Cybersecurity Ethics

Overview

• Ethics - a branch of philosophy concerned with exploring, systematizing, and defending concepts of right and wrong as they pertain to conduct

• Cyberspace has many qualities that lead to temptation and ethical grey areas:

  • Cyberspace is a dark environment

    • Anonymity diminishes accountability

    • Most of the internet (about 90%) is inaccessible by search engines

  • Cyberspace creates distance between actors and consequences

    • Actors may not understand or be aware of the consequences.

    • Consequences may not have the same emotional or moral impact.

    • Lead to “online disinhibition” effect.

  • Cyberspace still a relatively new domain

    • Technologies are released more quickly than laws

    • Most people don’t understand how the technologies work

    • Creates a “frontier mentality” and a sense of impunity

• Hacking can typically be split into 3 categories:

  • Illegal Hacking (“Black hat”)

    • Hacking without consent, often to gain information, power, or resources

    • Can include exploiting systems, deploying malware, breaking laws, etc.

    • Creates the negative connotation hacking os often associated with today

  • Legal Hacking (“White Hat”)

    • In contrast, utilizes the same or similar skills as illegal hacking, but with consent.

    • Allows for testing security in a controlled and legal environment (think penetration testing).

    • Important for proactive cybersecurity and redirecting offensive cyber skills

• When professionals in a field are given a significant level of access and trust, it is important for that field to develop a robust culture of ethics. Ethics are not, themselves, laws. However:

  • In some professions, violating the code of ethics could disqualify your license to practice.

  • For professions that do not require a license, a violation could still cause membership in professional societies to be revoked.

  • If professional misconduct results in legal action, lawyers can use the code of ethics to argue that the perpetrator’s actions were understood to be inappropriate by professionals in that field

• In addition to providing guidance and encouraging morally responsible behavior, codes of ethics also provide the following benefits:

  • Imbues the profession with a sense of dignity and elevates the status of those who work in it.

  • Clarifies the appropriate course of action when laws are underdeveloped or ambiguous

  • Removes plausible deniability from those who practice unethical behaviors

• Gerd Leonhard’s ethics manifesto - five human rights that may be endangered as technology advances:

  • The right to be anonymous

  • The right to disconnect

  • The right to be inefficient

  • The right to involve humans

  • The right to remain natural

• Utilitarianism

  • Proposes that actions be evaluated according to the benefit they provide to the affected parties.

  • this is a form of consequentialism wherin morality is determined by the consequences of actions

  • Generally, utilitarianism measures the value of an action by the amount of happiness and well-being it promotes, weighed against the amount of misery and unwellness it promotes

  • While utilitarianism equates moral goodness with happiness and well-being, it does so on a universal scale (as opposed to an individual scale).

  • Moral goodness is not determined by what makes the actor hapy, but with what produces the greatest goodness overall.

  • Utilitarianism comes in two main forms - act and rule utilitarianism:

    • Act Utilitarianism - “In any given situation, choose the action that produces the greates tgood for the greatest number.”

    • Rule Utilitarianism - “In any given situation, act according to rules that, when applied generally, will likely lead to the greates tgood for the greatest number.

• Deontology

  • Proposes that actions be evaluated by their adherence to a set of rules or principles, independt of their consequences. It can be described as duty based ethicss

  • next two bullet points go here

• Kantianism

  • A form of deontology which discuesses the ideas of hypothetical imperatives and categorical imperatives.

  • A hypthetical imperative is a rule that someone ought to follow to achieve a desire, and is mostly unrelated to moral reasoning (ex. if you are craving an orange you should eat an orange.)

  • other bullet point here

  • Categorial imperaitves are deteremined by formulas, which are guidelines for creating and following moral rules.

    • One formula, the universalizability principle states:

      • Act only in accordance with that maxim through which you can at the same time will that it become a unisera

    • Another formula, the humanity principle, states

      • So act that you use humanity, whether in your own person or in the person of any other, always at the same time as an end, never merely as a means.

• Social Contract Theory

  • Proposes morality as a set of rules that people agree to accept for their mutual benefit, on the condition that others follow those rules as well. Ther fill points out here

• Virute Theory

  • Proposes that morality is determined by virtues ( set of character traits) to which a person should aspire

  • Virutes must be balanced between deficiency and excess

  • When making fil here

  • Virtue must be balanced to ensure that a person does behave in opposition to that virtue (ie a deficit) or with oversealous commitment to it (ie an excess)

  • fill bulets points here