Cybersecurity Ethics
This course examines ethical issues relevant to ethics for cybersecurity professionals, including privacy, professional code of conduct, practical conflicts between engineering ethics and business practices, individual and corporate social responsibility, ethical hacking, information warfare, and cyberwarfare. Students will gain a broad understanding of central issues in cyberethics and the ways that fundamental ethical theories relate to these core issues.
Course Material
Throughout this course, I have grappled with ethical questions throughout that don’t have any easy answers. Three topics that I have decided to discuss throughout this class are cyberwarfare and its place in just war theory, whistleblowing and loyalty that is involved with the Chelsea Manning case and the ethical obligations of programmers in the Sorour case. These topics have challenged and expanded my overall thinking in regard to cyber ethics. I initially approached these topics with a black and white view but through the work with the readings, codes of ethics and tools of moral reasoning, my perspective has become more nuanced. These topics showed me that ethics in the digital world often involve conflicting values and that acting for the right reasons sometimes means standing against the expectations of one’s role or employers.
At the beginning of this term, I viewed cyberwarfare as something fundamentally different from traditional war with less violence, more abstract and not subject to the same moral frameworks. As I went through the course readings from Taddeo and Boylan and examined real world cyberattacks through a deeper lens, I began to realize that these digital actions more often have very real and physical consequences. Shutting down hospital systems, interfering with elections or paralyzing critical infrastructure are not just harmful hacks, they can also destabilize governments and endanger lives. The application of just war theory to cyberwarfare changed my thinking. It became clear that cyberattacks can violate principles of proportionality and discrimination just as easily as conventional weapons can. Even if a war itself is just using indiscriminate or disproportionate cyber tactics can make certain actions within that war unethical. My perspective evolved from thinking of cyberwarfare as a legal or strategic issue to understanding it as a deeply moral one. My takeaway from this topic is that digital actions carry real world consequences and ethical standards must adapt and remain robust in the face of technological change.
Another topic that changed how I think about ethics was the case of Chelsea Manning. Early on, I saw the question in terms of the duty of betrayal: if you take an oath or hold a position of trust, violating that trust by leaking classified information must be wrong? I then engaged more deeply with ethics of care and other moral frameworks that prioritize relationships, empathy and conscience. Manning’s decision was not made lightly; it reflected an ethical conflict between institutional loyalty and loyalty to the broader human values. She believed that the public had a right to know about the acts of violence being committed in their name. From the perspective of care ethics, her whistleblowing can be understood as an act of moral attention to the suffering of others and the refusal to stay silent in the face of injustice. Rather than seeing her as simply disloyal or as a criminal, I began to see her as someone who made a deeply moral and costly choice in service of higher ethical principles. My takeaway from this topic is that loyalty should not mean silence in the face of wrongdoing but sometimes the ethical path is dissent.
My third topic is the case of Sourour and the pharmaceutical quiz software brought ethical responsibility down to the level of the individual professional decisions. Before this topic, I didn’t fully consider how much responsibility a programmer has for how their code is used. I mostly just knew he was just doing his job or that he didn’t come up with the questions, just the logic behind it. When I examined the ACM code of ethics and Armstrong’s arguments about professional trust, I came to see the situation in a different light. Writing code that presents biased medical advice, especially without disclosing the client’s motives in turn places people at risk. Sourour’s code shaped what users saw and in turn shaped their overall health decisions. From an ethical standpoint, this was not a neutral act of coding but was a participation in deception and potential harm. Armstrong’s view on professions being a relationship of special trust stuck with me. As programmers, engineers or IT professionals, we don’t just deliver products but bear responsibility for the consequences. My takeaway from this topic is that technical work is never ethically neutral but being a professional means being accountable for how your work affects others.
This course helped me approach ethics not as a checklist but as a continuous practice of reflection, evaluation and courage. In each topic, I began with assumptions that were challenged by deeper analysis. I have learned to ask better questions, to look beyond formal roles or intentions and to evaluate actions by their impacts and the values they uphold. Going forward, I want to carry these lessons with me, especially in the IT and cybersecurity work I plan to pursue. Technology moves fast and the decisions we make can have wide reaching consequences. Whether it’s evaluating the ethics of cyber operations or the implications of disclosing sensitive information, I now see ethical thinking as a crucial part of responsible professional practice.