The role of civilian hackers during warfare continues to expand, and now at least one group is trying to set up some rules of engagement.

But whether the proposal from the International Committee of the Red Cross announced Wednesday will gain any traction and make these attempts more humane is anyone’s guess.

Civilian hackers have participated for a long time in various wartime conflicts, as documented by this article today in the Washington Post. For example, hackers targeted Western pro-Syrian supporters back in 2013, and Greek hackers in 2020 targeted numerous Azerbaijani government websites in support of Armenia.

Back in 2010, Richard Clarke in his book “Cyber War: The Next Threat to National Security and What to Do About It,” only envisioned the scenario where state-sponsored cyberattacks occurred. That seems almost quaint by today’s actions that have expanded into civilian participation.

Another analysis in Lawfare by Kubo Macak, a legal adviser to the Red Cross, cited government-run cyber operations that date back decades. He cites repurposing civilian smartphone apps for military use, such as reporting on enemy troop movements for weapons targeting.

What’s different today is that the Russian/Ukraine war has erased numerous boundaries between civilians and the military. This happened through attacks by both governments on civilian targets and by both governments recruiting civilian hackers to participate in various cyber offensive operations. One analysis written back in 2022 found that despite the initial foray of Russian cyberattacks, they have had minimal impact on Ukraine.

A good illustration of this blurred line is how essential Starlink’s internet access has been for the Ukrainian government’s military operations – a civilian technology that has direct military application.

“The digitalization of societies has fundamentally shifted the role of civilian involvement in conflicts in both quality and quantity,” Macak says. Civilians now have a “direct contribution to the operations on the digital battlefield as support to kinetic operations.”

In their paper, the Red Cross advisers Tilman Rodenhäuser and Mauro Vignati point out it isn’t just the line between civilian and military use but the level of civilian involvement that has increased. Some groups now have thousands of participants and “the civilian involvement in digital operations during armed conflict has reached unprecedented proportions,” they wrote.

These civilian vigilante operations aren’t without potential drawbacks. Their actions can harm civilian populations, either by deliberate action or by accident. They also could become military targets and risk attack by the enemy or could be criminally prosecuted.

To that last point, the Ukrainian government has brought a case to the International Criminal Court to investigate Russian cyberattacks against many civilian targets as potential war crimes. Although attribution is messy in these circumstances, it does appear that some of these cyberattacks are using civilians.

Eight humanitarian rules of cyber war

The paper formulated eight humanitarian rules, including:

• Avoid cyberattacks on civilian infrastructure, medical and other humanitarian targets, including electric power stations and dams. (Russian hackers took down Ukraine’s power grid for several hours back in 2015, for example.)
• Don’t deliberately use malware worms because they can be difficult to control (paging Robert Morris, and the more recent NotPetya ransomware attacks)
• Don’t make violent threats or incite others to your cause.
• Comply with the rules even if the enemy doesn’t.

That last one could be a major sticking point. The BBC interviewed several wartime hackers who scoffed at the proposal. One member of the Anonymous hacking collective said they have lost faith in the Red Cross and wouldn’t be following these rules. Still, having some rules is helpful in trying to provide more clarity about how to apply cyber actions to the laws of warfare.

(Disclosure: The Red Cross referred to in this post is the International Committee. Strom for years has volunteered in various roles for the American Red Cross, which is a separate organizational entity.)

Image: Pixabay