The Human Cost Of Cyberwar

Cyber-attacks and their consequences are on top of the agenda around the world. They have become part of most countries military strategy and operations tactics. Right now, it is accepted that cyber-attacks will cause substantial economic loss and physical damage. but recent cyber-attacks against electrical grids and the health-care sector have underscored the vulnerability of these country systems and services.

The use of cyber operations during armed conflicts is a reality. While only a few States so far have publicly acknowledged that they use them, cyber operations are a known feature of present-day military operations and the use of them is likely to increase in the future. 

To develop a realistic assessment of cyber capabilities and their potential humanitarian consequences in light of their technical characteristics, the International Committee of the Red Cross (ICRC) brought together scientific and cyber security experts from all over the world to share their knowledge about the technical possibilities, expected use, and potential effects of cyber operations. 

The three-day meeting drew on the expertise of participants working for global IT companies, cyber threat intelligence companies, computer emergency response teams, a national cyber security agency, participants with expertise in cyber security (including that of hospitals, electrical grids and other services), participants with expertise in the development and use of military cyber operations, lawyers and academics. 

States and militaries remain reluctant to disclose their cyber capabilities, including the details of cyber operations conducted in the context of armed conflicts, and little is known about the few acknowledged cases. 

Therefore, the experts discussed a number of the most sophisticated known cyber operations, regardless of whether they occurred in the context of an armed conflict or in peacetime. Examining the technical features of these attacks and the specific vulnerabilities of the respective targets provides a powerful evidence base for what is technically possible also during armed conflict. 

The meeting focused in particular on the risk that cyber operations might cause death, injury or physical damage, affect the delivery of essential services to the population, or affect the reliability of internet services. It looked at the specific characteristics of cyber tools, how cyber threats have evolved, and the cyber security landscape. 

Areas of concern 
Discussions helped to put the spotlight on four areas of particular concern in terms of the potential human cost of cyber operations:

1. the specific vulnerabilities of certain types of infrastructure
2. the risk of overreaction due to potential misunderstanding of the intended purpose of hostile cyber 
operations
3. the unique manner in which cyber tools may proliferate
4. the obstacles that the difficulty of attributing cyber-attacks creates for ensuring compliance with 
international law. 

Specific vulnerabilities of certain types of infrastructure: cyber-attacks that may affect the delivery of health care, industrial control systems, or the reliability or availability of core Internet services. 

Apart from causing substantial economic loss, cyber operations can harm infrastructure in at least two ways. 

First, they can affect the delivery of essential services to civilians, as has been shown with cyber-attacks against electrical grids and the health-care sector. 

Second, they can cause physical damage, as was the case with the Stuxnet attack against a nuclear enrichment facility in Iran in 2010, and an attack on a German steel mill in 2014. 

Way forward 
The use of cyber operations in armed conflict is likely to continue and might remain shrouded in secrecy. Analysing its consequences is a complex and long-term endeavour that requires multidisciplinary expertise and interaction with a wide variety of stakeholders. 

Building upon the conclusions reached at the expert meeting, the ICRC would like to pursue the dialogue with governments, experts and the IT sector. 

It looks forward to the feedback to this report to continue to follow the evolution of cyber operations, in particular during armed conflicts, and their potential human cost, explore avenues that could reduce them, and work towards a consensus on the interpretation of existing IHL rules, and potentially the development of complementary rules that afford effective protection to civilians. 

ICRC:   

You Might Also Read:

Cyber Attackers Will Soon Kill Somebody:

The Digital Transformation Of The Humanitarian Sector:

« Russia's National AI Strategy Takes Shape
The New Sophistication Of Nation-State Hacking »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

Ionic Security

Ionic Security

Ionic provide a high-assurance data protection and control platform built on strong encryption, fine-grain control and contextual analytics.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Prescient

Prescient

Prescient’s Cyber solutions supplement your firm’s existing data security infrastructure with specialized investigations that identify unconventional cyber risks.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

Communications & Information Technology Regulatory Authority (CITRA)

Communications & Information Technology Regulatory Authority (CITRA)

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Kirk ISS

Kirk ISS

Kirk ISS are the leading provider of IT services in the Cayman Islands. We offer best-in class hardware, software, communications and cloud computing, all backed by professional services support.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

Prventi

Prventi

Prventi provide phishing simulation and cybersecurity awareness training for companies. Empower your employees to become your strongest defense against cyber threats.