A simple red cross on a white background. During wars, the Red Cross emblem has long been used by military medical personnel and authorised humanitarian workers to safeguard the wounded and sick on the battlefield, and signal that help is available. While it doesn’t always work, the symbol is a global legal demand that civilians, casualties, and helpers should be kept safe from military action.
But even old icons are affected by modernisation. Wars are no longer fought with sticks and swords, for the most part, but with computers.
Obviously the safeguards for real world hospitals and similar need to remain in place. But in the hectic online world, how are attackers supposed to know which computers are whose? Health networks can be as vulnerable to hacking and takedowns as any other; perhaps more so. That’s why the ICRC is working with security experts to develop protective solutions.
Digitalising the Red Cross
The ICRC report Digitalizing the Red Cross, Red Crescent and Red Crystal Emblems: Benefits, Risks, and Possible Solutions, (ICRC, Geneva, 2022) lays out different options for creating a type of virtual red cross. The idea is to support multiple groups and assets connected to or affected by armed conflict, including medical services, religious organisations, civilian medical units and transports, the International Federation of the Red Cross, and the ICRC and Red Crescent societies themselves.
The ICRC would do this by creating a digital emblem to identify devices as belonging to such groups. The distinctive Red Cross emblem can be used during peacetime to ensure it is in place and ready if a conflict arises. It has to be easy to deploy, remove, maintain at scale, and integrate. It should be capable of fitting into any environment, and be adaptable to developing technologies and future infrastructures.
Additionally, international and domestic law must be updated to allow for this. If the digital emblem is implemented, it would be added to the Geneva Conventions regulating international humanitarian law. This would strengthen protections and make it easier for cyber operators by signaling humanitarian support and medical entities in the digital space.
Barrier or bullseye?
The digital Red Cross emblem needs to be easily recognised and understood by cyber operators. It must be easy for a would-be attacker to see the digital emblem. Ideally, it must be seen early and signal protection unambiguously. The ICRC also stresses that it “can only be an additional measure to signal legal protection; it cannot replace other cyber-security actions”, meaning that an organisation shouldn’t rely on the emblem completely.
The ICRC have faced some challenges in making a digital emblem protective rather than a massive bullseye on the back of critical services. It could allow malicious actors to identify often weaker and less sophisticated targets, then track or harm them. There is also the risk of creating a false sense of security for humanitarian and medical organisations due to the investment and expertise needed for cybersecurity. They may wrongly opt for more straightforward protections instead of basic security measures.
Of course, as always, people could misuse the digital emblem to claim protection under international humanitarian law in hopes of being spared from attack. If misused enough, it could weaken the emblem or render it useless, undermining its existence.
But these issues already exist for the real-life Red Cross. In fact, such challenges have already been tackled under existing international humanitarian law and domestic law.
Emblematic options
How might the ICRC create such a thing? One way is to set up a new Top Level Domain in the domain name system (DNS) of the internet. The TLD you’re on now is .cymru, and Google’s is .com. A possible solution would be to create a new one for health providers, such as .redcross.
Another solution could be a file (something like Redcross.txt). However, though it would be easy to deploy, it wouldn’t be adaptable for restricted medical devices, leaving it wide open for misuse, rendering it fairly pointless.
An internet protocol (IP) address is a unique address identifying a specific device on a local network or the internet. A list of IP addresses could be collected from healthcare providers and presented. However, this approach could host both legally-protected devices, such as front office computers, but also something not covered by the emblem, such as a personal phone.
Another solution is an authenticated digital emblem (ADEM), which appears to be the front-runner for a digital red cross emblem. ADEMs would have three tiers: ‘self-signed emblems’ that are linked to public keys and can be generated by anyone. Organisational emblems, which are self-signed emblems linked to real-world organisations identified by domain names. Or, an endorsed emblem, with an additional layer of authentication and endorsement by third-party authorities. The ICRC views the ADEM as the best option because it “covers a wide range of use cases and allows easy identification.”
Healthcare organisations are a major target of cyber attacks. And we have seen recently in Ukraine that attacks by Russia have not scrupled to avoid civilian and medical targets. Whatever steps are taken by the ICRC, the result will only be effective if the principles of international humanitarian law are respected.

CLICK HERE TO SUPPORT THE BYLINES NETWORK CROWDFUNDER!