The SolarWinds hack: Lessons for international humanitarian organizations
In: International review of the Red Cross: humanitarian debate, law, policy, action, Band 104, Heft 919, S. 1267-1284
ISSN: 1607-5889
AbstractAs humanitarian organizations become more active in the digital domain and reliant upon new technologies, they evolve from simple bystanders to full-fledged stakeholders in cyberspace, able to build on the advantages of new technologies but also vulnerable to adverse cyber operations that can impact their capacity to protect and assist people affected by armed conflict or other situations of violence. The recent hack of the International Red Cross and Red Crescent Movement's Restoring Family Links network tools, potentially exposing the personal data of half a million vulnerable individuals to unauthorized access by unknown hackers, is a stark reminder that this is not just a theoretical risk but a very real one.1The 2020 cyber operation affecting SolarWinds, a major US information technology company, demonstrated the chaos that a hack can cause by targeting digital supply chain components. What does the hack mean for the humanitarian cyberspace, and what can we learn from it? In this article, Massimo Marelli, Head of the International Committee of the Red Cross's Data Protection Office, draws out some possible lessons and considers the way forward by drawing on the notion of "digital sovereignty".