Red Cross Issues Hacking Guidelines

John Lister's picture

The International Committee of the Red Cross (ICRC) has issued guidelines for civilians who carry out hacking attacks to support one side of a military conflict. It warned that non-combatants need to respect humanitarian rules.

The guidelines relate to hacktivism, where people disrupt online services or replace text on websites. The tactic has often been associated with people making a political point against businesses or governments. However, it's now also commonly used by those trying to aid countries or regions involved in wars and other military conflicts.

The ICRC believes such tactics may be well-intentioned (depending on views on which side is in the right) but can cause unintended harm. They could affect non-military targets that mean citizens suffer, for example if health or financial services are compromised. There's also a risk that the other party in the military conflict could see the "hacktivists" as a legitimate military target.

Eight Rules

To reduce these risks, the ICRC has now published a set of "rule of engagement" for civilian hacktivists. They are largely adapted from the same international humanitarian rules that, in theory, countries agree to follow during military conflicts. (Source:

The guidelines are:

  1. Do not direct cyber-attacks against civilian objects.
  2. Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately.
  3. When planning a cyber-attack against a military objective, do everything feasible to avoid or minimize the effects your operation may have on civilians.
  4. Do not conduct any cyber-operation against medical and humanitarian facilities.
  5. Do not conduct any cyber-attack against objects indispensable to the survival of the population or that can release dangerous forces.
  6. Do not make threats of violence to spread terror among the civilian population.
  7. Do not incite violations of international humanitarian law. Comply with these rules even if the enemy does not.

Uneven Playing Field

It doesn't appear all hacktivist groups will follow the guidelines. In some cases that's because they believe cyber attackers on the other side (both government/military and citizen-led) will not follow the rules and that would create an unfair disadvantage.

In other cases, the groups believe there's no need to follow guidelines because they act anonymously and thus will never be held accountable for their actions. (Source:

What's Your Opinions?

Is it worthwhile issuing such guidelines or simply naive? Should online attackers follow the same humanitarian rules as those engaged in in physical conflicts? Should governments impose similar rules on those engaged in cyber warfare on an official basis?

Rate this article: 
Average: 5 (4 votes)


Unrecognised's picture

Of course, as in war, there's no way the guidelines will be followed. But there's still the social contract to uphold and reinforce, and that's what these guidelines do, where there have been none until now in this new domain.