Humanitarian (and data) #NotATarget – World

HUMANITARIAN AID IS DIGITAL. AND WHEN DIGITAL ATTACKS CONTINUE AGAINST HUMANITARIAN AGENCIES, THE RESULTS HAVE REAL GLOBAL EFFECTS. NETHOPE CALLS FOR AN END TO ALL ATTACKS AGAINST HUMANITARIANS, IN THE DIGITAL SPHERE OR OTHERWISE, AND FOR INVESTMENTS TO HELP NPOs PROTECT THEMSELVES AND THE PEOPLE WITH WHICH THEY WORK IN THE ERA OF DIGITAL HUMANITARIAN AID .

On January 18, the International Committee of the Red Cross (ICRC) determined that the servers hosting the personal information of more than 515,000 people receiving services from the Red Cross and Red Crescent Movement had been compromised by a sophisticated cyberattack. It is noted that the ICRC has some of the best practices in data policies and staff focus on this issue across the international aid sector, and they deserve great credit for their transparency and disclosure. in a timely manner around this issue, reporting on which they rightly regard as part of their role in maintaining the general public interest and public confidence.

But if the ICRC, with its strong practices and world-class talent, can be attacked, any nonprofit organization can be attacked, and indeed we are seeing it more and more around the world. Our industry colleagues among NetHope’s corporate partners do a thorough job of identifying proliferating cyber threats against nonprofits around the world. Data shows that the frequency and severity of outcomes are increasing, threat actors are widening their nets, and state-sponsored actors are stepping up their attacks to attack organizations that provide direct support to people around the world. These attacks on the aid and humanitarian communities are not limited to NGOs. In 2021, USAID’s email service was compromised by a state-level actor with planned downstream targets of 150 global NGOs.[1] Even in 2015, immediately after the major earthquake in Nepal, NetHope/Cisco’s first responder team detected state-sponsored malware on rescuers’ laptops within the first 72 hours after the disaster.

The humanitarian response to global geopolitical events, such as anything stemming from the current standoff between the US, EU and Russia over Ukraine, would generally have been protected by the Geneva Conventions, negotiated during the 19th and 20th centuries to ensure that aid organizations providing support to affected civilians could step in to support victims of the conflict. Today, however, in the wake of these heightened tensions over Ukraine, the US Cybersecurity and Infrastructure Security Agency issued a special cybersecurity advisory, which included encouraging “all organizations to take to defend against potential cyberthreats.[2] This includes implementing cybersecurity best practices, heightened vigilance, and preparing your organization for a rapid response.[3]

The situation in Ukraine is worrying for non-profit organizations that would provide a more humanitarian response to the region because they know that the nations involved have extremely sophisticated means of cyberattacks. Nonprofit organizations with programs in Ukraine are at serious risk as their data and operations become attractive during hostilities, and they are most often the least able to defend themselves or recover from an attack. NetHope members are already asking, “How can we ensure our data is not compromised to suit false narratives in conflict? How do we extend our humanitarian aid to people vulnerable to the digital world? How do we protect them digitally, as we do physically?

Humanitarian aid is digital. The very physical needs that these agencies meet for vulnerable people are supported by digital systems and connectivity. It is not a “good to have”, it is fundamental to allow these agencies to fulfill their missions. Geopolitical instability, a lengthening pandemic and economic upheaval are creating increased demand for humanitarian assistance. As global nonprofits become more digital,[4] they gather more timely and accurate information about these situations and the people affected. This is essential information for the delivery of services, but as is the case with data on citizens, voters and consumers elsewhere in the world, it is valuable for criminals and autocrats, especially when it comes to exploiting or targeting marginalized people, activists or politicians. and economically vulnerable populations. To obtain this information, cyberattackers are attacking nonprofit organizations that need more expertise in digital protection to be safe.

When digital attacks are perpetrated against humanitarian agencies, the results have real-world effects. These effects include a slower delivery of life-saving aid and the physical targeting of at-risk groups, putting more people at risk. Some are calling for a new “Digital Geneva Convention” that would ban direct attacks on humanitarian organizations that would have the equivalent effect of attacking citizens, civilians and the people they serve. Instead of these protections being in effect today, NetHope calls for an end to all attacks on humanitarians, digital or otherwise, and investments to help nonprofits protect themselves and the people they work with, in this age of digital humanitarian aid.

Fortunately, the tools and means of protection of humanitarians, the aid they provide and those to whom they provide it, are up to the task. NetHope is actively working with our corporate IT industry partners and government agencies to expand protection efforts to support NetHope member organizations and the wider NGO community.

Nonprofits cannot respond to this crisis in isolation. A digitally platformed, interconnected and expert network of partners and donors is needed to address what has already become a full-fledged humanitarian emergency. NetHope sits at the center of this network and can make a significant difference as we prepare for a future where, without strong intervention, cyber threats and insecurity will be rampant.

NetHope believes that humanitarians are #NotATarget, nor should the data and systems they need to do their lifesaving work be a target.

[1] https://www.devex.com/news/usaid-hack-is-wakeup-call-for-aid-industry-on-cybersecurity-100028

[2] https://www.cisa.gov/uscert/ncas/alerts/aa22-011a

[3] https://www.cisa.gov/sites/default/files/publications/CISA_Insights-Implement_Cybersecurity_Measures_Now_to_Protect_Against_Critical_Threats_508C.pdf

[4] The evolution of the NetHope effect and its collective impact. January 2022. https://nethope.org/2022/01/18/the-evolution-of-the-nethope-effect-and-its-collective-impact/

Comments are closed.