Since the onset of the invasion of Ukraine, an unprecedented level of cyber-patriotic gang activity has emerged. These groups, on both sides, are preparing attacks typically aimed at acquiring sensitive data or paralyzing critical infrastructure. This new type of warfare has not yet been defined by international law. To ensure the ethical nature of such actions, the International Committee of the Red Cross has announced eight rules of conduct for civilian hackers[1].
These rules have been derived from international humanitarian law and include prohibitions on attacks on hospitals, the use of tools that spread uncontrollably, and terrorist actions against civilian populations.
– Such codes of conduct can work in traditional warfare models, but cybercrime and digital warfare are entirely different situations. Civilian hacking activities are characterized, among other things, by their often imprecise targeting of the enemy, which is uncommon in physical warfare. The way some hacker targets are chosen results in side effects occurring several kilometers away or the paralysis of an entire region. This is simply due to how networks and infrastructure are configured – comments Baron Szczepankiewicz, ESET antivirus laboratory analyst, adding that we already know of many attacks, both on hospitals and other humanitarian institutions, and we can assume that those who carried them out do not possess the same ethical or moral basis as the groups creating the rules. An additional factor facilitating the bypassing of applicable rules is the fact that cyber gangs operate under the cover of anonymity or potentially the protective umbrella of governments. Nobody truly knows who they belong to. However, creating such codes of conduct is definitely a good start to regulate hacker behavior in wartime situations. It’s easy to imagine that when the Geneva Conventions were being established, there was likely some skepticism. Perhaps today’s action by the Red Cross will initiate changes, which will eventually become part of the canon of warfare rules.
Below are the 8 rules proposed by the International Committee of the Red Cross:
- Do not direct cyber attacks at civilian objects
- Do not use malicious software or other tools or techniques that spread uncontrollably and cause mass harm to military targets and civilian objects.
- When planning a cyber attack on a military target, do everything possible to avoid it affecting the civilian population or minimize its effects.
- Do not carry out any cyber operations against medical and humanitarian facilities.
- Do not conduct cyber attacks on objects necessary for the survival of the population or that may cause dangerous occurrences.
- Do not use the threat of violence to spread terror among the civilian population.
- Do not incite violations of international humanitarian law.
- Respect these rules, even if the opponent does not.
[1] https://www.bbc.com/news/technology-66998064
