Civilian hacking during such critical moments of broader armed conflicts cannot be considered to emerge from the same logic of decision found at other times. Without question, recent non-state actions in cyberspace have violated the ICRC’s proposed rules of conduct. AnonGhost’s attempts to manipulate the Red Alert rocket alert app is a prime example of this, as are recent attacks on aid groups and ongoing efforts to compromise Israeli electric grid and telecommunications systems.
The inherent value of such activities for the broader strategic and socio-cultural competitions involved diminishes dramatically beyond the present period of flux. This firmly positions cyber activities as an arena of possible compromise when conflict resolution efforts succeed in deescalating the crisis. Conflict resolution is always characterized by ready movement on such marginal capacities paired with stubbornness on more substantial points of engagement.
Pushing toward a norm cascade
Constraining norms on the use of technologies, weapons, or tactics used in conflict only develop after significant inertia has been achieved. Norm emergence is characterized by independent acknowledgement of acceptable rules of engagement from all sides of an issue. Emergence is only the start. Sufficient support for new norms of behavior eventually produces cascading acknowledgement of taboos that benefit all and go beyond that acknowledgement to be internalized by competing societies.
The challenge of this emergence phase of norm-building is in planning those actions that will maximize the chances of sparking a cascade of support. With civilian hacking in conflict, the recognition that there are nested logics of action across different conflict and crisis conditions is critical. Through this lens, we should feel optimistic about the chance that the rules set by a neutral intermediary like the Red Cross will take hold. Counterintuitively, perhaps the best supporting evidence for this argument lies in the incidence of so much malign behavior during recent crises in both the Hamas-Israel and Ukraine-Russia conflicts. Norm emergence is not just characterized by independent acknowledgement of rules, but also by clear delineation of actions between periods of distinct geopolitical character.
How public-private collaboration can build constraining civilian hacking norms
The Red Cross and the international community will find evidence of a norm cascade around civilian hacking during conflict when we see clear imitation of this divergent set of behaviors by a critical mass of non-state cyber entities. What needs to happen to get to that moment?
The strategic posture adopted by both public and private actors around the world should recognize the time-and-place context of non-state hacker actions. As a baseline, the international community should strive to consistently emphasize the worst excesses of civilian hacking during conflict as they intersect with violations of IHL. More narrowly, the line between conflict and crisis must be made stark. Private industry should adopt a neutrality posture surrounding crisis wherever possible, differentiated from traditional support that an actor might feel obliged to produce for one or other position in a broader conflict. Crisis escalation is a dangerous phenomenon for civilian populations and should roundly be held as an unacceptable venue for malicious hacking alongside other violations of international law.
Private actors should also name and shame violations of ICRC rules via a strategy of compartmentalization, placing greater emphasis on the detail of the action during periods of general tension vs. on the drivers of cyber activity during crisis. This might be matched by governmental efforts to deter via actions that disproportionately punish transgressors outside of crisis and focus on practical protection of civilian populations during.
Finally, governments would do well to more directly court associations with civilian hackers whose operations and interests may align with national interests as a means of reducing ambiguity and increasing reputational accountability during crisis. While governments or substantial national private actors might be understandably loathed to consider such associations – to retain deniability and avoid liability – the reality is that such ambiguity hampers the emergence of shared norms surrounding conflicts defined by national, religious, or cultural conditions. As such, unblurring lines and recognizing key distinctions between hacking and what drives it are critical for building on the promise of what the Red Cross now proposes.