Published on October 4th, 2019 📆 | 6138 Views ⚑
0#VB2019: Time For an Ethical Debate on Cyber Moral Decisions
Morals and ethics should be considered when it comes to making decisions in cybersecurity.
Speaking at the Virus Bulletin 2019 conference in London, Ivan Kwiatkowski, security researcher at Kaspersky Lab, said that there are not a lot of discussions on ethics in cybersecurity, as the concept of white hat versus black hat is âthe wrong way to think about thingsâ as even the subject of ethical hacking rarely covers the issue of ethics.
Saying he was talking to people âwho were thinking of doing something terrible but had not stopped to think about it yet,â he said that this a young industry and we had not developed a moral compass yet, and it is not an issue of maturity or diversity, but people rely on their personal intuition on the decisions that they face.
âNobody wants someone to tell them right from wrongâ he added, but he urged people to realize that âknowledge is power and if you control what people know about something, you can convince people.
âInfosec is about controlling what access people have to certain information.â He said that there are ethical dilemmas that people may face. such as:
- A legitimate hacking problem â that intelligence agencies and military attack organizations, and some nations set up a âsurveillance apparatus which can be invaluable in preventing terrorism,â whilst others rely on âhacking backâ, and some people carry the term of hacktivist and feel justified in hacking something or someone
- Vulnerability handling â when we find a vulnerability, Kwiatkowski said that we still need to reach an agreement on how to handle vulnerabilities. Some companies specialize in selling hacking tools and exploits, and swear that they only do business with governments with a good track record of democracy and human rights. However, he argued: âIn some cases, there have been suspect decisions in that regardâ
In the case of exploits being sold on the offensive market, he asked if it is a legal or moral issue, as moral decisions change over time. âAll cultures may disagree on what morals are, we all have a moral code and maybe those questions are unsolvable and unescapable.â
He went on to say that we âowe it to ourselvesâ to determine what constitutes ethical behavior and what does not. Concluding, he recommended âallocating more attention to ethicsâ and said that it was time we adopted a global code of conduct too, and cited the EFF as being able to push that standard.
He also called on conference organizers to consider this, and to concentrate less on celebrities âespecially those celebrities whose success may be traced back to suspicious behaviorâ and instead, he recommended conference organizers to invite philosophers and âvictims of cyber-abuse to tell their storiesâ to let us know our shortcomings.
Gloss