{"id":83504,"date":"2023-11-09T12:30:56","date_gmt":"2023-11-09T01:30:56","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=83504"},"modified":"2024-01-16T12:47:46","modified_gmt":"2024-01-16T01:47:46","slug":"the-new-geneva-code-for-hackers-on-the-cyber-battlefield","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/","title":{"rendered":"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield"},"content":{"rendered":"
<\/figure>\n

There\u2019s been plenty of debate<\/a> about why Russia\u2019s invasion of Ukraine never devolved into the full-blown cyber Armageddon many expected at the start of the war, and what that suggests about the role of cyber operations in kinetic warfare<\/a>.<\/p>\n

Yet, while the cyber elements of the conflict may not have played out as anticipated, Ukraine is still very much fighting a constant cyberwar<\/a>. And one of the more surprising aspects of this battle has been the number of civilian hackers from all over the world who have joined in.<\/p>\n

When Russia first invaded Ukraine, there was a free-for-all<\/a> as volunteer hackers descended on the digital battlefield launching uncoordinated cyberattacks against both sides. These activities added further layers of chaos and disruption to the war as each side tried to figure out who was responsible for which attacks and how to respond appropriately and proportionally.<\/p>\n

While Russia has long had notoriously close (if not direct) ties with various pro-Russian hacking groups<\/a> and appears to be happy to let them run rampant, Ukraine rallied hackers on its side<\/a> to come together as a volunteer force<\/a>. The IT Army of Ukraine now has hundreds of thousands of members working together to coordinate cyber defences and direct cyberattacks in support of Ukraine\u2019s military objectives.<\/p>\n

However, the participation of these hackers on both sides has blurred the lines between civilians and combatants, creating a complex legal dilemma that is playing out in real time. The fog of war is hard enough without the extra confusion that arises when civilians in third countries launch cyberattacks against military assets or critical infrastructure like hospitals or energy facilities that could result in losses of innocent lives\u2014let alone the potential for more significant attacks that could have even bigger consequences.<\/p>\n

In an attempt to rein in the chaos surrounding the role of civilian hackers in the Russia\u2013Ukraine conflict\u2014as well as the broader rise of private actors joining other digital battlefields\u2014last month the International Committee of the Red Cross issued eight rules for civilian hackers<\/a> to follow during armed conflict. The rules are:<\/p>\n

    \n
  1. Do not direct cyberattacks against civilian objects.<\/span><\/li>\n
  2. Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately.<\/span><\/li>\n
  3. When planning a cyberattack against a military objective, do everything feasible to avoid or minimise the effects your operation may have on civilians.<\/span><\/li>\n
  4. Do not conduct any cyber operation against medical and humanitarian facilities.<\/span><\/li>\n
  5. Do not conduct any cyberattack against objects indispensable to the survival of the population or that can release dangerous forces.<\/span><\/li>\n
  6. Do not make threats of violence to spread terror among the civilian population.<\/span><\/li>\n
  7. Do not incite violations of international humanitarian law.<\/span><\/li>\n
  8. Comply with these rules even if the enemy does not.<\/span><\/li>\n<\/ol>\n

    In the same statement, the Red Cross also reminded states of their international legal obligations for civilian hackers\u2014namely, that states are liable for hackers operating under their direction or operating in their territory or jurisdiction. States must also prevent breaches of international law and have obligations to stop and prosecute activity taking place within their territory.<\/p>\n

    Neither the rules for hackers nor the reminders for states are new or revolutionary\u2014they draw on established international law and an enormous body of work on how international law applies to cyberspace. However, they do distil this work into clear and simple language that\u2019s easy to understand.<\/p>\n

    The voluntary principles for both hackers and states also reflect an acknowledgement of the evolving nature of warfare and the necessity to uphold humanitarian principles, regardless of the domain in which hostilities occur. The rules apply to all armed conflicts\u2014not just the Russia\u2013Ukraine war\u2014signifying a recognition of the permanent and growing role that cyber operations and civilians play in modern warfare. They also seek to draw attention to the risks civilian hackers bring upon themselves by participating in armed conflict.<\/p>\n

    Ideally, these rules would result in hacking groups restricting their activities to official or military targets rather than civilian infrastructure, which in turn would dramatically reduce the number of destructive cyberattacks that affect non-combatants.<\/p>\n

    However, the effectiveness of these rules ultimately hinges on the hacking community\u2019s adherence to them. This raises a crucial question: will civilian hackers abide by this new \u2018Geneva code\u2019?<\/p>\n

    It\u2019s not clear that they will. Hackers\u2019 initial reactions to the rules were negative. The pro-Russia Killnet<\/a> group asked why it would listen to the Red Cross<\/a>, while Ukrainian hackers voiced concerns about being at a disadvantage if they followed the rules, given that pro-Russian groups frequently violate the principles. Killnet and the IT Army of Ukraine have both now committed<\/a> to adhering to these rules. Other hacktivist groups around the world have said they won\u2019t.<\/p>\n

    Indeed, despite the rules\u2019 release, within hours of Hamas launching its devastating attack on Israel last month, civilian hackers had joined the conflict<\/a> on both sides. This activity has continued and there has been a rise in hacking tied to states<\/a> such as Russia and Iran.<\/p>\n

    While the decentralised and often anonymous nature of hacking makes enforcement a challenge, the Red Cross\u2019s initiative is ultimately still a significant and welcome step towards establishing a normative framework for civilian engagement in cyber operations during armed conflicts.<\/p>\n","protected":false},"excerpt":{"rendered":"

    There\u2019s been plenty of debate about why Russia\u2019s invasion of Ukraine never devolved into the full-blown cyber Armageddon many expected at the start of the war, and what that suggests about the role of cyber …<\/p>\n","protected":false},"author":391,"featured_media":83506,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[713,2598,728,1352,493,2406],"acf":[],"yoast_head":"\nThe new \u2018Geneva code\u2019 for hackers on the cyber battlefield | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield | The Strategist\" \/>\n<meta property=\"og:description\" content=\"There\u2019s been plenty of debate about why Russia\u2019s invasion of Ukraine never devolved into the full-blown cyber Armageddon many expected at the start of the war, and what that suggests about the role of cyber ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-09T01:30:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-16T01:47:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-857874126.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"728\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mercedes Page\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mercedes Page\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-857874126.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-857874126.jpg\",\"width\":728,\"height\":480,\"caption\":\"Ethical hacking concept with green and red lights\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/\",\"name\":\"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#primaryimage\"},\"datePublished\":\"2023-11-09T01:30:56+00:00\",\"dateModified\":\"2024-01-16T01:47:46+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/273dcda044967ae27a0f94d39713411b\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/273dcda044967ae27a0f94d39713411b\",\"name\":\"Mercedes Page\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/80da4ee698803b2e0b8fbcfea345ba4f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/80da4ee698803b2e0b8fbcfea345ba4f?s=96&d=mm&r=g\",\"caption\":\"Mercedes Page\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/mercedes-page\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/","og_locale":"en_US","og_type":"article","og_title":"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield | The Strategist","og_description":"There\u2019s been plenty of debate about why Russia\u2019s invasion of Ukraine never devolved into the full-blown cyber Armageddon many expected at the start of the war, and what that suggests about the role of cyber ...","og_url":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2023-11-09T01:30:56+00:00","article_modified_time":"2024-01-16T01:47:46+00:00","og_image":[{"width":728,"height":480,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-857874126.jpg","type":"image\/jpeg"}],"author":"Mercedes Page","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Mercedes Page","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-857874126.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2023\/11\/GettyImages-857874126.jpg","width":728,"height":480,"caption":"Ethical hacking concept with green and red lights"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/","url":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/","name":"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#primaryimage"},"datePublished":"2023-11-09T01:30:56+00:00","dateModified":"2024-01-16T01:47:46+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/273dcda044967ae27a0f94d39713411b"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/the-new-geneva-code-for-hackers-on-the-cyber-battlefield\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"The new \u2018Geneva code\u2019 for hackers on the cyber battlefield"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/273dcda044967ae27a0f94d39713411b","name":"Mercedes Page","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/80da4ee698803b2e0b8fbcfea345ba4f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/80da4ee698803b2e0b8fbcfea345ba4f?s=96&d=mm&r=g","caption":"Mercedes Page"},"url":"https:\/\/www.aspistrategist.ru\/author\/mercedes-page\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83504"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/391"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=83504"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83504\/revisions"}],"predecessor-version":[{"id":84626,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/83504\/revisions\/84626"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/83506"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=83504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=83504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=83504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}