Just a friendly reminder that a ransomware attack a few weeks ago resulted in patients being killed. I’m old school, where the loss of life was always an unacceptable risk. https://thehill.com/opinion/cybersecurity/519267-someone-died-because-of-ransomware-hospitals-emergency-security 1/n
If a nation state conducts a ransomware attack that results in loss of life, then that should be considered an act of war. 2/n
Even during actual declared armed conflict, hospitals are off limits and a cyber attack on a hospital is a war crime. Patients being killed because of ransomware is the cyber equivalent of a chemical or bioweapons attack on civilians. 3/n
Connecting this with the ongoing developments makes it clear that cyber norms have become a necessity, but also that clear redlines for what constitutes an act of war need to be established and enforced, even if that means a traditional military kinetic response. 4/n