red cross, red crescent, and red crystal

ICRC proposes digital emblem to protect medical sector and humanitarian organizations during cyberwarfare

The International Committee of the Red Cross (ICRC) has proposed the introduction of a digital emblem to mark certain entities as legally protected during hostile cyber operations.

This is in similarity to the distinctive physical emblems (the red cross, the red crescent, and more recently the red crystal) which are used to convey the message that in times of armed conflict, those who wear those symbols, or facilities and objects marked with them, must be protected against harm.

Since warfare today includes the use of cyberattacks it became clear that something needed to be done to exempt those organizations that are beneficial to all.

The ICRC had been working on this idea since 2020, but early in 2022 ICRC servers hosting personal data belonging to more than half a million people worldwide was compromised. That put already vulnerable people like detainees, unaccompanied minors, and migrants at even greater risk, and sped up the process for creating the digital emblem.

Pros and cons

What makes the use of the physical emblems so effective is that they are regulated in international and domestic law. This not only ensures the protection of those wearing the emblems, but also warrants against misuse. So to establish the benefit, the same will need to be done for the digital emblem.

However, we’ve seen in the past that some cybercriminals are merciless, so one of the obvious worries is that marking the entities might have the same effect as putting a bullseye on their back. The ICRC says the digital emblem will not make the current situation worse. Threat actors usually know very well what the subject of their attack is and having a digital emblem does not excuse the protected organization from implementing adequate cybersecurity.


The digital emblem doesn’t yet exist and technical solutions will have to meet various requirements. But first and foremost, a digital emblem needs to be part of an international legal framework to ensure that it is widely accepted, known, and the rules on its use enforced.

On the technical side, a number of solutions were proposed that will be studied further. Since they all have their advantages and disadvantages, it seems logical that it will end up combining some of the proposed solutions.

  • File based: It would signal protection either simply through the existence of the file or by directives contained within the file. The main problem with a file based emblem is accessibility and deployment. It would be necessary to query each host for the existence of the emblem.
  • DNS based: this could be a special label to associate the digital emblem with the domain name (e.g., www.icrc.emblem). To operationalize a DNS-based emblem, it would be necessary to establish an entity in charge of the protected top-level domain and responsible for permitting the protected entity to use the emblem in a timely, impartial, and a non-political manner.
  • IP address based: An address-based emblem can be based on IPv4, IPv6, a specific port, or other elements. As with DNS-based solutions, this requires the establishment of an organization to take responsibility for allocating IP numbers to protected entities in a timely, impartial, and non-political manner.
  • Authenticated Digital Emblem (ADEM) or certificate based: Certificates would allow wide distribution by users and make for easy identification by threat actors. Moreover, the different layers of authenticity would constitute a system in which at least organizational and endorsed emblems could be trustworthy. But the various ways of distributing an ADEM (DNS, TLS and ICMP) all have strengths and weaknesses.

What’s next?

Based on the research and consultations conducted as part of this project, the generally positive feedback received from the international group of experts, and the unanimous encouragement of the Red Cross and Red Crescent Movement to continue researching the technical feasibility of a digital emblem, the ICRC will continue its consultation. This will require further work on the technical development, validation and verification of possible solutions, as well as consultations with all relevant stakeholders, in particular states, National Red Cross and Red Crescent Societies, and internet organizations.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.