Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
Over the course of this class, my critical thinking revolving around cybersecurity and the role ethics plays changed in ways I did not expect. I came into this course with surface-level understandings of right and wrong, only to realize that ethical decision-making in this field is much more complex and that theories of philosophy can be applied to any problem in cybersecurity and can help me better understand the important role that ethics plays. Below are three areas where my views have evolved.
Utilitarianism, Data Breaches, and Corporate Social Responsibility (CSR)
Working in a Patent and Trademark Law firm I’ve had somewhat of an understanding of Corporate Social Responsibility but viewed this as something that was optional. I thought if a business followed the law, then it had met its basic obligations. After learning about CSR through the lens of utilitarianism, my perspective shifted. The utilitarianism philosophy is the concept of doing the greatest good for the greatest number and when companies suffer data beaches or mishandle private information, the negative ramifications often fall on the public rather than the corporation itself. These negative ramifications can include emotional, financial, and issues. This course made me realize that CSR isn’t just about protecting a corporation’s reputation but rather actively preventing harm and protecting people. True responsibility means building ethical practices into the core of how a business operates, even if that means that means sacrificing short-term profit for long-term trust and safety.
Kantian Ethics and Professional Codes in Cybersecurity
The theory of Kantian ethics emphasizes respect. The philosophy is all about doing the right thing out of a sense of duty, respecting others, and never using people just to get what you want–instead it’s about valuing them for who they are. Kantian ethics was a bit difficult for me to understand in the beginning and how it could be applied to a real-life scenario in cybersecurity. However, the more I studied professional codes of ethics the more this theory began to click. Being ethical in Cybersecurity (any professional setting for that matter) isn’t just about meeting legal obligations. It’s about making sure your product protects the public even when no one is watching. My perspective shifted and has now taught me in my line of work that we need to be more proactive. Anticipating if any product we are working on will cause any harm. Not only that but that we truly have to be transparent and prioritize user trust and safety even if an employer does not agree with this approach. In the end being a true professional means doing the right thing even when it’s hard.
Whistleblowing and the Ethics of Care
I have always been partial to Whistleblowing. I think in most instances when whistleblowing has happened it was done for the greater good. However, often times it can be seen as a form of betrayal. Especially in highly sensitive fields like cybersecurity or defense. The course emphasized my thoughts on whistleblowing and how it’s not necessarily a betrayal especially when viewing whistleblowing through the lens of Ethics of Care. Ethics of care highlights the understanding of loyalty by not leading by blind obedience but rather relational responsibility. Whistleblowing is not always disloyal. Rather in most instances whistleblowing is the most loyal thing someone can do as it forces an organization to be held accountable to the values it claims to represent. Loyalty and whistleblowing can go hand and hand if the goal is to prevent harm and protect others rather than staying silent to protect oneself.