Cybersecurity, Technology, and Society
Students in IT/CYSE 200T will explore how technology is related to cybersecurity from an interdisciplinary orientation. Attention is given to the way that technologically-driven cybersecurity issues are connected to cultural, political, legal, ethical, and business domains. The learning outcomes for this course are as follows:
- Describe how cyber technology creates opportunities for criminal behavior,
- Identify how cultural beliefs interact with technology to impact cybersecurity strategies,
- Understand and describe how the components, mechanisms, and functions of cyber systems produce security concerns,
- Discuss the impact that cyber technology has on individuals’ experiences with crime and victimization,
- Understand and describe ethical dilemmas, both intended and unintended, that cybersecurity efforts, produce for individuals, nations, societies, and the environment,
- Describe the costs and benefits of producing secure cyber technologies,
- Understand and describe the global nature of cybersecurity and the way that cybersecurity efforts have produced and inhibited global changes,
- Describe the role of cybersecurity in defining definitions of appropriate an inappropriate behavior,
- Describe how cybersecurity produces ideas of progress and modernism.
Course Material
Students in this course have completed a number of activities including an reflection essay, weekly technology and cybersecurity journal, and several quizzes and exams. Please include some of these artifacts on this page, particularly the reflection essay, explaining what you did and how these projects helped you engage with the outcomes listed above.
Be sure to remove this instructional language when you have completed updating content on this page.
Postings
Discussion Board The “Short Arm” of Predictive Knowledge
Hans Jonas’ concept of the “short arm” of predictive knowledge presents serious ethical challenges for contemporary cyber-policy. Before such an idea became part of every discourse today, ethical considerations were confined to immediate and local consequences of actions. However, in today’s digital landscape, even a single line of code or a change in infrastructure policy can bring about unforeseen global and long-term consequences. As our technological capabilities have grown faster than we can anticipate these consequences, adopting a “trial and error” approach to cyber-policy now presents greater risk and potential for “errors” that could be irreversible or pose existential threats. Jonas proposes the solution is in the Heuristics of Fear. The principle suggests that caution should be emphasized over optimism when constructing critical infrastructure. For instance, in building defense systems that leverage artificial intelligence or creating integrated power grids, policymakers should highlight their potential for catastrophic failure rather than the attractiveness of positive outcomes. This is a powerful prophylactic, allowing us to avoid the unknowns of the digital age and minimize the moral dangers that have come with our future technological advancements. This point of departure will compel a new approach to cyber-policy and a greater vigilance in our work keeping abreast of the opportunities for the best and the worst whilst pushing for the right results from innovation. By doing so, we may protect our society against the unforeseen consequences of our technological ambitions.
Journal write-up From Verbeek’s writing (Mod 6, Reading 4) Designing the Public Sphere: Information Technologies and the Politics of Mediation
BLUF: In a technologically mediated society, regulation needs to move away from the top-down state regulation model to a distributed ‘accompaniment’ model that embeds ethical responsibility directly into the design and social use of intelligent systems.
According to Peter-Paul Verbeek’s concept of intelligification, technology has transitioned from being a passive tool to an active mediator of human behavior. And because smart environments and persuasive interfaces now shape both our moral choices and our interactions with others, the state can no longer be the only regulator. Governance needs to shift from “the outside” to “the inside.” What this means is that markets and businesses should be constrained by ethical design imperatives rather than mere reactive legal enforcement in the form of legal fines. Because companies build the digital structures that make the public sphere, they should be mandated to engage in mediation impact assessments to ensure their algorithms prioritize human autonomy over manipulative profit seeking.
Groups and neighborhoods also exert a major regulatory role as state power wanes. These bodies serve as the front lines of promoting social norms and decentralized protocols that define good practices in smart environments. These groups set norms of privacy and interaction that serve as a soft check and balance that cannot easily be enacted through legal regulations. In the meantime, the focus of regulation of individuals must be on protection and empowerment using technological literacy. And instead of having their freedom repressed, people should be given the “right to explanation” so they can understand and resist the small prods of our networked world.
Conclusion
Finally, well-designed regulation in the “intelligified” world demands a reframing of the exercise of technology from technology assessment to technology accompaniment. This approach sees that we cannot step outside of our technological culture and rule it. Instead, by integrating ethical constraints into the design process and encouraging informed participation throughout markets, groups, or even individuals to participate, society can shape the development of technology from its own evolution. This is the way things shall start to work: as the material world becomes smarter, so should the governance structures surrounding it, taking cues to become more adaptive and more people centered
Reference:
Verbeek, P.-P. (2014). Designing the public sphere: Information technologies and the politics of mediation. In L. Floridi (Ed.), The Onlife Manifesto: Being Human in a Hyperconnected Era (pp. 217–227). Springer.
DISCUSSION BOARD: Protecting Availability
In my role as the CISO of a publicly traded company, system availability would be my number one priority as downtime can be economically damaging, damaging their reputation, and can even have legal repercussions from regulators, for example, the U.S. Securities and Exchange Commission. To keep it live, I would put in some critical things to protect and keep it working. For one, I would want redundancy of key systems. Such as with multiple servers, network paths and database clusters, that if one piece can fail, another unit can be deployed to take place. This removes potential single points of failure and guarantees that operations can run effectively. I would also use a geographically distributed infrastructure from cloud vendors like Amazon Web Services, I’d use this for cloud providers because should one data center fail and go down because of disaster, I’m sure that the system can fail over to another location to be working. Another thing I would do is to have regular, automated backups at all times stored both in onsite and offsite storage. Backup ensures that the systems can be restored quickly after something like ransomware, hardware failure, or accidental data loss occurs. But we also need backups and these have to go through checks from time to time for correctness. Third, we need proactive and continuous monitoring and incident response capabilities. These monitoring tools can identify outages or performance issues in real-time, helping the security teams to speed up their response in case of a failure and reduce downtime. And I’d adopt best practices from the National Institute of Standards and Technology for plan building, and then test in developing disaster recovery and incident response plans. All together, these protections help ensure that the systems are reliable, robust, and remain available important in ensuring the business continuity, trust from users, and regulatory compliance.