cyberphilosophy

Chapter 2: Cybersecurity and Ethics: Why Does it Matter?

Section 1: Real-World Examples of Ethical Dilemmas in Cybersecurity

Cybersecurity is not just a technical field but one that is filled with ethical considerations. We’ll explore a few examples to illustrate this point:

  • Privacy vs. Security: Consider a company that has just developed an advanced surveillance tool that could effectively detect potential terrorist threats online. However, the use of this tool involves monitoring internet traffic, which might infringe upon individuals’ privacy rights. Is it ethically justified to compromise privacy for the sake of security?
  • Disclosure of Vulnerabilities: Suppose a security researcher discovers a major vulnerability in a widely used software. The researcher is faced with the ethical question of how to disclose this vulnerability. Should they disclose it immediately to the public to inform potential victims, or should they first inform the company responsible for the software, allowing potential abuse of the vulnerability in the meantime?
  • Hacktivism: Imagine a group of hackers who identify unethical practices in a large corporation and decide to expose these practices by hacking into the corporation’s servers and leaking confidential data. The hackers believe they are promoting justice, but they are also breaking laws and possibly harming innocent parties. Are their actions justified?

These examples highlight the ethical challenges in cybersecurity, emphasizing the necessity for ethical frameworks in decision-making within the field.

Section 2: Existing Ethical Standards in the Cybersecurity Profession

The cybersecurity field has developed several codes of ethics, such as those from the International Information System Security Certification Consortium (ISC)² and the Information Systems Security Association (ISSA).

Code of Ethics from the International Information System Security Certification Consortium (ISC)²:

  1. Protect society, the common good, and the infrastructure: Cybersecurity professionals should prioritize the well-being of society, promoting security measures that safeguard critical systems and protect against threats and vulnerabilities.
  2. Act honorably, honestly, justly, responsibly, and legally: Professionals must adhere to high ethical standards, demonstrating integrity, honesty, and fairness in their actions. They should also comply with legal requirements and regulations.
  3. Provide diligent and competent service to stakeholders: Cybersecurity professionals should strive to provide reliable and effective services, employing their expertise and knowledge to protect stakeholders’ information and systems.
  4. Advance and protect the profession: Professionals should contribute to the development of the cybersecurity field, promoting best practices, sharing knowledge, and maintaining a commitment to continuous learning and improvement.
  5. Be responsible for individual actions and decisions: Professionals must take responsibility for their own actions and decisions, ensuring that they align with ethical standards and contribute positively to the field of cybersecurity.

Code of Ethics from the Information Systems Security Association (ISSA):

  1. Protect society, the common good, necessary public trust, and confidence: Cybersecurity professionals should prioritize the welfare of society, working towards creating a secure and trustworthy digital environment for all.
  2. Act honorably, honestly, justly, responsibly, and legally: Professionals should maintain high standards of conduct, acting with integrity, honesty, and fairness in all professional interactions. They must also comply with applicable laws and regulations.
  3. Provide diligent and competent service to principles: Professionals should deliver reliable and competent services, continually updating their knowledge and skills to provide effective cybersecurity solutions.
  4. Advance the professional competence and stature of the cybersecurity workforce: Professionals should actively contribute to the development and growth of the cybersecurity profession. This includes promoting education, sharing expertise, and supporting the professional development of others.
  5. Support the ISSA mission: Professionals should align with the mission of the ISSA, which aims to foster a community of professionals dedicated to the advancement and ethical practice of information security.

However, these principles often provide a high-level guideline and can be open to interpretation. For instance, what does it mean to ‘avoid harm’ when our actions may have unintended ripple effects in the digital ecosystem? It’s clear that we need more nuanced ethical thinking to navigate these complex issues, which is where Aristotle’s ethical theories can offer valuable insights.

Key Takeaways

  • Cybersecurity is rife with ethical dilemmas, such as balancing privacy and security, deciding how to disclose vulnerabilities, and considering the implications of hacktivism.
  • Existing ethical standards in the cybersecurity field provide a starting point but often lack the depth and nuance needed to address complex ethical issues fully and this is the reason why I designed this course.

Activity
Reflect on your own experience in the cybersecurity field. Can you recall any situations where you faced an ethical dilemma? What were the key considerations that influenced your decision? If you haven’t faced such a situation, imagine a potential scenario and think through how you might respond.

Some scaffolding to help you out: Chapter 2: Activity: Reflection on Ethical Dilemmas

Recommended Reading
“The Ethical Hacker’s Dilemma: Developing a Code of Ethics in a Post-Stuxnet World” – Explores the ethical issues and dilemmas cybersecurity professionals face in the wake of advanced cyber attacks.