As Warfare Digitalizes, So Should Protection: Towards a “Digital Emblem”

by , | Nov 3, 2022

Digital emblems

As societies digitalize, cyber operations have become a reality of armed conflict. In the United Nations, States have identified the increasing likelihood of the use of Information and Communications Technologies (ICTs) in future conflicts between States as a threat to international security (see here, para. 16). Over the past years, the International Committee of the Red Cross (ICRC) has warned against the potential human cost of cyber operations and raised concerns about the vulnerability of the medical sector and humanitarian organizations to cyber operations. Indeed, since the onset of the COVID-19 pandemic, cyber operations against hospitals have disrupted life-saving treatment for patients, and forced doctors and nurses to resort to pen and paper at a time when their urgent work was needed most. In 2022 alone, the Red Cross and Red Crescent Movement members have been the target of different cyber operations, as have other humanitarian organizations. In times of armed conflict, such operations put already vulnerable people – the wounded, the sick, and persons in vulnerable situations – at even greater risk of harm.

As warfare digitalizes, can digital technology also be leveraged to strengthen the protection of medical facilities? Can we incorporate the century old idea that “hospitals, ambulances and evacuation parties … shall bear a red cross on a white ground” into the digital environment? Can we develop a digital expression of this bedrock rule of the laws of armed conflict? Can we continue the evolution of an idea that started 150 years ago from a painted red cross, to a red crescent, to protective radio, light and electronic signals, all the way to a “digital emblem?” What would be the benefits and risks of doing so? A new report by the ICRC on “Digitalizing the Red Cross, Red Crescent and Red Crystal emblems” sheds light on how experts think about these questions.

Shaping the Idea of a “Digital Emblem”

The idea of a “digital emblem” is straightforward: it would be a digital sign to identify – and signal protection of – the ICT infrastructure of medical facilities as well as the international red cross and red crescent organizations. Such an emblem would provide a clear signal that the marked entity enjoys specific protection under international humanitarian law and must be protected against harm. It would aim to add a layer of protection against cyber operations, just as the red cross, red crescent, or red crystal emblems do in the physical world. In other words, it is a sign of legal protection. It is not a cyber-security measure that protects systems against intrusion or damage.

At the ICRC, we have been thinking about the idea of a “digital emblem” for a number of years and raised it in discussions with cyber security and operational experts (see here (pp. 9, 39-42) and here (pp. 27-31)). The feedback we received was often two-fold. On the one hand, it was clearly recognized that a “digital emblem” could mark the infrastructure and data of protected actors to facilitate their identification and help avoid erroneous targeting, or incidental effects caused by cyber operations. On the other hand, the concern was raised that a “digital emblem” could risk identifying a set of “soft targets” to malicious actors, which could be more easily or systematically targeted.

Against this background, in 2020 we partnered with research institutions – the Centre for Cyber Trust and Johns Hopkin University Applied Physics Laboratory, and later also with ITMO University St Petersburg – to identify technological ways of marking the digital infrastructure and data of protected entities. Subsequently, jointly with the Australian Red Cross we brought together a diverse group of former military cyber operators, cyber security specialists, criminologists, ICT staff from hospitals and humanitarian organizations, and other ICT specialists to seek their views on the proposed solutions.

Criteria and Technical Solutions for an Effective “Digital Emblem”

In order to fulfil its purpose of effectively signaling the protection of medical facilities and the international red cross and red crescent organizations in cyberspace, a “digital emblem” would need to be easy to deploy by protected entities and easy to see by parties to an armed conflict.

For its use by protected entities, a “digital emblem” would need to be easy to deploy and maintain at low cost throughout the world, bridging linguistic, technological, resource, and cultural differences. It would need to integrate into the existing technological environment (including clouds) and be adaptable to future technological and infrastructure developments. A “digital emblem” should also be easily removable, as that is crucial for addressing possible security risks. Moreover, a “digital emblem” would need to be deployable under the direction of the competent authority of parties to an armed conflict from all parts of the world.

In order to effectively signal protection, a “digital emblem” would have to be “visible” to, and easily identifiable and understood by, those conducting cyber operations. Operators have further emphasized that they should be able to probe for a “digital emblem” without being identifiable as a potential threat actor. Ideally, a “digital emblem” should be part of the information that any operator asks of a system. It should also be possible to easily verify the authenticity of a “digital emblem”.

With these criteria in mind, our research partners have developed several potential technical solutions for a “digital emblem” (see here, Annexes 2 and 3). Three are the most promising.

A first option is what we call a “Domain Name System (DNS)-based” emblem.  This solution would use a special label to associate the “digital emblem” with the domain name (e.g., This would be a straightforward, human-readable “digital emblem” identifying the protected system.

A second option would be an “Internet Protocol (IP)-based” emblem. This type of emblem would require embedding semantics in IP addresses – meaning a specific sequence of numbers – to identify both protected digital assets and protected messages traversing a network.

A third option goes by the name of ADEM (“Authenticated Digital Emblem”) and essentially uses certificate chains to signal protection. Under that approach, these certificates (such as the small lock often found next to the address in your browser window) can be authenticated by different authorities and communicated via different internet protocols.

None of these options is final yet. More work is needed to refine and test them.

Balancing Benefits and Risks Associated with a “Digital Emblem”

The main benefit expected from a digital emblem is that it would make it easier for cyber operators to identify and spare protected entities by visualizing and operationalizing legal protections in the digital environment – just as a large red cross on a hospital roof does in kinetic operations. In our expert consultations, cyber operators emphasized that in the “fog of war,” this additional signal can have real added value. It will primarily enhance protection for marked entities against the risk of harm caused by law-abiding operators and it may also have a deterrent effect on malicious ones.

At the same time, digitally marking and identifying medical and humanitarian entities risks increasing their exposure to harmful operations. In the view of many of the experts we consulted, the severity of this risk may vary, however. For many operators, it is already easy to identify medical or humanitarian organizations in cyberspace if they were to deliberately target them. The additional risk of facilitating their identification may therefore be relatively small. The use of a “digital emblem” might, however, run the risk of greater exposure to operations by less sophisticated actors. But these actors have less capabilities to cause harm.

In this respect, it is important to understand that a “digital emblem” is not a cyber-security measure that technically protects systems against intrusion or damage. It is a sign of legal protection. This means that any medical facility that employs such an emblem would have to also take cyber security measures in addition to using a digital emblem – just as a hospital in a war zone normally employs a range of physical measures to protect itself against incidental harm.

A different risk is the potential misuse of a “digital emblem” to falsely mark military or otherwise unprotected infrastructure. This risk also exists in the physical domain and misuse of the emblem is prohibited under international and domestic law. It may even amount to a war crime if misused perfidiously (article 8(2)(b) of the Rome Statute of the International Criminal Court).

In fact, international humanitarian law clearly defines who is permitted to use the distinctive emblems (see, e.g., article 44 First Geneva Convention, article 18 and 38 Additional Protocol I, Annex 1 of Additional Protocol I). On the one hand, in times of armed conflict authorized medical actors (medical services of the armed forces, authorized civilian medical facilities) as well as the international red cross and red crescent organizations (i.e., the ICRC and the International Federation of the Red Cross and Red Crescent) may use the emblems to signal their protection. On the other hand, members of the International Movement of the Red Cross and Red Crescent (RCRC) may at all times use an emblem for indicative purposes, meaning to identify themselves as members of the RCRC Movement. Just as in the physical world, States would have to enforce these rules in the digital environment.

From Research to Reality

Back in 1864, the First Geneva Convention foresaw that the red cross should be shown on flags and armbands to effectively signal protection. In 1949, the Geneva Conventions recognized the red crescent and red lion and sun as new protective emblems and emphasized that they should be displayed on all equipment employed in the medical service of the armed forces. In 1977, States added protective signals and radio communications, and recognized that further technical measures might be needed in future to protect medical facilities.

These milestones show that signaling the legal protection of medical facilities is a dynamic process that requires constant vigilance, innovative thinking, as well as the evolution of international humanitarian law. In June 2022, all National Red Cross and Red Crescent Societies therefore encouraged the ICRC “to continue researching the technical feasibility of a digital emblem … and assess the benefits of such an emblem” (see here, para. 12).

In the coming years, it will be for States to further consider the idea and, if a “digital emblem” is considered desirable, pursue avenues for incorporating such an emblem into the international legal framework. These avenues include, but are not limited to

– The adoption of a new additional protocol to the Geneva Conventions. This approach was taken in 2005 to establish the “red crystal” emblem.

– A revision of Annex I of Additional Protocol I, which regulates the use of “distinctive signals” (light and radio signals, electronic identification) or communications (radio communication, codes). A procedure for regularly updating this annex is foreseen in Additional Protocol I (see article 98).

As cyber threats to medical facilities and impartial humanitarian organizations grow, it is time for the international community to come together to ensure that new threats are addressed by updating and innovating long-standing practical protection measures.


Dr Tilman Rodenhäuser is a legal adviser at the International Committee of the Red Cross’ headquarters in Geneva, Switzerland.

Mauro Vignati is adviser on new digital technologies of warfare at the International Committee of the Red Cross headquarters in Geneva, Switzerland.


Photo credit: Unsplash