4

An Introduction to
Cybersecurity Ethics
 01 Introduction

Learning Objectives
.
02 What are the important ethical issues in
cybersecurity?

03 Common ethical challenges for cybersecurity

professionals

04 What are cybersecurity professionals’ obligations to the

public? Case Study 4

04 What are cybersecurity professionals’ obligations to the

public? Case Study 4
Introduction

“The most important thing is not life, but the good life. (Socrates,
1
399BC)
Love, kindness, beauty, friendship, courage, honour, joy

2 Technology increasingly shapes how human beings seek the good

life, and with what degree of success.

3 Technologies are not ethically ‘neutral’, for they reflect the values
that we ‘bake in’ to them with our design choices, as well as the
values which guide our distribution and use of them.

4 Technology greatly impact our opportunities for living a good life,

but its positive and negative impacts are often distributed unevenly
among individuals and groups.
What does ethics have to do with cybersecurity?
Cybersecurity practices have as their aim the securing of data,
1
computer systems and networks.
Primarily protect the integrity, functionality, and reliability of human practices
that rely upon such data, systems, and networks.

2 In protecting those institutions and practices, cybersecurity

professionals in turn are protecting the lives and happiness of the
human beings who depend upon them.

3 This means that ethical issues are at the core of cybersecurity

practices, because these practices are increasingly required to secure
and shield the ability of human individuals and groups to live well.

4 A broader and better understanding of cybersecurity ethics is

therefore essential to promoting and protecting human flourishing in
an increasingly networked society.

5 No single set of ethical rules, guidelines, or insights can provide

guidance in all cybersecurity circumstances
Important ethical issues in cybersecurity
HARMS TO PRIVACY: Identity theft, blackmail, extortion,
1
corporate or government espionage and misconduct, chaotic global
data ecosystem.

2 HARMS TO PROPERTY: Professionals tasked with cybersecurity

have a default ethical obligation to protect their organization’s
networks, or those of their clients, from any and all property-targeting
intrusions and attacks.

3 CYBERSECURITY RESOURCE ALLOCATION:

The task of identifying a justifiable balance between well-resourced
cybersecurity and other kinds of functionality is an ethical one.

TRANSPARENCY AND DISCLOSURE:

4 Cybersecurity is a form of risk management, and because those risks
significantly impact other parties, there is a default ethical duty to
disclose those risks when known, so that those affected can make
informed decision

5 CYBERSECURITY ROLES, DUTIES, AND INTERESTS:

Cybersecurity practices involve a number of distinct roles and
interests, some of which are in tension with one another.
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0
1. Ethical Challenges in Balancing Security With
Other Values
Strike an ethically acceptable balance between the value of
1
cybersecurity and other values that may be in tension with it.

2 Have honest conversations with clients, customers, employers, users

about how this balance will be struck.

3 Will we be able to justify our security resource allocations to

affected.

4 Do our actions reflect consistency, sincerity, and transparency in our

value commitments, or upon inspection will they reveal arbitrary,
inconsistent, insincere, or deceptive professions of value?
2. Ethical Challenges in Threat/Incident Response

Do we have an appropriate incident response plan, for each type of

1
threat or incident that we anticipate facing?

2 Do these include concrete action plans for the worst-case-scenarios,

including mitigation strategies to limit or remedy harms to others?

3 Do we have adequate resources and systems in place to successfully

implement our incident response plan?

4 What are the ethical gray areas we face in our incident response
practice?

5 How will we respond to ransomware attacks affecting our network or

users?
3. Common ethical challenges for cybersecurity
professionals

Do we have an ethically sound plan for when and how to notify

1
network/software users and other stakeholders of security incidents,
including breaches and vulnerabilities?

2 How do we meet the need for reporting that is accurate, timely, and
helpful?

3 Have we considered not only our own perspective, but the likely
perspective of other stakeholders?

4 Have we identified the ethically appropriate balance between

overreaction to breaches and vulnerabilities and underreaction?
4. Common ethical challenges for cybersecurity
professionals

How can we monitor our network effectively without ourselves

1
making unjustifiable intrusions upon users and their privacy?

2 How should we monitor and control network activity on personal

devices such as laptops and cell phones not owned by our
organization and legitimately used for many other purposes, as
opposed to devices that are the business property of the organization?

3 To what extent should users of the network be made aware of our

security monitoring activities?
How does this change depending on who the users are
(employees, customers, members of the general public, or
clients bearing their own privacy duties to others, such as
lawyers and health care professionals)?
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0
Common ethical challenges for cybersecurity
professionals
Ethical Challenges in Balancing Security With Other Values
1

2 Ethical Challenges in Threat/Incident Response

3 Ethical Challenges in Security Breach/Vulnerability

4 Ethical Challenges in Network Monitoring and User Privacy

5 Ethical Challenges with Competing Interests & Obligations

6 Ethical Challenges in Data Storage and Encryption

7 Ethical Challenges in IOT, Smart Grid, and Product Design

8 Ethical Challenges with Accountability for Cybersecurity

9 Ethical Challenges in Security Research and Testing

1 Understanding Broader Impacts of Cybersecurity Practice

0