Cybersecurity norms for hackers spark debate about civilian safety
The rules set by the International Committee of the Red Cross (ICRC) aim to curb harm to civilians in cyber conflict. A security expert noted that these guidelines should shape how hackers operate, much like treaties influence conduct in physical warfare.
On October 4, 2023, the ICRC published eight guidelines intended to reduce civilian damage in cyber operations. The recommendations urge hackers to avoid targeting hospitals and energy infrastructure and to refrain from using obtained data to threaten or intimidate noncombatants.
Observers describe the ICRC effort as a principled push to bring order to cyberspace, drawing a parallel with the Geneva Convention’s protections for civilians during armed conflict. Critics argue that many hacker communities have drifted toward self-serving actions that neglect public welfare.
Experts point to ongoing violations of the ICRC guidelines. They note that attacks on critical infrastructure have surged in recent years, with incidents like large-scale disruptions at airports that ripple into everyday life for civilians. These events underscored how vulnerable essential services can become during cyber clashes.
There is a call for turning the ICRC guidelines into binding law so they exert real influence over cybercriminals. Some commentators also advocate for a dedicated supervisory body or a police-style authority to monitor adherence to the proposed standards and to enforce consequences for violations.
One analyst described cyberspace as a modern Wild West, where state-backed groups exist alongside loosely organized factions. The majority of actors, he warned, operate without regard for human consequences, and formal accountability structures remain scarce or weak.
According to the expert, the absence of legal backing and enforcement mechanisms limits the impact of the rules. Without formal recognition and a supervisory framework, attackers may continue to exploit gaps in protection and cause civilian harm.
Earlier commentary noted that some individuals associated with national security narratives have supported aggressive actions by hackers who justify their work as protecting society. This history highlights the tension between defensive aims and offensive online tactics, a balance that policymakers continue to wrestle with as cyber threats evolve.
In the face of rising cyber risk, there is a growing push for practical steps that can translate ethics into action. Concrete measures include clearer international norms, stronger surveillance of illicit activities, and coordination among governments, private sector players, and civil society to reduce harm during digital confrontations.