Cybersecurity Ethics

This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.

Course Reflection

First Topic: General Ethics

Before I started this class I did not know about the various schools of ethical thought. I thought that there was one definition of ethical and one definition of unethical. Throughout the course I started to realize that asking if something is ethical or not is not really as straightforward of a question as I had previously thought. There is usually no clear answer, or at least no position that cannot be argued for or against. It is all about perspective. Especially in a field that is constantly evolving like cybersecurity. I think the module on Whistleblowing reinforced this idea the most. Just because I think an action is ethical does not mean everybody ese does. We can disagree. It is ok. We just have different perspectives. Our experiences have helped to shape these perspectives and no two people are going to have the exact same experiences. Definitions of “right” and “wrong” can be normative as and personal. My main takeaway from this topic is:

Takeaway: Perspective is everything. Remember to try and see things from a different point of view.

Second Topic: Data Security

The case studies on Data Ethics and Online Privacy really helped reinforce my belief that there is really no such thing as real privacy on the internet. Once you put a piece of data online it is almost impossible to erase it. I think this is especially relevant to social media companies. When a person creates a new social media account, they provide personal information that can include their name, birthday, location and personal interests. This information serves as an attractive target for malicious actors looking to compromise their accounts. Once the company has that information, you are not getting it back. After that, you just have to trust that they are going to protect it. That is not always the case. But social media companies are not the only problem. Pretty much anybody can figure out the basics of data mining in twenty minutes on YouTube. It is used a lot in sales industries. Even when a company assures you that your data is safe they can still sell it and it can still be mined. Looking at you Twitter and LinkedIn. Before this course I had always assumed that data security was an issue, but now I just how serious it is. My main takeaway from this topic is:

Takeaway: There is no such thing as real data security online.

Third Topic: Ethics at Work

The module on whistleblowing was probably my favorite topic that we covered this semester. It was really interesting trying to figure out the thought process associated with blowing the whistle on your employer. Leaks like Snowden’s and Manning’s are always going to be controversial as is anything involving the government or the military. I found it interesting that people have really strong opinions about them that tend to take one extreme form or the other. It seemed like people either believed Snowden should be hung as traitor or elected president. There is not much middle ground there. The main question I wanted to answer was, “why?” I had always wondered why Snowden, or Manning, would risk their lives to expose their employers? My conclusion is that they felt they needed to. They felt that the world would be a better place with that information out in the open. My main takeaway from this topic is:

Takeaway: Just because something is illegal does not make it unjustified or unethical.