Digital Watermarking: Protecting Civilians in Cyber Warfare

Nicolás Sol Centeno
Nicolás Sol Centeno studies International Relations with a focus in International Law at the Geneva School of Diplomacy and International Relations. He is a member of the Association of Young International Criminal Lawyers, and has a deep interest in International Humanitarian Law and Cybersecurity.

Since its introduction in the ’80s, the realm of cyberspace has developed rapidly as a platform for conflict. In the post 9/11 era, cyber-conflict has evolved into what experts call the ‘militarisation stage’, in which the capabilities of actors escalate, including military presence, and the possible damage in cyber-space becomes closer to that of kinetic warfare. With military operations conducted in cyberspace becoming more frequent, the potential human cost has only grown over time.


The International Committee of the Red Cross first addressed the notion of implementing international humanitarian law (IHL) in cyber-conflict, then understood as computer network attacks (CNAs), in 2001, but developed the concept in the International Review of the Red Cross: New Technologies and Warfare in 2012. The review makes it clear that “the development of new means and methods of warfare must not       only go hand in hand with ethical thinking; it must also comply with the law”. Yet, compliance with the law and implementation of its principles is easier said than done. Proposals on balancing IHL and military cyber-operations are continuous, the most notable of which were put forward at the 2018 ICRC Expert Meeting on the Potential Human Cost of Cyber-Operations. One of the proposal was the creation and implementation of a Digital Watermark System (DWS) – an inter-State system of regulation over offensive military cyber-operations that protects critical and civilian IT infrastructure from targeted attacks.


As the line between civilian, state, and military networks is blurred, the application of IHL, specifically the principle of distinction, is crucial. A DWS is an avenue that implements and ensures compliance with the principle distinction in cyber-space. 


Military cyber-operations and the potential human cost

Military cyber-operations can be defined as operations that target certain entities in cyberspace, using enabling, defensive, or offensive capacities to achieve objectives. Offensive military cyber-operations that target network infrastructure are the primary area of concern, as these operations produce the highest chance of civilian harm.     During these operations targeting is done with the purpose to deny, degrade, disrupt, destroy, or manipulate a network,    causing some form of disruption ranging in severity. Civilian, state, and military networks often overlap, and offensive cyber-operations, best  understood as the cyber kill chain model, rarely make a distinction between these overlapping  networks. This type of  malware is unable to distinguish between the types of networks it infiltrates and is difficult to reverse, as was the case with the 2014 Ukraine power grid attacks by  KillDisk malware, that lead to over 100,000 Ukrainians being left without power. While the Ukrainian power grid attack was launched by a hacker group, military cyber-operations are capable (e.g. in the case of Stuxnet malware used to destroy equipment in the Iranian nuclear program) of causing this type of damage.


It is an unfortunate truth that infrastructure depended on by civilians can easily be the target of offensive cyber-operations. As states build up their military cyber-capacities and scale up their cyber-operations, perhaps it is not a far-off assumption that infrastructure is an open target. The cyber kill chain model makes room for distinction, but the ability for operations to exercise this necessary principle is relatively low. The implementation of a DWS could help bridge this gap.


A digital watermark as a new protective emblem

Digital watermarks are detectable identifiers embedded in digital information, primarily used to safeguard from counterfeiting and identity theft. While  they usually serve as identifiers of crime, visible watermarks can be utilized as a sufficient deterrence system, such as the digital watermark system the Vatican library uses. When hackers or viruses locate watermarked material, they are in principle deterred by the understanding that the material is protected.

The concept of digital watermarks as a new protective emblem scales up the potential of visible watermarks, allowing military cyber-operations to distinguish between civilian or civilian-dependent infrastructure and the rest. Digital watermarks act as a cyber equivalent of protected emblems in kinetic warfare, such as the Red Cross or the UN badge.

Digital watermark is able to act as a deterrent and/or a shield in numerous types of military cyber-operations. In denial-of-service attacks, watermarks alert those launching it  that the network resources are depended on by civilians who should not be denied of access. In degrading, disrupting, and manipulating attacks, watermarks allow military personnel to apply the principle of distinction and proportionality by informing that an overlapping network is civilian-used and therefore, should not be subject to highly severe degradation, disruption, and manipulation. 

The protection offered by watermarks potentially extends to malware-based cyber-operations as well. Malwares can be programmed to detect and avoid certain watermarked material, solving a critical problem of implementing the principle of distinction in the absence of human consciousness in cyber-operations. In addition, if unique enough digital watermarks can be quite difficult to replicate.

Despite not being a silver-bullet solution, digital watermarks are a constructive step forward in preventing civilian harm that could arise from cyber-operations.


Implementation of a digital-watermark system

The proposed DWS uses watermarks as a protective emblem in cyber-conflict and applies it to an international system and standard. As discussed in the 2018 ICRC expert meeting, the practicality of digital watermarks in cyber-conflict relies on a systemic and standardized approach, particularly managed by a neutral international body. Under the DWS, states would agree (1) to imbed civilian dependent infrastructure with a standard and universal watermark and (2) to respect watermarked material in their military cyber-operations. This would of course be done with the understanding that a DWS is an application of IHL to cyberspace, in which respecting civilian infrastructure is the expected norm.

DWS, however, is not without its complications, specifically in implementation and adherence. Experts have highlighted that marking protected infrastructure could have the opposite effect, and make civilian-dependent networks a target. This is especially the case of non-state actors and hacker groups that do not feel an obligation to adhere to the norms of IHL and could attack digital watermarks precisely with the intent to harm the civilian population. The majority of states, who already keep a confidential registry of critical civilian infrastructure, might then be reluctant to share this information. The compliance of states with a DWS is also dubious. Regulating kinetic conflict is hard enough, even with a concrete legal framework, but cyber-conflict, which has very little legal coverage, is even more of a challenge. Unlike physical warfare, cyberspace has not existed long enough for any objective norms to form. Legal regulation over cyberspace is ongoing and not nearly complete.

Be that as it may, these primary concerns about the DWS disregard crucial aspects of conflict, cyber or not. Critics see digital watermarks and other such proposals as new inventions rather than cyber equivalents of existing principles – bearing in mind that civilian infrastructure and other such protected structures and figures are often marked in kinetic conflict. Furthermore, unfortunate as it is, non-state actors and terrorist groups already target civilians and civilian property, yet this does not equate to a failure of the Geneva Conventions. Hence, perspective of how we regard these issues is of crucial importance. As former UN Secretary-General Dag Hammarskjold argued, the intent behind new initiatives such as a DWS, is not to create heaven, but to protect from hell. 



Many experts argue that the next war will occur in cyberspace; a dramatic, and unfortunately, realistic statement to be made. The dialogue on how IHL can be applied in  cyber-conflict has been ongoing for nearly a decade, but what quantitative progress has been made? We are in desperate need of new, innovative, and out-of-the-box ideas, such as a digital-watermark system. A DWS is an advancement in the world of law that regulates cyberspace. While challenges are presented, the main hurdle can be overcome by shifting the perspective and re-establishing commitment to the principles of IHL. Moving forward, it is crucial to seize opportunities such as these, to minimize the increasing human cost of cyber-conflict.

Back to expert analysis