Computers have made it very easy for attackers to defraud, deceive and evade the privacy of the victims.
The proliferation of the internet has enabled hackers to perform cyberattacks and to exploit systems for various reasons. As a result methods and solutions to secure have grown over time to prevent cyberattacks and the metaphorical race is showing no sign of stopping.
IBM pointed out that cybersecurity professionals must be as “black hat hackers” as they are ethical, the reason is that their tactics match but instead of exploiting these can be used for safeguarding.
The security of system, data and organization are dependent on the professional standards, practices, and principles of employees, i.e., people come up with solutions but people are also responsible for causing problems. There are different ethical issues when it comes to using the internet and being in a cyber domain.
There is no argument that cyberattacks are illegal, but most cyberwar attacks do not legally fall into “breaches” or “war crime” categories.
Cyberattacks cause destruction to civilian computers as well as damages to reputations so an “ethical attack” is very hard to guarantee in cyberspace. So what legal and ethical implications do cyberattacks have?
What are the important ethical and legal issues in cybersecurity?
- Misuse to Confidentiality and Privacy
Computers have made it very easy for attackers to defraud, deceive and evade the privacy of the victims. Due to a large amount of the information stored online (computers, servers, cloud, etc.) it has become easy for attackers to access it. Usually, people trust organizations with information that is not intended for others but today, we are now seeing examples of information being disclosed without consent which leads to ethical and potential legal issues. A common example of privacy breach is identity theft, in this case the attacker spoofs the identity of the person and impersonates the victim usually in financial transactions.
- Piracy and Misuse to Property
Making illegal copies of the software and sharing content illegally without the knowledge of the owner is ethically wrong and can cost the owner profit.Creators of software are concerned with piracy and are finding ways to battle against it. Public and private partnerships are forming to combat the problem. Industry giants such as Microsoft and IBM say they are losing more than billions of dollars because of piracy.
- Resource Allocation for Cyber Security
Cybersecurity professionals come across the issue of allocating the right resources while ensuring security in the organization as it can be very costly in terms of time, efforts, cost, and experts. It can also be costly for systems and networks, i.e., it can affect storage (by storing logs, metadata, and additional information), computational power (to implement different algorithms), power efficiency, network speed, and bandwidth, etc. it is not efficient to secure a network completely but as a result, the network is unusable.
- Transparency and Disclosure
Another issue for cybersecurity professionals is to provide transparency to their clients. Companies offering services online are continuously open to risks and vulnerabilities. These risks and vulnerabilities must be disclosed to clients as soon as these are identified so they can take decisions timely and use any defense mechanism.
- Cybersecurity Roles, Duties, and Interests
There are different roles involved in cybersecurity practices focusing on different interests and many of these roles are unclear. The ethical concerns of their roles are unclear and are in tension with each other.
Common ethical challenges for cybersecurity professionals
It is possible that a legal practice, is unethical and can lead to causing harm to network, client, company, etc. there are different ethical challenges that cybersecurity professionals face:
- To balance security with other values, like to prevent data leakage, security experts have to evade the privacy of employees.
- To create a foolproof incident response plan to handle and mitigate if an incident occurs.
- Create a plan for timely identifying vulnerabilities and reporting to employees, clients, and other stakeholders.
- To monitor the network without intruding on users and their privacy.
- To ensure confidentiality and integrity of data while storing on systems, on clouds, or by sharing it with third parties.
- To define roles properly for accountability.
What ethical frameworks can guide cybersecurity practice?
Several ethical frameworks address these challenges and ensure cybersecurity practices.
- Virtue Ethics: This framework does not search rules for right or wrong but focuses on the quality of the person. These are also termed as character biased as it tells us about the person’s virtuous character and how one did develop his character.
- Consequentialist/Utilitarian Ethics: Consequentialist theories are the theories of ethics that describe principles to guide the moral action through the expected results of those actions. A common form of this theory is utilitarian ethics which tells the moral laws in any situation.
- Deontological Ethics: These are based on the rule of ethics in which there are one or multiple rules or obligations declared to identify the responsibility or moral code of life.
What are ethical best practices in cybersecurity?
A detailed code of ethics should be included in every profession and organization to ensure ethical best practices.
- Making or usage of the system by keeping in view the human’s interest by checking whether the system running is in favor of human lives or not.
- Designing technically as well as socially for encouraging the security and privacy aim in the organization.
- Implementing protocols and protective measures such as email and domain security best practices. Monitoring DMARC and DKIM correct implementations and SPF record check to prevent human error and attacks as much as possible.
- Encourage me to take input from the different stakeholders as this will overcome groupthink in the ethical risk assessment.
Upon considering all the issues, challenges, and practices, it is determined that a workplace generates a wide range of ethical issues and it is challenging for security specialists to ensure security while being on ethical premises. There are different frameworks to facilitate the specialists to ensure ethical practices and help people understand the ethical values while using online services.