In 2003 Mauro Vignati started working at the first unit of the Swiss Federal Police fighting cybercrime. Later on, he collaborated to the establishment of MELANI, Switzerland's first centre for public-private partnership on cybersecurity for critical infrastructure. Back in 2013, he set up and led the Cyber Threat Intelligence Division within the Department of Defence in Bern. In 2021, he was tasked to create the Vulnerability Management unit within the National Cyber Security Centre NCSC.ch, established to manage vulnerabilities, and lead several projects testing the security of the government infrastructure. He then joined the International Committee of the Red Cross one year later, as advisor on new digital technologies of warfare.
Cyber capabilities have been used for military purposes for more than two decades. But the digital operational area of States is no longer limited to cyber operations. In line with the global trend toward digitalization of our societies, armed forces around the world are developing innovative strategies to exploit the digital sphere in more complex ways than ever before. As a result of these developments, the line between civilians and combatants as well as between civilian objects and military targets, is in danger of becoming blurred. In particular, it is now easier than ever to involve civilians in military cyber operations and to harm them using these means. And the more the military is relying on cables, satellites or clouds that are originally designed for civilian use, the more likely it becomes that this infrastructure will be exposed to harm during armed conflicts, with significant adverse consequences on civilians.
A modern armed conflict has an increasingly elaborate cyber dimension substituting or complementing conventional military operations and originating from both state and non-state parties. Often non-state groups are engaging alongside (and including on behalf of) states in international conflicts without sufficient knowledge of the international law designed to avoid unnecessary harm to civilians and often become victims themselves as de facto parties in a given conflict. They may also deliberately ignore the rules due to sufficiently plausible deniability. Yet, the results of their action to support any of the officially combatant parties, especially targeting civilian objects (including hospitals, schools, community centres etc) might lead to unnecessary casualties as well as otherwise undesirable escalation of the conflict.
With a rich choice of examples of such activities in the current conflict in Europe, it seems an important moment to discuss the understanding of ethical limits to non-state actor behaviour in the use of ICTs to ultimately reduce the activity targeting civilians and the chances of undesirable escalation.