I had a few expectations before beginning this course. I fully expected to learn about different moral philosophies and how they could be applied in the realm of cybersecurity. I did not expect to walk away from the course with more questions. This in itself is not a bad thing, as these questions have left me with a deeper understanding of cybersecurity ethics. Through discussions with my peers, readings and forming my analysis on each topic, I have gained awareness and perspective on the issues that present ethical dilemmas in today’s interconnected world. Of the topics I studied this semester, three main topics stood out to me: corporate social responsibility, whistleblowing, and applying the “Just War” concept to cyber warfare.
I was always aware of business role in society. Companies like Amazon and Facebook affect our day to day lives in shopping, communication and navigation. With so much access to our data, I always believed that they should be held responsible. Because big companies hold so much power in society, I held the belief that they should also have rules and policies in place to prevent privacy breaches and misuse of their technology. While I still hold this position to be true, after this summer course I now also consider the role of consumers and the government in social responsibility. Through the readings I have learned that business main objective is to make a profit and that holding corporations responsible for their role in society can present a conflict of interest. And although corporations should be responsible for their actions, society and government should also play a major role in enforcing laws and regulations to ensure compliance. When examining future cybersecurity breaches in the future, I will now have this understanding of checks and balances in mind. Not only will I think about what the company had in place, but also what outside oversight was provided.
The question of oversight not only applies to private businesses, but also to government practices. In regards to whistleblowing, I have always believed that most whistleblowers such as Edward Snowden were disloyal, and that the act of whistleblowing to the media especially in the United States was wrong and irresponsible when there are channels built into business and government that protect and facilitate a less scandalous way to raise issues. Although I still believe that whistleblowers should engage in existing whistleblowing processes before going to the media, my views on the motivations of whistleblowers have changed. I have learned that whistleblowing can be an expression of loyalty: loyalty to an established code of ethics, loyalty to public safety, and loyalty to a company’s vision. I have also learned the importance of having a comprehensive policy and code of ethics to prevent an issue that a whistleblower would need to raise in the first place. Having a system in place to address such issues and concerns internally when policy does not cover the issue whilst protecting the whistleblower is just as important as having policies itself, because whistleblowing happens when policy is seen as inadequate by the whistleblower. As a cybersecurity professional, it is often my responsibility at work to create, review or implement processes and regulations as well as provide training to end users. With the new perspective I have gained this semester I will in the future take into account the importance of providing an avenue for issues raised that policy does not cover. Understanding the motivations behind whistleblowing has also better prepared me now to engage with potential whistleblowers and addressing their concerns.
Lastly, this semester has deepened my understanding on the characteristics of cyberwarfare. Through comparisons between cyberwarfare and the “Just War” model, I have learned that cyberwarfare differs greatly from conventional warfare. As such, in order to remain ethical in conducting cyberwarfare, I learned important nuances in attributing attackers, the importance of avoiding civilian casualties and to not escalate cyber warfare into physical warfare. Learning about how it is waged also has deepened my perspective on what is presented to me on social media. I am now more wary and less trusting of what is presented on social media as it may be manipulated. Although I have always believed in a free internet, I will now support in the future regulations that allow for better attribution in order to better trace the origin of cyberattacks.
In conclusion, after taking this summer course, I have walked away with a deeper understanding of ethics as it applies to cybersecurity. Tech businesses have incredible involvement in our day to day lives, and that presents challenges that we are still figuring out as a society: who to hold accountable, how to raise concerns when boundaries are crossed. It all comes down to how do keep the public safe. In today’s interconnected world, cybersecurity professionals bear a large part of that burden. It is my responsibility. This course has given me the tools and started me down a path to continually seek to understand today’s technology and use ethics to critically question and address today’s issues.