The following “other considerations” are mentioned in a passage on how to choose a “containing force” leader for regions dealing with terrorism. It’s on page 9 of Readings in Counter-Guerrilla Operations, US Army Special Warfare School, April 1961:

The local commander may be overfamilar with his surroundings and somewhat contemptuous of the emergency. He may be reluctant to adopt “face-losing” precautions, and he will tend to underrate the terrorists. In company with some members of the administration and the police he may resent the emergency as a personal setback and the arrival of reinforcements as a slur on his own capabilities. So the appointment of commanders must be balanced between the qualities of the “new broom” and the “old hand,” and it is important that a right choice should be made.

An anti-semitic journalist named Paul Ferdonnet exiled himself in the late 1930s to Nazi Germany and was believed by French intelligence to be the broadcast voice of Radio-Stuttgart.

Ferdonnet had risen to fame by fraudulently boasting in French that Hitler was interested in peace and that Britain was no ally of France.

He typically tried to start propagandist campaigns with catchy fraudulent phrases like “Britain provides the machines, France provides the bodies”.

After WWII ended he was tried, convicted and executed by France as a war criminal. His allegiance was with personal power and hate, not his own country, population or its democratic institutions. Getty image from court:

Embed from Getty Images

I made reference to Radio-Stuttgart in my surprisingly popular earlier post about modern hidden symbols of racism.

A news story breaking today titled “Russian operation masqueraded as right-wing news site to target U.S. voters” reminded me of Ferdonnet:

NAEBC has been active since late June and built a small network of personas on Twitter and LinkedIn – some of which used computer-generated photographs of non-existent people – to solicit articles from followers and freelance journalists, according to the Graphika analysis here.

Nimmo said the accounts failed to attract any significant following with many posts only receiving a handful of shares, but got more traction on Gab and Parler – two social media platforms favoured by right-wing users for their lax approach to content moderation.

Paul Rockwell, head of trust and safety at LinkedIn, said his company had previously suspended three NAEBC accounts. “This is part of our regular work to actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors,” he said.

Facebook said it had stopped one attempt to create an NAEBC account and blocked the website from being shared on its platforms.

Twitter declined to comment. Before being contacted by Reuters, the company had already suspended NAEBC’s main account and an account in the name of Nora Berka, as well as blocking the NAEBC website address as a “potentially harmful” link.

A spokeswoman for Parler said the company was not aware of NAEBC and had not discussed the activity with law enforcement. Gab did not respond to a request for comment.

There undoubtedly have been deaths in the past caused by computer attacks. I once made a list of physical impact from network and system attacks going back to 1992.

What has just changed is someone is willing to go on the record saying a death happened and was directly related to computer security.

We know, for example, that hospital outages and patient deaths have been in warnings posted to American mainstream news since at least 1983:

By comparison, the latest news coming from Europe is that a delay in care due to ransomware has caused a particular patient’s death and that it should be treated as negligent homicide.

…ransomware attack crippled a nearby hospital in Düsseldorf, Germany, and forced her to obtain services from a more distant facility…

That’s is less news to me and more a chilling reminder of the talk I gave in 2017 in London about preventing ransomware attacks in healthcare.

As someone who parachuted into the front-lines of solving this burning problem at massive scale (personally leading significant security enhancements for the database company most affected by ransomware attacks — infamously insecure MongoDB) I have many thoughts.

Many, many thoughts.

Suffice it to say here, however, when I was building and running hospital infrastructure in the 1990s my mindset about this risk wasn’t much different than it is today.

If anything, it seems to me we’re seeing healthcare industry becoming more honest with the public about its hidden operational risks.

Reading news that an arsonist burned a hospital down — forcing a fatal diversion of patients — should prompt people to ask if failing to install sprinklers is negligence.

And then people should ask if a hospital construction company was building them with sprinklers that were optional or even non-operational, and whether THAT was negligent.

Those are the deeper questions here.

While there are cases of people driving around in circles intentionally to kill the person they’re supposed to be taking to the hospital (e.g. assassination, even more than negligence), they seem a targeted exception risk rather than the pattern.

It is a hospital’s burden of high availability (let alone a region or network of hospitals like the NHS) to plan for intentional low capacity (and their vendors’ responsibility) that should remain the focus.

Update Sep 28: A reader has emailed me an important reference to the case United States v. Carroll Towing Co., 159 F.2d 169 (2d. Cir. 1947), which formed a test to determine negligence (Burden greater than Loss multiplied by Probability).

It appears from the foregoing review that there is no general rule to determine when the absence of a bargee or other attendant will make the owner of the barge liable for injuries to other vessels if she breaks away from her moorings. However, in any cases where he would be so liable for injuries to others, obviously he must reduce his damages proportionately, if the injury is to his own barge. It becomes apparent why there can be no such general rule, when we consider the grounds for such a liability. Since there are occasions when every vessel will break from her moorings, and since, if she does, she becomes a menace to those about her; the owner’s duty, as in other similar situations, to provide against resulting injuries is a function of three variables: (1) The probability that she will break away; (2) the gravity of the resulting injury, if she does; (3) the burden of adequate precautions. Possibly it serves to bring this notion into relief to state it in algebraic terms: if the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i. e., whether B > PL.

Update November 12, 2020: German police say their exhaustive investigation found no connection between attack on the hospital information systems and human death.

After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim’s medical diagnosis at the time she was picked up was such that she would have died regardless of which hospital she had been admitted to. “The delay was of no relevance to the final outcome,” Hartmann says. “The medical condition was the sole cause of the death, and this is entirely independent from the cyberattack.” He likens it to hitting a dead body while driving: while you might be breaking the speed limit, you’re not responsible for the death.

Hitting a dead body with a car is not the analogy I was expecting, but I suppose it makes the point.