Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cybernetics and the ways that fundamental ethical theories relate to these core issues.
Course Materials
Course Reflection:
The three topics that I want to reflect on are Professional Ethics, CSR, and cyberconflict. All of the topics in the semester have influenced me to think of cybersecurity through the lens of philosophy. Although it was a ruff start, I eventually understood how to analyze cases related to cybersecurity and ensure that I understand the topic of cybersecurity ethically.
For professional ethics, my thinking process of the case analysis was different from what I wanted it to be. I used the deontology tool to attempt to explain why Sourour’s code was morally problematic and what he should have done differently to fix the issue. Though the deontological tool was ideal for the essay, I did not correctly use it to its full potential in the body paragraphs. If I had added more details or just read the articles over one more time then I would have understood it fully. Other than that, my position on the case study hasn’t changed because tweaking the algorithm is an efficient way to decrease the issues that Tufekci identifies in her ted talk. Though one person agreed, they thought that it should just be removed entirely and replaced with clearer guidelines for companies collecting user’s data. This could work but the flaw would be that companies would not do that because it would expose their schemes of what they do with the collected data.
But, the CSR was a bit harder to understand when first starting the module because I did not know what CSR was. The HTF case study made it clear to understand that something could be ethically wrong or right based on the opinion of what the students think about the three arguments. The case analysis on CSR was easy to do since the article stated the obvious of who the Equifax Breach harmed. The breach harmed people that used their services for the benefits of selling their data. Because of it being obvious based on context clues, it was easy to come up with which ethical tool to use and how it was morally bad.
Lastly, the recent module of cyberconflict is made to analyze if cyberwarfare can be justified or not. Based on the case study, I thought that it was not justified because it targeted a nuclear-plant, if done incorrectly, it could’ve done more harm than good. The evidence provided from the article talking about the Stuxnet attack is that they considered it to be politically motivated. It could also be because most critical-infrastructure companies have not updated their computers for 30 years. This would leave it to be vulnerable to many attacks, meaning that they should update their software to protect from future attacks. My position has not changed because cyber conflicts could lead to cyberwar if it falls into the wrong hands.
My thoughts and positions on these topics haven’t changed but instead were motivators to make me think about the other ways to discuss cyber security. All of the case analysis I have done influenced me to look at it through the lenses of the ethical tools I chose for an understanding of the three topics in reflective writing. If I hadn’t taken this class, then it would not have opened my mind to these topics nor to think about cybersecurity in general on a philosophical level.