Identifying protected missions in the digital domain

Digital technologies and the always-on communications that underpin the internet have transformed our world in many positive ways, but have also enabled behaviors contrary to the public interest and even threatened the continued stability of the internet. The transformation has been technology-driven but carried out in a larger commercial, social, and legal environment that shapes how the technologies are developed and used. As part of that effort, the Johns Hopkins Applied Physics Laboratory (APL) has partnered with the International Committee of the Red Cross (ICRC) to investigate technical solutions for identifying protected missions in the digital domain.

For several years, APL has been studying approaches to assuring a stable internet through norms, laws, and technologies. In this post, continuing a discussion on the viability of a ‘digital emblem’, Antonio DeSimone, APL Principal Professional Staff, Brian Haberman, APL Principal Professional Research Scientist, and Erin Hahn, APL Principal Professional Staff, present an overview of technical approaches that may help.

In the physical world, medical services of the armed forces, the ICRC and other authorized entities can employ the emblem to denote their protected status. Through the efforts of the ICRC and the International Red Cross and Red Crescent Movement, the red cross, red crescent and red crystal are universally recognized and respected by parties to a conflict who abide by international humanitarian law (IHL).

Meanwhile, there is a parallel battlefield taking shape in cyberspace. Malware such as WannaCry, NotPetya, or Teardrop have spread around the globe indiscriminately, affecting medical services in various States. Multiple examples exist in which cyber operations have been used to disrupt communications and digital infrastructure to pursue government objectives, including in situations below the threshold of an armed conflict, such as in Egypt in the Arab Spring, or Tunisia, or in the context of an armed conflict, such as in Syria.

The ICRC takes the position that IHL ‘limits cyber operations during armed conflicts just as it limits the use of any other weapon’. In cyberwarfare, responsible actors would want to respect IHL principles, in particular the principle of distinction requiring belligerents to discriminate between military and civilian objects. The emblem provides a means to discriminate.

In the physical world, location and other physical characteristics can more easily distinguish combatants from civilians and military objectives from civilian objects. In the digital world, however, the same digital terrain may be occupied by lawful targets as well as objects that may be entitled to protection. Carrying the emblems used in the physical over to the digital world could help transfer the emblem’s protective function to digital infrastructure and communications on the internet that are protected under IHL.

Technical criteria for a digital emblem

Any technical solution should operate across a diverse set of environments that fall under IHL. Examples of use cases include signaling protection of medical units of parties to an armed conflict, authorized civilian medical units in times of armed conflict, and the ICRC’s digital infrastructure and relief operations.

Different manifestations of a digital emblem will have different strengths and weaknesses across multiple dimensions. Use of a digital emblem should be controlled, and who should control it and how is a challenging issue.

Protecting the emblem from misuse is an important criterion. The technical approach to prevent misuse needs to be balanced against the logistical and operational burden on ICRC and other competent authorities controlling use of the emblem. The broad recognition of the physical emblem is key to its utility in preventing harm during conflicts; it also provides a means for third parties to identify violations and misuse, including perfidious use. Visibility of the emblem to combatants is essential and visibility to third parties is valuable. Being able to provide such recognition and visibility in the digital realm will provide similar benefits.

Beyond the considerations above, which have strong analogies with the physical emblem, a digital emblem should be compatible with existing cyber operations and security approaches, including traceability of hostile cyber activity.

High-level approaches

Technical approaches can focus on endpoints (i.e., computers or other devices) or be tied to the communications and use of the internet.

One approach for a digital emblem is an endpoint-based digital emblem, such as a well-known file, made visible to processes running on the protected system; it signals the active use of the emblem either by the simple existence of the file or by directives contained within the file. By placing such a file in a location on a system, the digital emblem file is easily located by any software operating on that system. Additionally, a simple query/response protocol could be developed to allow external systems to query a target system for the existence/use of the digital emblem.

Other approaches are internet-based, which are tied to the basic internet control information: names and numbers. Domain names, e.g., www.icrc.org, provide a human-readable set of labels to identify resources on the internet, aligned in a hierarchical fashion. A special label could be identified that would associate the digital emblem with the domain name (e.g., www.icrc.protected.example.org). As long as the domain name is only associated with systems that are eligible to be protected by the digital emblem, it represents a straightforward, human-readable digital emblem identifying the protected system. The Domain Name System (DNS) can also map a new type of information (i.e., a digital emblem record) to the domain name. When querying the DNS for the network address of a domain name, software could also query for the digital emblem information associated with the name or network address. If such a record exists, the querier will know that the target system is protected by the digital emblem.

An address-based emblem relies on the network addresses used by the internet infrastructure to determine which path to use to reach the target system during message exchanges. As currently employed, network addresses are meaningful only to support the technical function of establishing a path; it does not carry any global semantics regarding the purpose of the associated system using the address. A framework for embedding semantics into network addresses would provide a means to create a digital emblem that both protect digital infrastructure and protect messages traversing the network. This allows systems anywhere in the internet to determine whether systems they probe or messages traversing the network are associated with a protected entity, providing a robust digital emblem. An address-based emblem can be designed with either IPv4 or IPv6, but to be scalable, the address-based emblem is best employed using the capabilities of IPv6.

Balancing risk and benefits

In the physical world, the emblem’s use is regulated by the Geneva Conventions and enforced by States. Enforcement of those use constraints is typically driven by in-person observations of the emblem’s use. Such an approach works in the physical world due to the limited number of places where the emblem would be actively used. In the digital domain, those constraints don’t exist because the global reach of the internet potentially allows any system to contribute to a protected mission. Given this critical difference, the use of a digital emblem needs to consider how regulation of the digital emblem will be achieved.

For some critical resources within the internet infrastructure, the enforcement of proper use of those resources is done through an a priori approval process combined with public attestation of such use. Other approaches to managing the use of resources on the internet leverage passive monitoring/reporting of abuse (e.g., crowd sourced reporting of misuse). Both approaches come with risks and benefits which need to be considered against the cost of misuse of the digital emblem. For example, public attestation requires an infrastructure for signaling the approved users of the resource while passive monitoring requires a simpler capability of tracking/reporting use/misuse of the resource. The potential risk/cost of misuse of a digital emblem is far higher than that of misuse of the physical emblem given that the scale of potential abuse is much, much higher.

See also

Share this article


There are no comments for now.

Leave a comment