there is a subtle difference. Either way, it is not something. We haven't even try for last 50 years.
And my last point is, we see many damages caused by ransomware attack and most of those, they are mostly driven by commercial of profit, so they don't launch ransomware attack for profit. So last 12 months, we've seen many successful breach of hospitals, one of our, you know, very critical infrastructure. However, they usually are very strong in protecting their own network. And going back to the emblem, you know, I know it doesn't have any direct effect to criminals in peace time, of course. However, having this type of document and guideline, I suspect they can also put some pressures on criminal groups on what they can do, what they cannot do, they cannot do in a ‑‑ for their operation. So that's my initial contribution, and I'm happy to discuss with you further details. Thank you.
>> MODERATOR: Thank you very much. Interesting to hear you reference the intention for Japan to introduce active cyberdefense as part of the new national security strategy. Of course. Different actors always define active cyberdefense in different ways. It will be interesting to see how Japan. It will be helpful to hear more on the role on developing the emblem and importance of addressing the need ‑‑ and insights you have on the application of the digital emblem in practice.
>> Thank you very much. Michael, you and Francesca mentioned the pandemic. This was an example in 2020 when we start to think about the digitalisation of the emblem by observing what was happening in 2019 in the pandemic time and also observing what happened in the armed conflict. So we start to research the possibility to digitalise the Red Cross and Red Crescent emblem to symbol protection for cyber operations for medical facilities and the Red Cross and Red Crescent organisations.
So to start the project we design some aspects that the emblem should have, a potential emblem should have. So some requirements we define. First one, it must be easy to deploy so that we know that during armed conflict, it was difficult to find it's already a difficult situation. It's difficult to find IT personnel that is able to work in this domain, so the emblem must be very easy to deploy like the physical one and also the digital one must be easy to deploy. It must be able to be installed on a number of different devices. It's a very important aspect because we know that for instance medical devices, they cannot be modified because of different reasons, the guarantee, the functioning of medical devices, so we have to find a way to put the emblem on those devices without touching them, without installing anything on those devices. So we do not have to generate costs for the entities that are showing the emblem so if we think of a medical unit, a doctor has to show the emblem, as not to have relative costs to deploy and show the emblem and most importantly, he has to be seen and understood so the logic of the emblem is from the perspective of the attacker. So when we have an operator running a cyber operation, he has to ‑‑ they have to understand that they are confronted with an emblem, and they have to be able to recognise this is the emblem of the Red Cross/Red Crescent, so they have to understand this emblem, and they have to be able to check the authenticity of the emblem, not that it is a fake emblem but it is an original one.
Another aspect is the emblem should be used by state and non-state actors, so we see many state actors involved in conflict, not only thinking about states deploying the emblem but also by non‑state actors. On that, we are seeing some challenges in deploying this. First of all, I think it's one of the most important challenges that we don't have a need for armed forces and we don't have an internet only for civilians. The international forum is mixed. That's why we need a digital emblem that can go granular on identifying assets on network because network are intermingled and we cannot divide it. Thinking about clouding infrastructure and so on. So we can have a doctor that has a computer that should be protected with the emblem that is used in a military network that is a target, so we can ‑‑ we have to think in those scenarios.
And then so the challenge is also the medical device as mentioned before, and then the environment so it's a very complex, fluent, dynamic field. We have a very stressful situation in armed conflict. We have to be aware of this. That's why the emblem, we must have in addition to this. So that's why we start to talk with general consumers so we don't have later on in this panel, and a universal bond, start to develop trust and we start to talk with them, and they start to develop a potential way to digitalise the emblem.
Then we consulted during last year 44 experts from 16 countries. And we submitted the ideas that have been developed so far, and they identified benefits and risks in digitalising the emblem of the Red Cross. Among with the benefits, the digital emblem will extend the existing protection from the physical space to the digital world so this is a very positive aspect. And the emblem will make easy for operators to avoid arming protected entities. Those are the main benefits resulting from the consultation but also there are risks. So the risk based on the expert consultation to increase visibility of sensitive and less protected entities like hospitals. Knowing that all of the experts reflect on that saying that nowadays, there's already multiple, several possibilities identified, less protected entities, finding out which domains belong to us, so in their opinion, we are not aggravating the situation, we are not increasing because there are already methods and means to identify those, but we have to keep in mind that putting an emblem on something, someone, an object could be putting a target on a person or object if the parties do not respect the emblem.
And then as a second big risk is the possible misuse. So we know in the physical world, there are several occasions of misuse of the emblem, and we're going to see with the presentation from the two universities, that we can reduce in the digital space the possible misuses with the technologies they are developing, so this is positive in this respect.
We published this first report in November last year. If you are interested, on the web site on the ICC, go and find the report. So this is generally how the genesis of the project at this time.
>> MODERATOR: Thank you very much, Maro. You mentioned the role of issues surrounding nonstate actors during the Q&A. Perhaps we can discuss ICRC's interests. We'll encourage the audience to think about their questions when we come to the Q&A portion later on.
Felix, turning to you, it will be tremendous to hear on the technical solution of the Centre for Cybertrust to implement the digital emblem, any insights you have on the role of technology on protecting medical and humanitarian organisations. Felix, over to you.
>> FELIX LINKER: Thank you to the other speakers for setting the floor so well. As Maro said, we were contacted by the ICRC in 2020, and in response to their question of how a digital emblem could work, we developed a system that we called ADEM, which stands for an authentic digital emblem. In the next few minutes I would like to give you a few key concepts that went into ADEM. An emblem must be verifiably authentic. We looked at this problem more general trustworthy? Awe identified three security requirements in response to that. As I said, an emblem must be verifiably authentic. That means parties who observe an emblem can check that it is legitimate and develop trust in the emblem itself. Second, a digital emblem must provide accountability. As was said, there can be misuse but we design our digital emblem in such a way that whenever parties misuse it, they commit irrefutable evidence that could be committed to court, for example, to prove that they misbehaved and to hold them accountable for that misbehaviour.
And finally, attackers must stay undetected when inspecting the emblem. I put attackers in quotes here because it’s a funny take on words. We are thinking about parties who are willing to engage in offensive cyberoperations, but not when their target has a digital emblem on it. These people must feel safe in using the digital emblem and trust that it doesn't harm the operations. For example, that it would reveal in other cases that they're about to attack entities.
Coming to ADEM itself, we envision to be used by three types of parties. First, nation states who endorse protected parties, then protected parties who send out digital emblems to attack us. With ADEM nation states can make sovereign decisions as to who they do or not endorse. Protected parties can distribute emblems autonomously. This touches on what was said earlier. This is a means for protected parties to decide digitally on whether or not they want to decide or whether or not they want to show the emblem, whether or not they feel safe to showing it.
ADEM was also designed as a plugin to the protected parties' infrastructure. You can just add a device into their networks, and it will distribute emblems for you. For attackers, these parties can verify an emblem as authentic while staying undetected and critically we have designed ADEM so it also fits the standard workflow for attackers.
Looking more at the technical sides of ADEM, we identified parties by domain names for countries, for example, by their dot gov address and protected parties as well. For example, let's say let’s say PP.org. Governments would cryptographically endorse a protected party, for example, a hospital that has some IP address. In practice, these parties have multiple protected assets, web sites, tablets of the medical staff, or medical devices that cannot be touched as explained.
With ADEM, you can deploy an emblem solver additionally within the hospital that would signal protection via TLS, UDP, and DNS attackers. This emblem solver would distribute emblems that have multiple parts. First, the emblem itself in the center, that is a cryptographically signed statement of protection, and this emblem would be accompanied by multiple endorsements. Endorsements from all the nation states that endorse the protected party and an endorsement from the protected party itself.
An attacker could learn from this emblem that multiple conflicting states endorse the emblem and thus deem it as trustworthy. This reasoning might be simpler for military units who are bound by HL. For these military units, it might suffice that it might see that a nation state they trust, for example, their own nation state or an ally endorse the emblem.
In summary, our design ADEM provides three security requirements. It's verifiably authentic, provides accountability and lets attackers stay undetected. Our design is to appear in top-tier security conference, and our publication is accompanied by formal mathematical proofs of security. Currently, we are prototyping ongoing with the ICRC and we hope to deploy ADEM within the network as I just showed for hospitals soon.
If you want to learn more about the digital emblem, I encourage you to follow the QR code on the right‑hand side or reach out to me via my contact details, and I look for the to the discussion later.
>> MODERATOR: Felix, thank you very much. It is important to note Felix and Francesca are dialing in at approximately 4:30 a.m. their time. Kudos to them and thank you for your generosity. Turning to you, Tony, if we can hear your thoughts on similar aspects of Felix's presentation but from the perspective of Johns Hopkins APL.
>> TONY: Happy to be here. Thank you very much for inviting us to this and also to participate in the larger effort. We have a variety of technical efforts mainly focused on protecting critical infrastructure. The project we're discussing here is actually part of a broader set of activities that we have recognising while we are a laboratory, major technology activities, if we expect to have a significant impact, have to be tied into a legal and even a legal policy on a social framework to be successful. That's what this is about. We’ve had a long standing effort to look beyond the policy, ethical, norms-based issues associated with critical infrastructure, and when we discussed with ICRC some of their objectives for the digital emblem, it's a significant overlap particularly because within the context of international humanitarian law, we had a fairly specific way of thinking about what needed to be done in order to provide that emblem to the parties that needed to be able to implement it and observe it and respect it.
So I'll tell you a little bit about what we envisioned for the technical solution, but I want to back up a little bit to kind of our thoughts on what is it a good digital emblem has to do. And this is a little bit of what we've heard but I think the important thing to think about here is two‑fold. Who is it that has to respect the emblem, and who is it that has to observe that set of behaviours?
And it's important that we are looking at actors who would desire to comply with international humanitarian law. So there's a large class of cyberactors, a large class of cyberattacks. There are activists, cyber criminals, script kiddies who are doing it for fun, and then there are nation states or organised militaries or organized combatants who employ cyber in conjunction with other means of power. Those are the types of cyberoperators we're focused on. That's the nature of the emblem for international humanitarian laws. It applies to those types of actors.
One thing we observe is that if you look at how nation states have employed cyber means in conflict, they typically have fairly broad capabilities and will do things like major disruptions to the Internet in order to support whatever it is they would like to do, suppressing activity within their state or limiting the ability of their combatants to operate within their domain. So what that means from the protection point of view, we can't just think about protecting the in‑systems, the data processing, we also have to protect the communication. Many of the operations that we look to protect rely not just on the ability to process locally but the ability to reach back and communicate either for logistics purposes to receive advice, receive supplies. So the emblem needs to support the in‑system, its data and processing and communications, and it has to do that with a degree of assurance. It has to do that in a way that's visible to operators, and to Francesca's points, it has to be visible to third parties in a way that doesn't disrupt the operations of the humanitarian mission. So we were looking for a solution that had those kind of attributes. It needs to be scalable and visible globally, and it can't be a burden on the operations of the humanitarian organisation beyond what they need to do in order to operate the Internet.
In order to do that, what we tried to do is look at how it would leverage the infrastructure that is in place in the Internet rather than looking at developing a new capability that would require new infrastructure, and what we were looking at was the way to leverage what is on the Internet today in order to secure the Internet. The Internet technology has grown the capability to employ cryptographic methods to protect the fundamental data that you need to operate the Internet, and that is the naming and the addressing that's used in order to enable communications.
So with that infrastructure in place, we have an asset that we can use that doesn't require us to roll out a new capability in support of the emblem. We leverage what's out there. That gives us the global reach and the scale that we think we need.
And a lot of these technologies are well understood. We have to adapt it into this mission, into the mission of supporting a digital emblem, and the fundamental problem, you know, in our opinion isn't the technology to protect information on the Internet or to indicate your presence on the Internet, protecting IP addresses, protecting names and established technologies. What needs to be done is adapting it into the model for how international humanitarian law and the emblem are used, and there's a very strong analogy with what's done physically, and I think we've touched on some of this. The emblem is understood globally through the good work of the international committee of the Red Cross and the national societies, but the emblem itself is regulated under the laws of each state, and so it's different in each state, and what has to be done then is to tie the assurance that the emblem is valid to that authority that the State has to determine how to regulate the use of the emblem, which is different in different states, and some places, it's a very close coupling to the national societies. In other places there are agencies that are responsible for regulating the state emblem, but that's the new connection that has to be made from a technology point of view. And that is all about the ability to use the same cryptographic techniques that are used to protect the Internet but to protect the emblem. Now, that's the premise for what we're doing. When we talk specifically about what we think would be a valid implementation of the emblem that has these properties of global visibility and scalability.
What we’ve looked at doing is simply leveraging what's already in place for secure namings through DNS and for routing and securing the BGP system for global routing. And what that means is that we have cryptographic protection for that information for names and addresses. How do we now layer on top of that cryptographic protection for the emblem. Well, to do that, we can leverage what's available already within DNS, and we have a prototype running where what we have done is taking part of our DNS name space at JHU and as part of our demonstration said that that subset of the name space is for humanitarian missions. Now, the name itself isn't the emblem because the name is not something that can be easily assured, but what we do in addition to assuring a name which shows that the name is legitimate, we insert within the DNS record a special text record that is signed by a different entity that is trusted to verify that the emblem is being used properly, and that's what then has to be tied back to the way the international humanitarian law is regulated in the different states in the different jurisdiction.
So that's the first part of what we've suggested, that we use the DNS in order to propagate this information, make that available within the DNS record using standard technology, thereby inheriting the scalability and global reach but it's not enough to have the names. In order to see what's happening on the Internet, you actually have to focus on addresses, and you get an address from the name space, but if you just relied on that, you run into the problem of being able to do that at scale, if you are the ‑‑ you know, if you are Francesca's organisation, you don't want to have to look for each individual name and collect each individual address. What you'd like to do is operate in a way where the addresses used for these protected missions are part of the distinguished part of the IP address space. And again, that's something that can be done. It is used all the time in order to segregate some of the traffic for the normal uses of the Internet. Commercial Internet operators, nation states that operator the Internet will distinguish how they handle traffic based on what they know about the meaning of that address, but they do that based on local considerations.
What we're seeking to do is make that context by which you determine how to handle an address global and global tied to international humanitarian law. So the suggestion then is to have designated blocks of addresses that are associated with the humanitarian missions and assigned through the normal process to provisioned Internet services tied to the infrastructure in place for secure routing. What that means is an entity would like to have a service supporting humanitarian mission, would number that out of the address space that is designated for humanitarian missions and register that within the RPKI, the Resource Public Index that exists for routing, and thereby gaining the global scaling and visibility for the address, so that if an entity like the Cyber Peace Institute, would like to see if Internet traffic disruptions are affecting humanitarian traffic flows, that is done based on aggregated blocks of addresses so that it's visible to a third‑party observer, that a state has in fact affected a humanitarian mission. So those are the core technical concepts. Adopt a naming technology and the means to do secure naming in order to provide a distinguished record that serves as a name‑space address and rely on blocks of addresses in order to have traffic flows that could be monitored that are associated with humanitarian missions. All of that secured by standard cryptographic techniques that then need to be tied to essentially a root of trust associated with the way the national humanitarian law is implemented.
That last piece really is where we see ‑‑ excuse me a second ‑‑ that last piece is where we see a great opportunity to work with international organisations on how that would be done. If it's done country‑by‑country, we again have a scalability problem. Every country would have to be able to ‑‑ every country ‑‑ not just every country. Everyone interested in participating would have to essentially touch every country. Better would be to work through existing organisations, national societies and the ICRC or the IFRC, or perhaps regional associations that countries might use in order to coordinate how they would implement the regulation of the entity that they do under their domestic laws. That piece, again, is at the intersection of the technical solution that I've sketched out here and the legal policy frameworks that are in place to allow cooperation on nations and that a cooperation with third‑party entities.
So that's where we are. As I mentioned, what we're doing now, is prototyping focused not on showing what you can do. This is very well established technologies. But showing if you do it on the operational Internet, it will behave the way you expect. It will have the scaling properties, the global visibility. We will have the ability to bring up or take down an emblem. We have to understand what those time constants are given how the Internet works, and that's an experiment that we hope to do over the next few months with some technical partners, and in parallel to that as I say, do some work with the appropriate parties that would look at how the nations are responsible for putting in place regulation of the use of the emblem that cooperate in order to make the assurance of the emblem of something that also scales globally.
That's what I have. Thank you.
>> MODERATOR: Tony, thank you very much. I think both yourself and Felix, your remarks have highlighted the technical feasibility of the emblem and, of course, that in itself demonstrates the innovative nature of the emblem itself and also I think speaks to the credit of the ICRC for taking so much time to go through the due diligence to identify and design how it's rolled out in practice.
In the next 10‑15 minutes, we’ll have the privilege of engaging in what I hope to be a dynamic conversation among the speakers and that will delve into the technology, society, and humanitarian aspects surrounding the digital emblem.
This is intended to be a conversation among the speakers so they have a chance to react to build upon each other's thoughts. If I could please request the AV team to have Felix, Antonio and Francesca on the screen at the same time so we can see them simultaneously, that will be helpful. Thank you.
Let's start by discussing the mix of the technological and policy dimensions of the digital emblem. I think it's crucial to consider the involvement of international organisations such as ICANN and the ITU in this endeavor. I wonder if any speakers have any thoughts on how these organisations can play a role in the development and implementation of the emblem and what collaborative efforts can we envision on this front. Felix, I think you maybe have some thoughts on this topic.
>> FELIX: Yeah, this touches a bit on what Tony said last time. So in our design of ADEM, we feature a notion of authorities as well, and we are deliberately vague in what these authorities are supposed to be because we don't know which authorities like the world will agree on the good ones to be endorsed by. So one of these authorities could be ICRC that endorse protected parties to run humanitarian missions. It could also be organisations like ICANN. But what we thought is that organisations that, for example, control parts systems of the Internet are not particularly well‑suited to verify whether someone that reaches out with them in terms of, hey, I run a protected mission, can you please endorse me?
Organisations that are more of technical nature would have a hard time verifying these requests as genuine, is what we feared. So we didn't want to put any legal burdens on technical organisations, so to speak, and rather focus on nation states or supranational organisations like the Arab League or organisations that know what they're doing in the space anyways like the ICRC.
>> MODERATOR: Thank you, Felix. Any other speakers have any thoughts on this?
>> TONY: I agree with Felix, that really the regional registry is more than ICANN. They are responsible for organisations, but their role is the validity of the information used to run the Internet. They are not in generally in a position to verify humanitarian organisation. But that's not srue as a blanket statement, as the ICRC has written, to regulate the use of the emblem, and in many states, there is a very close coupling between the Internet operator and the State. And so in that world, under the ICANN and the regional registries, there is a State authority that controls names and numbers, and if that's the case, there is a natural place for that to be the authority that controls the use of the emblem. Not as the numbering authority but as the state authority for the use of the Internet. That's not global. In the United States, that's not the way the Internet operates. In the United States, the government has very little involvement in how names and numbers are allocated but in Egypt or China, the coupling is very close.
So the answer, Michael, to your question is not simple. In someplaces you expect a close coupling. In other places, it really needs to be distinct but it does need to be tied into the way that the Internet itself is operated or you have to overlay another global scalable system, for example, so we envision using DNS not to use DNS to verify that the emblem is correct but to use DNS to propagate the emblem regardless of who has signed the digital record within the DNS record that says the emblem is valid. That can be an ISP, as I say, in certain countries. In the United States it almost certainly would not. It could be the American Red Cross or it could be the US as part of the supranational organization, but the general technical solution does have to maintain that separation, and recognising that operationally to make this scalable it does have to couple what's done by the registries in ICANN.
>> MODERATOR: Thank you, Tony. Maro.
>> Just to give a couple of thoughts on the legal and policy perspective. The use of the emblem is not decided by the ICRC. It's decided by states on the Geneva Convention. And this is in Annex 1 of the additional protocol. So that's where we have to operate from from a legal perspective. So buying into the technological development, we are working on the legal processes, and we presenting the idea to states for the international conference in October 2024 where the states will come to discuss about the emblem, states are aware about the project and international societies too, and then we look for them to give us the mandate to continue to explore this project because at the end of the day, we have to amend the Geneva convention, so we have to amend the additional protocol or create a new protocol. So this is the basic legal processes that we have to go through to be able to have a digital version of the emblem.
So that said in the offline physical space, then our state's authority that decide who is able to use the emblem. So the ministry of health or other ministries entitled for this, they decide who internally in their nation or in their territory because we're also talking about non-state, acted in the occupied territory and controlled territory, so these could be a north‑state actor, they are entitled to give the permission to selected entities to display the emblem for protection, so that distinctive use is already in the Geneva convention, so the ICRC and the international societies. But at the end of the day, the entity who decided who is able to display the emblem in the physical space is the state. So we tried to replicate the same process that we have in the offline and in the online. We're going to see the difficulties that we can have in these specific domain, but we would like to replicate exactly the same process for digitalisation. The implementation is another topic but, yeah.
>> MODERATOR: Thank you, Maro, very helpful. Let's turn to the subsecurity implications. Because we must recognize that with great information comes great responsibility so let's examine he risks and benefits with this concept. Anybody have any thoughts on potential vulnerabilities that we should be vigilant about, and conversely, how the overall cybersecurity are critical, how humanitarian organisations can be enhanced by the emblem and also recognising in a world where cyberthreats evolve, sometimes in predictable ways and sometimes in unpredictable ways, what proactive and best practiceses can be put in place to best safe guard these vital systems. Would anyone like to start?
>> Talking about protecting for example the infrastructure, the hospital and medical system, so this is more like a question to Felix or Antonio. You mentioned the ADEM or the implementation of digital emblems right now, you can sign on to the domain name or IPS, TNS or DNS, can it be possible to sign like individual files or medical or physical systems that are used in factory or hospitals?
>> FELIX: We need to distinguish two parts of ADEM, just talking about my design now, or our design. There is, for one, what you say that it's protected, right, how you speak about the entities that are protected, in which direction that you point. And using the ADEM IP address. This is how we identify an identity that is protected and then TLS and UDP and DNS are our mechanisms by which we gift someone the emblem, right, and this emblem that includes the pointer. We give it, for example, this emblem says this is the protected IP address, this is the protected domain name.
A colleague of mine is currently working on local emblems where the idea is that malware that infested some device could check whether this device is protected or whether parts of this device are protected. And the work that I presented, we focus on the network level, and on the network level, we thought it only makes sense to talk about things that you can also see from the network level, right, like we found it would be kind of like what would a verifier do with the information, oh, like looking at their notes, file f.txt on this computer is protected allegedly, but I have no access to this computer. What am I supposed to do with this information, you know, so on the Internet, we wanted people to only say something that's protected that they can also recognise as that thing that is protected but for local emblems we are looking at future work, and this, for example, would target especially the devices of medical staff because not every penetration happens through the network layer, right. It could be malware and the malicious email attachment that gets sent out en masse, right, and the malware happens to find itself wake up in the hospital network and we want to also curtail those problems.
>> TONY: Could I make one comment about some of the risks. We worry about unintended consequences. What we have to be careful of is not to create an emblem in a way that itself potentially causes a disruption to the humanitarian mission. And really, the important thing here is to think about how a third party, not the cyber actor, how a third party would observe that the emblem as being respected. What we wanted to avoid was depending on the humanitarian organisation itself to field a query from an arbitrary third party in order to avoid the potential for an unintended denial of service attack, so the scenario to think about is you would like to be able to observe the cyberattack in progress. If the only way to do that is to query the attacked entity, what you are doing is focusing traffic on the attacked entity, that's how unintended denial of service happens. So there's no way to check for malware on the machine without checking the machine, but given what we have seen that the nation state attacks typically focus more on the infrastructure than on the individual user, we want to make sure that the observation of attacks on the infrastructure don't depend on observing the end point. I'm talking about a set of mechanisms that have actually manifested many times on the Internet with the loss of certain critical capabilities because of a focused overlook on the end point. You can imagine that kind of thing happening if all the news organisations in the world or all of the third parties are to monitor compliance with international humanitarian law address a end point that is intended to be protected.
So that's a little aspect of this that is still of concern to me. Our solution tries to mitigate that by relying on Internet infrastructure to query for third, parties but there is nothing that prevents those third parties from actually knowing where the attack is manifesting from actually focusing their intention on it unintentionally disabling the humanitarian operation.
>> MODERATOR: Thank you, Tony. Cociaro.
>> Just a very quick comment. The local emblem is something we do need to implement this concept because the more a system critical is, those systems tend to be completely offline or not connected or doesn't use the global IP address spaces, do not associate with any domain and others, so that's something I need to see your future proposal.
>> MODERATOR: Thank you, Cociaro.
Francesca, if I may put you on the spot 5:00 a.m. your time. I know strategic foresight is a specialty of yours. I wonder if you have any thoughts on where risks to the medical and humanitarian sector might go in the future and how we can practically mitigate those risks?
>> FRANCESCA BOSCO: Well, actually, can we share a reflection of what’s I think sort of a connection point across a different – starting from Maro was mentioned, one of the key requirements of the emblems is that it needs to be understandable by the key parties. Let me share specifically to address your point, Michael, in terms of we tried evolutions in cyberspace that we are seeing. I'm sharing an evolution we are all aware about, for example, the kind of like civilisation often of conflict that we have seen, for example, and why the emblem is relevant. So more of an evolution in terms of like technology, and I would like to share an evolution which is a combination of let's say the technological disruption of like the ability of certain tools I’m thinking I'm thinking for example about the acceptability of harmful and sophisticated malware, for example, the diffusion of ready to use that are acceptable online, leaked to sold, so they lower the barriers of entry for malicious actors. One of the elements that Mauro mentioned before is that the emblem needs to be understandable also by the attackers. And here we've been talking more about the technological vulnerability, but let’s also think about and the human vulnerabilities in terms of lowering the barrier into entry means also that, again, as we’ve seen, let's say there is a blurring line between the state and nonstate actors, the complexity, clearly, of the ‑‑ I mean, the attribution of cyberattacks and the increased complexity of having civilians, for example, engaging in cyberoperations. So this to say that one of the problems is also understanding the real impact that certain action might have. What we have observed is, for example, that there is a combination between for example a state‑sponsored actors and activist collectives that usually conduct more basic attacks on disruptive attacks, but you can never completely see the speedometer effect without fully understanding the consequences that their actions might have often because they don't understand the full impact basically they might have with their actions.
So I think this is an interesting evolution, let's say, in cyberspace where, again, to Mauro's point in terms of like the value of the digital emblem is indeed something to consider, and let me also allow another comment, which was also ‑‑ I was seeing some of the comments in the chat about the implication. I think that the implication needs to go in different directions. Again, going back to why it's important, let's say, to protect healthcare organisations, institutions, and facilities, but also at the same time, humanitarian organisations. Before understanding, let's say, why it's important to protect, there is often the easier argument is to offer complete examples of what it means if we're not protecting them, and we've seen this. We have not necessarily learned from that, but this needs to go across let's say the different stakeholders involved. I started with the malicious actors but let me go back also to what the, let's say, which are, let's say the ones on the other side of the emblem as Mauro was mentioned are states at the end of the day.
Also, in terms of like states, we need to educate in terms of the real consequences and the real impact of attacks, and to this end, one of the works that we are currently doing is also analysing, basically starting exactly with the work that I was mentioning on the healthcare to understand the real human impact, but also to foresee potential consequences on the long-term. We started doing this work by which we are working on standardizing methodology to measure the harm to cyberattack and monitor the responsible behaviour in cyberspace and to the points that have been made, this needs to be applicable in peace time, in armed conflict time, and be able to assess which are the costs that we are paying as society if we are not protecting vital infrastructure like healthcare and humanitarian organisations.
>> MODERATOR: Francesca, thank you very much. We now have approximately 22 minutes for audience Q&A. For anyone in the room who has a question, if you could please approach the microphone at the stand. I don't say that to make things awkward but it is important for accessibility and to make sure captions are on the screen as well.
To kick things off. There's a question in the Q&A chat in Zoom which I'll propose. It's a very helpful big-picture question. They ask, can we stop cyberattacks in all sectors by investing in huge amount of funds for developing high-sophisticated software tools/systems or are there other means to at least minimize cyberattacks that harm countries? It's a big‑picture question, not just specific to the digital emblem. It helps us expand the conversation on cybersecurity more broadly. If any other speakers have thoughts on this. I will mention the Microsoft perspective. At Microsoft, we talk about five specific actions that are recommended that are taken. One, this is true for individuals and systems administrators, to apply multifactor authentication. I know that can seem very annoying, but it does make an enormous difference as studies have shown. Secondly, applying zero trust principles that are specific to system administrators, extend detection, and antimalware, software, and solutions, keep up‑to‑date, in other words patch systems and use the latest available versions of software, and protect data ID through encryption. Studies have shown that 99% of cyberattacks can be stopped by those basic cyberhygiene activities. We’ll also encourage tech and telephone companies to join the cybersecurity tech accord, whi is approximately 150 members who have committed to best practices and principles, responsible behaviour in cyberspace, as well as the Paris call for trust security in cyberspace which actually applies to all sectors, and it's the largest multistakeholder initiative to advance to cyber resilience and would encourage anyone to engage with Francesca's organization, the Cyberpeace Institute. Does anyone else have any thoughts on this. Francesca, I see your hands up.
>> FRANCESCA BOSCO: I was waiting for this moment because actually, when we work on the cyber incident tracer health, in full transparency, we started receiving many requests, like can you do it for us in the banking sector, for example. Can you do it for us in other vital infrastructure. On purpose, we decided to focus on civilian infrastructure, and so we started looking into that. So I get the point. So I'm talking here more about like understanding the full landscape. I'm not going to get into the weeds of the definitions and let’s say in the landscape of different laws and regulations that apply that are making it also difficult, let's say, to do some work, but let's stay to our own experience and to answer the question. Would the funding be enough? From a technical standpoint and I spent all my life in cybersecurity, I would say stopping cyberattacks worldwide, not possible. But on the mitigation side, indeed, there's work that can be done. You mentioned ‑‑ you started basically already answering and mentioning a basic cyber hygiene, and this could be like the minimum requirements, let's say, of all society implication but sticking more in terms of like what the different stakeholders can do, I think there is one basic point, which is full cooperation in terms of like information‑sharing. One of the challenges we encounter, for example, in the (?) was to collect the data, analyse the data, and also to share the data among the different partners, so information sharing is still a challenge, and there is one part which is also related to how to transform the knowledge into palatable and understandable knowledge that can help the international community to advance the mitigation efforts, not only when it comes to, for example, accountability, but also I'm thinking in terms of like the active role that Civil Society organisations, the non-state actors, you mentioned the Tech Accord or Civil Society organisations and like many other attendees, for example, IGF in the room can play a role because they are the ones that are often either impacted or they are the last line, let's say, very close to the people that are impacted by cyberattacks. so to understand, again, the consequences and for potentially advancing knowledge for the mitigation efforts, we need to have this constant dialogue.
And then the third part that we have not discussed so much about but in the end it's also the framing of the conversation, which is protecting the protectors, meaning sharing also defense resources because there is one part which the information is sharing, but then the results, OK, so what we can do about it and therefore how we can mitigate it. Enhancing, cyber capacity‑building, there are different efforts in that regard. I was mentioning there is going to be a high‑level meeting in Ghana at the end of November. The global cyber capacity building I mention this because this goes also into the mitigation effort side, and there would be also one for who's specifically on protection of critical infrastructure, both in undeveloped and in developing countries but then also, again, sharing the knowledge, the good practices, and also sharing active, let's say, defense initiatives to this end and considering the humanitarian context, actually on the humanitarian cybersecurity centre which is sort of like an umbrella platform by which we are collaborating with different entities, hopefully to ultimately stop the cyberattacks but especially to mitigate the impact of cyberattacks specifically on humanitarian organisations because they are the ones, again, that they are protecting society as a whole.
>> MODERATOR: Thank you, Francesca. Tony, your hand is up.
>> TONY: Yeah, I wanted to first, Michael, very much endorse your points about the importance of some basics of cyber hygiene. Many, many of the attacks you've seen that are very damaging, we have the technology mitigated. It's just not done. Having said that, I think we can't count on the technology solution to these problems because some of the adversaries of some of the sophisticated targets are so valuable that it has to be lower than a technical solution, and that's one of the things, you know, that got us started down this path. We think there's a lot of value to exposing malicious behaviour and looking for a collective action, which is one of the reasons why we've tied a lot of the mechanisms we've used specifically for the IHL application to general mechanisms available on the Internet because IHL is very important but very limited to the humanitarian operations in conflict, so you want to have a solution that works in that environment, but you'd like to be able to extend it under different authorities into other environments, and authorities could be legal authorities or could just be ethical or norm‑based behaviour that says, we will be able to observe that there seems to be hostile activity against a hospital. Not in conflict, the hospital. Or a public utility. And to do that, you have to make ‑‑ you have to provide some more transparency so those who are interested in watching know what they're seeing and, again, to do that, to do that globally and scalably, you have to tie it to the scalable infrastructure that's in place. You can't do that sector‑by‑sector and still scale. That's one of our motivations to try to tie what we're doing to the infrastructure that's in place that can then be repurposed for these purposes.
IHL, very good special case but would not address, for example, ransomware at a hospital in peace time. That's not an IHL problem but very much an important problem that can be solved by looking towards so same types of bad behaviours.
>> MODERATOR: Tony, thank you very much. In terms of questions in the room, please do approach the microphone. Yasmine, I believe you have a question, please.
>> Audience: Hi. It's awkward to be standing in front of the microphone. Thank you so much for this very interesting panel. I'm Yasmine and a researcher at the UN Institute of Disarmament Research. So I have a few questions. Bear with me. First on the question of offensive cyber capabilities that are being enhanced by AI, I know that there's a lot of hype around it but the fact is that there would be cyber capabilities that would be increasing even without automation and AI, and I was wondering how the digital emblem solutions would deal with issues surrounding the need for the emblem to be verifiable and in an authentic way, but at the same time, how do you deal with the increase of speed of cyber capabilities that might not even take the time to verify the authenticity of these emblems or don't even care about the emblems in a way.
Second is my question surrounding the appetite of states and sort of substate level of organisation and additives for dissolution. Obviously, I've heard about your efforts for socialising the idea which I think is great. How much appetite do you see concretely at the moment and what sort of incentivisation have worked far. A couple of days ago, I saw an article I saw an article about for example about the activists in Russia and Ukraine who actually pledged sort of lowered or descaled the level of operation they were conducting at the same time. How would you incentivise activists that are less organized in these groups that would respect such emblems as a digital emblem.
>> MODERATOR: It would be good if we could have the questions bunched together and allow the panelists.
>> I am with the ICRC institute with Francesca. We don't work together but ‑‑ I'm wondering given problems around attribution that Francesca mentioned, would you foresee kind of fewer state actors being motivated to respect the emblem given that there's maybe an easier or high probability that the emblem could be violated without the attack being attributed to a state. That's my question. Thank you.
>> MODERATOR: Looks like we have a third question.
>> Audience: Thank you very much, everyone. I didn't know about this proposal. I'm(?), and I work in work polic and national security in Australia's incoming ISP, which is really frustrating, and I have a background in international relations, so this really hit me. A couple of observations and then a question. I think just to kind of add to kind of what Sparky was saying, I think there's a real kind of need for this. We have excellent visibility on the targeting region given our network, and this is a real threat. This is stuff happening now. There's hospitals being hit by nation states that we can see almost every day. From the outset, say there's a case for this, and it's really interesting. I think to kind of answer the question before my question, the first question of you ‑‑ what I think you might say is like the malicious kind of criminal community is very self‑regulating, so they will go after people who target people they perceive as soft targets, like they don't like that amongst their own communities. So whilst this is kind of primarily targeted at nation states, you might see that trickle‑down impact within the criminal community itself, so I think there might be broader kind of impacts than what you've even outlined here.
On the kind of issue of validating kind of who is adhering to the emblem -- because I'm a real kind of ‑‑ how do we implement, is this right, what will it look like in reality, how do we roll it out? How do we do it? You can look to ISPs. We have really good knowledge of who the key nation states are that are operating in our jurisdictions, what their see‑tos are, what infrastructure is, so if you were to implement something like this you could reach out to those organisations and say, OK, is this being adhered to? Are people following these kind of rules. Can we give you insight. Is that happening or not happening. That's my question. Do you think there's a role for ISPs and that kind of situation to help validate what people are adhering to an emblem‑type scenario? Thank you.
>> MODERATOR: Thank you, Jess. Tremendously helpful. So to summarize there we had we had a question on how to deal with the implications of AI-empowered attacks but also AI-empowered defense. The appetite for states here and how we can ensure that states respect the emblem. How do we think about consequences of the emblem and the role for ISPs. We have approximately six minutes left. If I could encourage our speakers to exercise some brevity, that could be great. Who would like to go first. Felix, I see your hand is up.
>> FELIX: I hope I can be brief. I'll do my best. I would like to comment on all the questions or parts of them. So in the context of the question regarding AI, it was like how do we then even deal with attackers who might not even verify the emblem as authentic, and here I think it's important to recontextualise the emblem. So the emblem is a mechanism to reduce cyberattacks but only by design from those who verify and pay respect to it. I think it's important in our discussion to focus on these aspects. Because otherwise there's nothing we can do. Regarding the last question. I appreciate that the second question was already answered by the person asking the question themselves. The role that we're exploring for our design in general, not regarding ISPs, was because our design is so active, it functions like a heartbeat protocol, right. Emblems are just sent out regularly or not. We were wondering if monitors that regularly but not too often check whether these emblems are sent out to be able to test, for example. You say you didn't see the emblem but look, we see how it was sent out. It was not dropped, and I never thought of ISPs taking this road but it could be one of the possible roads. Yeah, thank you.
>> MODERATOR: Thank you, Felix. Four minutes remaining. Mauro.
>> FELIX: Probably on the nonstate actor and the incentive for the state to (?). From the state's perspective so there is a legislation that they sign or article mentioned, so they should comply with the Geneva conventions. If they do not sign this amendment or the new protocol, so they binded by law,can be a little bit more We are living more in the physical world where you do operation, it's one thing. We have to test them whether it's going to be out there. But we tend to think that countries that are respecting the physical emblem will also be in respect of the digital one.
And other storeys about the north state actors. We published couple of days ago in the European Journal of International Law an article about eight laws that doctors should respect. Those are not new rules. Some newspaper thought we are doing a new Geneva convention or new commandment in those respect, those are just rules based on IHL. So rooted IHL. We call nonstate actors to respect IHL in a new way because of the recent conflict, but those rules are rooted IHL. So what is the goal is to talk to ‑‑ through the publication, to talk to the nonstate actor and ask them to respect IHL and not to attack the civilian objects people and so on and so on. So you can find this on our blog on the European journal.
So through this work we are doing, we are teaching those people, what is IHL, the respect of it. And the infringement of IHL could be considered a war crime. So what we try to do we do in the physical space with armed forces and now we try to do on the digital space knowing that the people in the digital space are physically somewhere. So that's the goal.
>> MODERATOR: Thank you. Two minutes remaining. Would anyone like to be the final speaker for this session?
If not, then sure, I'll help to wrap up. You don't need me to reiterate the significance and importance of protecting medical facilities and humanitarian organisations. We know that. I think this session has demonstrated how we further help those sectors to be protected but we've also discussed technical solutions enough. We need a broad range of multidimensional solutions and many actors. I hope that those here who have you joined us in the room have or online have found this to be relevant to your work and that you can also contribute in ways that are necessary. Mauro will be here and feel free to email or connect to any one of us if you feel it is necessary to do so.
We need to clearly have more collaboration but also there’s as a space for research and more advocacy on these matters as well. This session alone doesn't achieve all those goals. With that, I’d like to thank our great speakers for what has been an interesting session and our attendees for the tremendous engagement and questions. Thank you very much.
[applause]