Cybersecurity, Technology, and Society

“but stateless the man who dares to do what is shameful” (Sophocles).

                Antigone is a character who has it all by ancient standards. Nonetheless, Antigone experiences a moment of understanding. Antigone learns the importance of ethical behavior.  As technology has advanced man has remained constant within ideological, social, and ethical frameworks. “There is nothing new under the sun” (English Standard Version Bible, p. Ecclesiates 1:9c) as Solomon writes in old Hebrew poetry.  Technology changes, processes change, but humans and respective community groups dynamics do not change as frequently. One could say that we are techno-peasants. Yes, I may have a different means of transportation, a different type of skillset, but the ethical tenets established so long ago, are still followed.

                Hans Jonas writes differently. “Modern technology has introduced actions of such novel scale, objects and consequences that the framework of former ethics can no longer contain them” (Jonas , 1973, p. 38). I disagree because I value the strength in the validity of the ethical tenets.  Hans Jonas goes on to explain that we must govern our own actions. We must exercise self-control within our business and personal dealings. How might one impose western code of ethics on persons who have differing ideological understandings? My Judeo/Christian ethics may not be accepted by others who have dissimilar beliefs.

                As Cybersecurity professionals, we should approach the development of cyber-policy with a value mindset. All individually held beliefs and valuations should be considered equally as policy is drafted. However, not all ethical standards should be included. The consensus of the group should determine what ethical points should be included. This process should model the Institute of Electrical and Electronics Engineers adoption of a code of ethics. IEEE has many members from many different people groups, yet the code of conduct covers all the members. See Artifact One.  The code of conduct is written in simple language, which describes respectfulness and kindness to one another. Individuals are expected not to damage another’s reputation, nor are the members allowed to take what is not theirs.  This is how individuals may hold ethical standards high and be respectful of others which may have differing ethical standards. Additionally, this is the model for Cybersecurity professionals could follow when drafting cyber-policy and infrastructure use policy.

                Approved by the IEEE Board of Directors, June 2014 We, the members and employees of IEEE, recognize the importance of our technologies in affecting the quality of life throughout the world and we accept a personal obligation to our professions, the members of IEEE, and other individuals involved in IEEE activities in our fields of interest. By this obligation we commit ourselves to the highest standards of integrity, responsible behavior, and ethical and professional conduct. We agree to be bound by the following rules:

1. Be respectful of others • We will be respectful of others, including IEEE members and IEEE employees, and will act in a professional manner while participating in IEEE activities. • We will be respectful of the privacy of others and the protection of their personal information and data.

2. Treat people fairly • We will not engage in harassment of any kind, including sexual harassment, or bullying behavior whether in person, via cybertechnology or otherwise. • We will not discriminate against any person because of characteristics protected by law (e.g., age, ancestry, color, disability or handicap, national origin, race, religion, gender, sexual or affectional orientation, gender identity, gender expression, appearance, matriculation, political affiliation, marital status, veteran status).

3. Avoid injuring others, their property, reputation or employment • We will avoid injuring others, their property, data, reputation, or employment by false or malicious action. • We will not engage in or participate in the spreading of any malicious rumors, defamation or any other verbal or physical abuses, against an IEEE member, employee or other person, whether on the Internet or otherwise.

4. Refrain from retaliation • We will not retaliate against any IEEE member, employee or other person who reports an act of misconduct, or who reports any violation of the IEEE Code of Ethics or this Code of Conduct. • We will not retaliate against any person who makes IEEE aware of the violation of any laws, rules or regulations in connection with IEEE activities.

5. Comply with applicable laws in all countries where IEEE does business and with the IEEE policies and procedures • We will comply with all applicable laws, rules and regulations governing IEEE’s business conduct worldwide and all relevant procedures established by IEEE whenever and wherever we are acting on behalf of IEEE, or participating in IEEE activities, including but not limited to the following: a) Rejecting bribery in all forms. b) Avoiding real or perceived conflicts of interest whenever possible, and disclosing them to affected parties when they do exist. c) Protecting confidential information belonging to IEEE and personal information belonging to IEEE members, employees and other persons. d) Not agreeing with competing persons to fix prices or reduce price competition through allocation of customers or markets, manipulate bids in any competitive bidding process, or engage in other acts that result in restraining trade. e) Not misusing or infringing the intellectual property of others.

As cybersecurity professionals, we should approach the development of cyber-policy with a mindset which places value on the individual.

Herding cats. Regulating ubiquitous computing is a lot like herding cats. If one gathers two cats, then the two cats will begin fighting, Then the herder has none corralled, for the two cats have run away fighting. If there is diminishing state power, competition will force ambient intelligence producers to make improvements to the product or service. Consumers will demand certain services and certain features to make their world convenient and comfortable.

The impetus, propelling producers to market devices which deliver convenience and comfort, is the impetus to produce a profit and curtail costs and reduce expenses.  Economies of scale produce more utils at the beginning of the product’s lifecycle but decrease as the product lifecycle progresses with age. Subsequently the law of diminishing returns is experienced, and the discovery cycle of more ambient intelligence begins. Verbeek also states “these ‘intelligent’ technologies can also interact with our decision-making process”(Floridi, 2009, p. 221). I disagree by citing humans will always sidestep new technologies in order fulfill desire, wants and needs. So, the smart toilet will not be a smart choice to install.

Even though the state may have reduced power, the market still has greater influence over developing innovative products. Have comfort and entertainment become powerful commodities that consumer is to accept the intrusion of the Panopticon (Verbeekp. 223), which is being marketed as 5G cellular network connectivity?

As innovation increases “the intelligification and networking of the material world”, the state should enact Anti-Trust laws to promote competition and foster innovation. This legislation, coupled with innovation and nurtured competition will be the basis to monitor markets, businesses, groups, and individuals within the state with limited power.

• 

As technology advances at the speed of light through fiber cables and cloud hosting sites, cyber offending is also advancing at an exponential rate. With many different technologies being utilized and deployed, the number of cyber offenses is also increasing. Lawmakers are struggling with the currency of present legislation. Additionally, lawmakers are reconciling cyber offenses with offending that is traditionally perpetrated. In the article entitled: Using Labeling Theory as a Guide to Examine the Patterns, Characteristics, and Sanctions Given to Cybercrimes, Brian K. Payne, Brittany Hawkins and Chunsheng Xin present the importance of using labeling theory to order and catalog cyber offending.

Labeling theory, in short, has an “aim towards identifying how these offenses are socially constructed in comparison with traditional crimes, white-collar crimes, and international crimes” (Payne, Hawkins, & Xin, 2018). Crimes have changed over the course of history, but the perpetrators’ motives have not: greed, jealousy, hatred, anger. All are powerful motives. How does one quantify cyber offending when the motive of the crime is greed or jealousy? It is easy to quantify cyber offending when the motive is monetary gain.

The article details current criminological studies’ focus: exploration and testing. Criminologists are exploring cybercrime specificity and various testing. The findings are addressing additional theories: self-control theory, differential association/learning theory, neutralization theory and routine activities theory. “In other words, while not fully explaining cyber offending, some criminological theories can be used to explain different aspects of the behavior” (Payne, Hawkins, & Xin, 2018).

Labeling theory can explain cyber offending, and “is concerned with how behaviors come to be conceptualized as crime” (Payne, Hawkins, & Xin, 2018). I cyber offenses were compared with traditional crimes, modifiers and quantifiers would be compatible, such as illegal, harmful, and deviant. “Traditional definitions of cybercrime might focus on the behavior as deviant construct” (Payne, Hawkins, & Xin, 2018). Morality may also be used as a testing indicator with regards to child pornography. Do criminologists categorize cyber offenses as White-Color crime? What are the two differentiational methods for Cyber White-Collar crime? According to the article, the crime was committed at work, and the offender caused harm as an employee.

Cybercrime knows no boundaries, and jurisdiction becomes unclear as new technologies blur national and international boundaries. How do federal authorities prosecute international cyber offense, and how does jurisdiction impede prosecution of cyber criminals? Does gender affect prosecution and sentencing for cyber perpetrators?

In closing, labeling theory can help criminologists order various cyber offenses which may fall out of scope with traditional crimes. Criminologist may differentiate between male and female offenders and order sentencing following prosecution. By studying cyber offending and applying label theory, the testing agent may be able to determine how the offenses are executed and delivered. The criminologists[CK1]  might be able to understand Cyber Offending.

References

Payne, B. k., Hawkins, B., & Xin, C. (2018). Using Labeling Theory as a Guide to Examine the Patterns, Characteristics, and Sanctions Given to Cybercrimes. American Journal of Criminal Justice.

Abraham Maslow outlined a hierarchy of an individual needs. The hierarchy builds from the lowest level, being the Physiological, to the highest, rarely attained level of Self-Actualization. As an individual transitions from the Physiological phase to the Safety phase, the individual’s needs also shift and change. The transition from food, water, warmth, and rest give way to needs of security. The individual wishes to retain the basic physiological needs of food, water, and shelter. The individual must seek to secure or align with a group to secure the basic needs for the group and individual. As the individual transitions from singular person to being a member of a group, then the needs change from Security to Belongingness.

Relationships develop along with a strong sense of comradery, which strengthen the group. Now the individual has 3 of the more important needs met: Physiological, Safety, and Belonging. Now the individual seeks to be held in esteem within the group; therefore, the individual works or creates to add value to the group.  Perhaps, the individual has natural talent, and this talent would strengthen or propel the group into a higher status among other groups. This individual would be held in esteem by the other members of the group.

 The highest level in Maslow’s Hierarchy of Needs is the Self-Actualization, where the individual achieves full potential.  Realization of achieving full potential does not occur frequently for there are many hindering factors. Such factors might be imminent war and conflict. Some factors may be cultural and environmental. Another factor, perhaps, the most disheartening, is lack of motivation within the individual. In the next few paragraphs, I will illustrate Maslow’s Hierarchy of needs based on my own experiences with technology. My illustration is not one of linear ascent, but one of progression and digression. Oftentimes, there is no traceable pattern of progression as presented in a chart. My illustration is more like a scatter chart with pinpoints of events, decisions, and consequences.

I peaked early in life. I was not even 17 when I joined the after-school club: Basic programming. I had so many projects that I wanted to do. I was very fortunate that the Club’s Sponsor was very kind and patient with me. I wanted to write a Basic program, which would cause the cursor to move on the display; to twinkle. I just didn’t understand concepts behind writing such a challenging program. I wanted to incite randomness not truth tables. I aimed straight for the Self-Actualization level, seeking to be held in esteem by my classmates and educator. I failed miserably. My needs of self-esteem and self-actualization were not met, so I proceeded to the University to acquire more knowledge.

At the University, I enrolled in many programming classes. I even would say that I tangentially aligned  in class with the future Dr. Michael Mann. I believe that we were enrolled at the same time at the University. I failed, again, miserably at mastering computer programming. My impetus to study computer programming was to secure a well-paying job, based on skill and technology. I graduated with little technological training, for Microsoft was still in its infancy. I was able to find a full-time employment, but not in my field of study. I remained with that employer for over 15 years, satisfying my physiological needs for food, water, shelter, and warmth. While working during that period, a day seminar was advertised; the topic was the internet. This seminar was offered around the early 1990’s, 1991 or 1992, and the talk was held at New Horizons in Hampton, Virginia. Even though, I was satisfying my basic needs, I was also satisfying the highest need of self-actualization. I was satisfying my curiosity and appetite for knowledge and trying to figure “IT” out.

While remaining at the physiological level, I satisfied 3 of the levels simultaneously, during one potentially catastrophic, global event: Y2K. The motivation was clear, and the objective was real: test the computer program in “Test” and “Live” for any abnormalities. Did the program behave the same in both test cases? I could not fail, for my coworkers were my friends, and the safety of the customers, shareholders were at stake. My job was at stake, even though the testing was tedious and grueling. Documentation required an exactness from me, at that time, I did not have, but now I do.

I still have not reached self-actualization, but I still must try to reach that level. I am still learning, and I am still striving to understand “IT”. Sometimes, I misspeak, and I covet correction when I do. There is so much learning available now than there was then. Sometimes, I just become so happy that I am in the catbird seat:  able to reflect on past technologies and learn new the processes of today.

Human behavior is fascinating to watch, even more so to catalogue and index. There are those who wish to engage in “people watching” for the entertainment value. There are those which study human behavior for research and education. Studying human behavior to gain further insight into criminal behavior and activity requires a set of standards and practices. This journal entry will detail the 7 principles of social science and how these 7 principles relate to Cybersecurity principles and procedures.

In the book, “The Social Order”, Robert Bierstadt validated the legitimacy of the Social Sciences in relation to Natural Sciences. Subject study, within the Social Science framework, may fall under the same categories as Natural Science study. The 7 principles are as follows: Relativism, Objectivity, Parsimony, Empiricism, Skepticism, Ethical Neutrality and Determinism. To ensure valid and credible test results, the social scientist must adhere to principles listed above. By studying certain behaviors, indexed by conduct and exploit, the social scientist may present legitimate findings on criminal behavior and offer solutions to strengthen the defense in depth tactic and establish zero trust practices within a computer network.

The Relativism precept explains that all systems are interrelated, and changes within one system will affect other systems. For example, the educational system relies on changes in technology to facilitate classroom teaching. The Criminal Justice System changes are direct response to crime and crime statistics.

Objectivity mandates the social scientist will report research findings which are free from personal opinions or points of view. The social scientist will ensure that respective personal opinions do not color research conclusions.

Parsimony keeps reports and documentation as simple as possible. However, the social scientist must be allowed to fully explain the behavior within the testing. A full explanation may require additional documentation and introduction of additional quantifiers or variables.

Empiricism helps the social scientist study behavior through observation and indexing. Empirical indices are void of personal opinions and points of view, which may be attributed to the social scientist. The social researcher can only study the cyber event objectively and without any point of view skewing the collected data. The researcher can make the findings fit the cyber event, because the opinions match the facts gathered.

Ethical Neutrality mandates the importance of ethical standards within a study or research. The social scientist must protect the rights of the study’s participants.

Lastly, Determinism states that behavior is determined by preceding events. Scientists have not fully discounted “Free-will” as contributing factor within human performance. Past events may influence cybercriminals to attempt additional exploits because of a past exploit which was successful. Nonetheless, the cybercriminal has the foresight to weight the consequences and punishment. This may deter the cybercriminal from further unlawful activity.

In closing, social scientists must report findings which have no opinions nor any personal points of view. The report documentation must be simple and clear to understand, with as many as variables being introduced as needed to clarify and quantify study results. Changes within one social system affect other social systems. To reiterate, changes in technology will affect the educational, social, health care and infrastructure systems. With these changes in technology, the social scientist may study cyber criminal activity.

---

We all have motivations which influence and guide our actions. We are motivated to get up and go to work and school every day. We are motivated to learn an instrument, master a new skill, or physically condition our bodies. Our motivations are intrinsic to our goals, hopes and dreams. What are the quantified motivations for someone to commit cybercrime?      

There are 7 motivators for the individual to commit cybercrime. They are as follows: money, multiple reasons, revenge, recognition, political gains, entertainment, and boredom.  The last category I would like to add curiosity to the boredom category. I ordered the motivators in the preceding order. I think that money is the primary motivator for an individual to commit cybercrime. Since intrusion upon the network may not be detected for some time, the motivator for monetary gain is worth the risk of getting caught. The nefarious individual may see the intrusion as little work for a big payout, or there may be considerable work for the payday. The cybercriminal is in charge and in control of the intrusion unless the network administrator deploys deceptive tactics to confuse and deceive the intruder.

The 2^nd stimulus for the cyber offender is multiple reasons. The cybercriminal may have multiple reasons to intrude upon the network. There may be a combination of reasons, including money, revenge and /or recognition. The 1^st 4 motivators, I grouped together because these pertain to the individual. These are personal motivators which drive people to commit offenses.

Revenge is a strong motivator for any action and is 3^rd on the list, behind money and multiple reasons. When an individual seeks revenge, the impetus to carry out the action becomes personal and challenging. The individual seeks revenge because there has been no retribution. The revenge seeking individual justifies their actions based upon perceived offenses and lack of retribution.

Recognition is the 4^th strong motivator for the offending individual. The individual seeks acknowledgement from others to fulfill a need for inclusivity and belonging. Recognition for the cybercriminal grants greater self-esteem and a perceived increase of self-value within the group.

The remaining 3 motivators pertain to the group. The motivators are political, entertainment and boredom. These all are a reflection on the group instead of the individual.  Disturbances, which are political in nature, cause many to be hurt by the offense. I ordered the political motivator as number 5, because there are only a few people who wish to hurt a great many people. Those with a political motivator wish to disrupt society to promote the individual’s agenda.

The 6^th motivator is entertainment. The individual seeks the network theater, and the exploit is the drama. The last motivator is boredom, but I would like to categorize this as curiosity. I am combining entertainment and curiosity into the classifications because both see to fill a void where something is missing. The individual is searching for something. Often, this search leads to mischief, and possibly a few thrills.

In closing, there are many motivators to commit cybercrime of hack into someone’s’ computer. There maybe multiple reasons for individual offenses, but none as great as a monetary motivator.

 

Victim Precipitation Theory is a new concept to me, but I can’t help to draw a connection between individuals who are hurt by guileful people and those who are marginalized within society. I just finished a memoir, written by Ousman Umar, entitled “North to Paradise”. I highly recommend this recently translated book, because Mr. Umar faced so many challenges and setbacks, yet he was successful when there no opportunity for choice nor success. This young man faced treacherous people, who swindled and stole from him, because Mr. Umar had to continue on his journey. There was no going back.  Yes, Mr. Umar was a victim, by choices he had made. He made those choices when there were no other choices offered.

When an individual is categorized as marginal within society, sometimes those individuals need to make tough choices to continue. There are nefarious individuals, who will exploit anyone, not just those who are marginalized. In the Victim Precipitation theory, the social scientist studies how victims’ actions or lack of action precipitated crime. Through this investigation and research, the social scientist begins to understand how the dynamics developed between the victim and perpetrator. We all take risks; some risks can be detrimental to one’s well-being, though For example, as a student attending ODU, one must have multifactor authentication attached to one’s student accounts: email, Blackboard, Word Press, because student email addresses are easily discoverable. However, the MFA or 2FA, the student knows when their respective accounts have been discovered and take the necessary measures to safeguard personal information.