Digital Security in War and Conflict: Challenges for Civil Society and Tools for Resilience
Digital Security Helpline "Safe and Strong" Webinar 02 - 19 May 2026
VIDEO | AUDIO | RECAP EN / ES / FR | ARCHIVE | PERMALINK
Speakers: Giulio Coppi - Access Now; Luis Barrueto - Access Now Digital Security Helpline; Mia Marzotto - Oxfam; Jocelyn Woolbright - Cloudflare
Moderator: Giulio Coppi - Access Now
Opening Context and Framing
Giulio Coppi opened the webinar by introducing the “Safe and Strong” webinar series organized by the Digital Security Helpline. He explained that the series aims to bring together experts from different sectors to examine digital threats and their growing impact on civil society, humanitarian actors, and human rights defenders.
He emphasized that online and offline harm are increasingly intertwined in contemporary conflicts. Attacks against telecommunications infrastructure, data centers, and human rights defenders are now part of the battlefield itself. He cited findings from organizations including NetHope and the CyberPeace Institute showing that nonprofits face disproportionately high levels of cyber threats compared to sectors such as retail, healthcare, and technology. He also referenced Access Now’s Keep It On coalition documentation of 125 conflict-related Internet shutdowns across 14 countries, including Sudan, Palestine, Ukraine, Iran, Myanmar, Ethiopia, and Syria.
Coppi stressed that humanitarian organizations often fail to treat digital security as a core protection issue. He argued that spyware, malware, and surveillance against humanitarian workers are frequently normalized under outdated assumptions that transparency requires openness to monitoring. He warned that compromised humanitarian communications place not only organizations but also vulnerable communities at risk.
The Digital Security Landscape in Conflict Zones
Luis Barrueto described how the Digital Security Helpline supports activists, journalists, and civil society organizations operating in war zones and authoritarian contexts. He explained that the convergence of armed conflict, authoritarianism, political instability, and weakening democratic institutions has dramatically increased digital risks.
He identified three major patterns:
Expansion of digital surveillance against civil society and critical voices
Weaponization of digital technologies and information systems
Increasing use of cyber operations and automated systems in hostilities
Barrueto then examined how these risks manifest differently across conflict environments.
Iran: Internet Shutdowns, Surveillance, and Information Warfare
Barrueto described Iran as a context where Internet shutdowns are routinely used to suppress dissent and isolate populations during protests and periods of instability. He noted that support requests often come directly from ordinary citizens rather than formal human rights organizations, particularly during the Women, Life, Freedom protests and later economic protests.
He explained that the Iranian government increasingly combines shutdowns with narrative operations and information campaigns designed to legitimize repression while targeting activists and journalists. These tactics create chilling effects that discourage people from documenting abuses or sharing information.
Later in the discussion, Barrueto expanded on how authoritarian governments have refined Internet shutdown tactics by learning from one another. He argued that shutdowns now function not only as censorship tools but also as mechanisms to disrupt organizing, emergency communications, verification efforts, and public trust itself.
He also warned about AI-generated propaganda and “information flooding,” where massive volumes of synthetic or misleading content undermine people’s ability to trust any information source, including legitimate forensic and verification efforts.
Ukraine: Organizational Resilience and Ecosystem Support
Barrueto contrasted Iran with Ukraine, where support increasingly focuses on nonprofit organizations and independent media institutions rather than individuals. He explained that the conflict has matured into a context with a stronger ecosystem of local digital security support actors, including local help desks and organizations that can provide assistance in local languages and with deeper contextual understanding.
In Ukraine, the Helpline increasingly acts as a connector and advocate, helping organizations navigate digital threats while coordinating with platforms and international actors. He emphasized the importance of trusted local networks in sustaining resilience.
Palestine: Content Moderation, Surveillance, and Malware
Barrueto described Palestine as presenting a broader mix of digital threats affecting activists, organizations, and media outlets alike. A significant share of support requests involve content moderation and platform governance issues, including wrongful takedowns, impersonation campaigns, harassment, and coordinated disinformation efforts.
He also highlighted widespread concerns about malware and spyware targeting journalists and activists. He explained that even the possibility of surveillance creates fear and suppresses information-sharing about conditions in Gaza and the West Bank.
Barrueto argued that these forms of digital repression are inseparable from broader campaigns of violence and narrative control during conflict.
Humanitarian Perspectives on Digital Rights
Mia Marzotto discussed how humanitarian organizations increasingly depend on digital technologies for early warning systems, communication, fundraising, and operational coordination. She noted that shrinking humanitarian budgets make digital tools and AI appear especially attractive because of their promise to “do more with less.”
However, she emphasized that digitalization also intensifies longstanding humanitarian challenges around inequality, inclusion, and power imbalances. In many crisis environments, people face unreliable connectivity, limited electricity, low digital literacy, and unequal access to technology.
Marzotto argued that a digital rights lens helps humanitarian organizations understand how technologies can expose vulnerable populations to harm. She cited examples including biometric identification systems, drones, facial recognition technologies, and satellite imagery that may unintentionally expose communities to surveillance or misuse of personal data.
She stressed that humanitarian actors must ask not only how technologies can help people but also when they should not be used at all.
Digital Rights, Inclusion, and “The Five A’s”
Marzotto later explained how Oxfam integrates digital rights into its broader anti-poverty and humanitarian mission. She described how the organization’s work increasingly responds directly to concerns raised by affected communities and local partners regarding digital technologies and digital harms.
She introduced Oxfam’s “five A’s” framework for meaningful access:
Availability
Affordability
Awareness
Accessibility
Ability
She added a sixth concept, “architecture,” meaning that affected communities should actively participate in the design, development, and governance of technologies that affect them.
Marzotto emphasized that humanitarian organizations must support not only access to digital technologies but also the infrastructure necessary to sustain them, including electricity, connectivity, and maintenance.
She also stressed the importance of partnerships between humanitarian actors, digital rights organizations, technology companies, governments, and philanthropic initiatives, noting that even large organizations rarely possess all necessary expertise internally.
Cloudflare and Cyber Defense for Civil Society
Jocelyn Woolbright described Cloudflare’s role in protecting vulnerable organizations online through its global network and Project Galileo initiative. She explained that Project Galileo, launched in 2014, currently protects more than 3,400 organizations in 130 countries by providing cybersecurity services free of charge to civil society groups and nonprofits.
She revealed that Cloudflare had mitigated approximately 38 billion malicious requests against civil society organizations over the previous year, averaging around 105 million attacks per day.
Key trends highlighted included:
Increasingly sophisticated DDoS attacks
Multi-day attack campaigns that evolve over time
Disproportionate targeting of journalists and independent media
Targeting of media organizations operating in exile
Woolbright cited an Iraqi digital rights organization that experienced a 12-day DDoS campaign involving 2.7 billion requests.
She emphasized that the nonprofit sector has become one of the most heavily targeted sectors online.
Threat Intelligence, Partnerships, and Capacity Building
Woolbright argued that partnerships are essential because smaller organizations often lack the expertise or budgets to implement advanced security tools themselves. She described how Cloudflare collaborates with organizations including the CyberPeace Institute and Access Now to distribute tools and share threat intelligence.
She highlighted phishing as one of the most common and effective attack vectors against civil society organizations. Cloudflare found that nearly one in three malicious emails targeting civil society bypassed standard email filters.
She argued that trusted partnerships with local organizations are crucial because they understand community needs and can help ensure tools reach vulnerable groups effectively.
Humanitarian Neutrality and the Underreporting Problem
Coppi highlighted a major obstacle within the humanitarian sector: many humanitarian organizations avoid publicly documenting cyber incidents because they fear becoming entangled in politically sensitive attribution debates that could compromise their neutrality.
He argued that this reluctance contributes to widespread underreporting of cyber threats affecting humanitarian organizations and undermines collective learning and preparedness.
Marzotto added that international humanitarian law (IHL) remains central to these discussions, but some governments still resist recognizing civilian digital infrastructure and data as protected objects under IHL. This ambiguity weakens efforts to build stronger humanitarian protection frameworks around digital harms.
Practical Advice for Digital Security in Conflict
Toward the end of the session, Barrueto emphasized that there are no universal security solutions for people operating in war zones. He argued that effective protection requires context-specific threat analysis based on individual roles, risks, and environments.
He nevertheless outlined several core principles:
Minimize personal attack surfaces
Use encrypted communications whenever possible
Reduce and compartmentalize stored data
Pay close attention to anonymity
Limit unnecessary sharing of sensitive information
Understand how platforms and tools expose metadata and relationships
He stressed that digital security must become an ongoing practice rather than a one-time intervention.
Barrueto also argued that affected populations cannot be left to manage these risks alone. Protection responsibilities must be shared across humanitarian organizations, governments, technology companies, and digital rights groups.
Connectivity, Starlink, and Resilience
The final discussion focused on connectivity tools such as Starlink and other circumvention technologies used in conflict zones including Sudan and Myanmar. Coppi warned that while satellite Internet systems can help communities remain connected during shutdowns, they also create new risks because terminals can potentially be tracked using commercially available data and open-source intelligence techniques.
He stressed that resilience strategies must be developed before crises erupt and should be led by local communities that understand the operational risks and trade-offs involved.
Closing Reflections
Woolbright closed by emphasizing that many tools already exist to help organizations improve their digital resilience and that partnerships between civil society and technology providers are essential to making these protections accessible.
Marzotto highlighted the importance of including organizations and communities with lived experience in digital governance discussions, even when they lack technical expertise. She argued that local knowledge is critical to building meaningful digital resilience strategies.
Coppi concluded by urging humanitarian organizations to actively engage with digital rights communities, cybersecurity experts, local tech actors, and CERT networks. He called on donors and humanitarian agencies to recognize digital harm, malware, spyware, and cyber attacks as central protection concerns rather than secondary technical issues.
RESOURCES
Access Now Digital Security Helpline — free 24/7 rapid-response digital security support for civil society, coordinated by Luis Barrueto
#KeepItOn coalition — global campaign against Internet shutdowns; documented 125 conflict-related shutdowns across 14 countries
WITNESS — human rights organization where Mahsa Alimardani leads the Technology Threats and Opportunities program
Project Galileo — Cloudflare’s free cybersecurity protection for at-risk public interest organizations, presented by Jocelyn Woolbright
Oxfam — confederation of 21 NGOs working in over 90 countries, represented by Mia Marzotto on digital rights advocacy
CyberPeace Institute — Cloudflare partner providing email security and a phishing-tracking dashboard to humanitarian organizations
NetHope — network bridging humanitarian organizations and technology, cited as a venue for cross-sector partnership
RightsCon — annual digital rights summit; the discussion in this webinar was originally planned for it
Sphere standards — minimum humanitarian standards, referenced for forthcoming guidance on connectivity
Safe and Strong webinar series — Access Now’s Digital Security Helpline series on digital resilience