An image of a green fedora hat, which serves as the logo for this site.Gordy's Discourse

Will hacking one day be an act of war?

The BBC has a video about the potential effects of a cyber-attack (see below). The video addresses the idea that cyber-attackers could be murderers, and they refer to a case in Germany where a hospital patient died due to a cyber attack.

A woman was on her way to hospital in an ambulance, but the hospital in question could not admit her due to a cyber-attack. She was therefore redirected to another hospital, but unfortunately she died on route. The German police are now pursuing the hackers for homicide.

Quite right too, and I wonder how long it will be before state-sponsored hacking is considered an act of war, as surely as if bombs had been dropped.

Credit: BBC News.

One bit I'm not so keen on, though, is the suggestion that CEOs of companies who haven't protected adequately enough against cyber-attacks could be liable for any deaths that occur due to such an attack. As an analogy, if I forget to lock my door and someone comes in and murders me, does that make me responsible for my own death? It might be the sort of thing where you'd say I was partly responsible or whatever, but I'd argue against these sorts of 'mitigations' for murderers (or any criminals).

I absolutely do believe CEOs have a responsibility to ensure their computer systems are secure, and they should be punished if they're not. Hefty fines and sackings are what the punishment should be. Corporate manslaughter would be a bit harsh in my opinion, not least because of the nature of hacking and computer software in general. The complexity and interdependencies of software make it hard to cover every eventuality. As the old saying goes: systems administrators have to plug every hole, hackers only need to find one.