Can a virtual red cross be placed on a hospital network?

The problem of digital emblems

The call for digital emblems stems originally from the International Committee of the Red Cross (ICRC) which in 2020, noting that there was nothing to prevent criminals from striking at hospitals’ digital infrastructure, initiated a project to look into the possibility of marking IT resources so that attackers would not be able to plead ignorance along the lines of “we didn’t know it was a network used by the Red Cross.”

Of course, in the real world, no-one is so naive as to think that this marking would suffice, or that it would bring an end to all remorseless attacks on humanitarian services. But the aim is to make sure that international humanitarian law¹ can be applied in such cases. To adopt the view that “it won’t stop anything, they’ll carry on hitting hospitals just the same” would be a very cynical and retrogressive step for humanity, similar to suggesting doing away with the red crosses painted on hospitals and ambulances on the basis that they are not always respected. And in practice, hospitals still place sacks of sand around the buildings even though they’re marked with a red cross. So even if the project succeeds, hospitals’ cybersecurity will still be a subject of major concern.

Lastly, there is the problem of combatants who deliberately and unlawfully use a red cross emblem in the hope of deceiving the enemy into refraining from attacking them. This risk exists in the physical world too, where the abusive use of emblems is strictly forbidden both by international law and by countries’ legislation. As is so often the case with laws, the difficulty lies in making sure this prohibition is enforced.

The question does not only concern the Red Cross, of course: journalists on the battlefield also wish to be marked as non-combatants.

Excursus: pictures of official emblems

In France, the best-known image is that of the red cross. Others prefer the red crescent on the grounds that the cross is a religious emblem. The two emblems are recognised as equivalents, as is the lesser-known red crystal, which has the advantage of not being attributable to any particular religion, but is not widely used. Although it is officially recognised, it would no doubt be unwise to paint it on a hospital, since there is a risk that it would not be understood by most combatants.

Figure 1: The official emblems: red cross, red crescent and red crystal

(copied from https://blogs.icrc.org/law-and-policy/wp-content/uploads/sites/102/2021/09/icrc-emblems-1920×1080-1-1180×620.jpg)

Technical solutions

Several solutions are envisaged to mark humanitarian resources in the digital world:

• A dedicated top-level domain (TLD) such as .redcross.
• Dedicated IP address prefixes, marked as such in the RIR databases.²
• Digital certificates, signed by an authority and published in the DNS (Domain Name System), in accordance with the principles of DANE (DNS-based Authentication of Named Entities, RFC 6698), or by other means. This option goes by the name ADEM (for ‘Authenticated Digital Emblem’), based on certificates distributed by various means.

Before debating the respective pros and cons of these techniques, it should be noted that the list of criteria is long and complex. First of all, displaying an emblem needs to be slightly more difficult than just downloading a file (as we did with the pictures above) and including it on the hospital’s website. Admittedly in the real world, a pot of red paint is all that’s needed to disguise a military vehicle as an ambulance, but in the digital world it’s even easier. So we’re looking for solutions that require the intervention of a third party, so as to strengthen the legal protection with technical measures. For example, in the case of the dedicated TLD, the registry would make checks,³ and the RIR would also do so in the case of IP address prefixes.

Another key aspect requiring specification is the importance of allowing covert inspections to be performed. A combatant observing a building before opening fire does not wish his surveillance to be observed, since this would act as a warning signal to potential targets. In the physical world, a combatant can verify whether the building observed is or is not a hospital without this verification being seen by the enemy. This same facility is needed in the digital world. Thus, a technique such as a dedicated web-based hospital service that can be queried and which sends back a cryptographically signed attestation does not respect the requirement of covert inspection.

Each of the solutions referred to above leaves a number of open questions. The dedicated TLD would require the approval of ICANN (Internet Corporation for Assigned Names and Numbers) and the ICRC has no wish to pay the considerable sums that this represents.⁴ With digital certificates, the question of their location arises (and how they would be distributed). Dedicated IP address prefixes presuppose that the hospital is connected by an ISP agreeing to route these prefixes.

In practice, since there is no perfect technical solution, a combination of solutions will likely have to be standardised and deployed.

Work in the IETF

As said, the project is hardly new; the initial ideas date from 2020, and the first publication from 2022. The Internet Engineering Task Force (IETF), which standardises Internet protocols, took the first steps into standardising digital emblems. At the beginning of 2025, this work is in the “Birds of a Feather” (BOF) stage, in other words discussions have been formalised but a working group with a precise charter has yet to be established. The meeting in Dublin in November 2024 did not advance matters, the future working group being paralysed by an all too frequent question when it comes to the IETF, namely whether to be highly specific (examine only the Red Cross case), or to take the opportunity of developing a more general solution, at the risk of indefinite delay.

(You can consult the notes of this meeting or watch the video recording.) The future of the IETF project is therefore uncertain.

Conclusion

For the moment, no standardised solution exists for marking digital resources such as hospital networks.

1 – Notably the Geneva Conventions and their additional protocols.

2 – Regional Internet Registries, of which there are five in the world, including the RIPE NCC in Europe.

3 – Over the years, there have been many projects for “safe” TLDs with a verification system to make sure holders of domain names were really banks, members of a protected profession, and so on. All these projects have failed, partly because users unfortunately do not pay much attention to TLDs, and partly because the registry business model is not geared for strict control. But it is important to draw lessons from these attempts so that we can do better this time round.

4 – The ICRC has already asked ICANN for special protection of its designations.