Individuals victimized by those with the ability to access systems without permission (i.e., criminal hackers) can experience profoundly damaging effects including anxiety, depression and PTSD. --The Psychological Impact of Hacking
Individuals victimized by those with the ability to access systems without permission (i.e., criminal hackers) can experience profoundly damaging effects including anxiety, depression and PTSD. --The Psychological Impact of Hacking
As cybersecurity professionals, we must understand that our job is broader and our impact is more comprehensive than systems of hardware and software. For the people working and interacting with these systems, there is a very real psychological cost to hacking.
"In the worst cases, hacking attacks can cause the victims to suffer from extreme anxiety, depression, and PTSD. There are examples of people losing their jobs, marriages, and even taking their own lives after being hacked.One of the biggest contributing factors to victims’ distress is the feeling of hackers violating them. Some victims have even described the feeling as being similar to that of a sexual attack. Nearly 70% of Victims find themselves unwilling to trust those around them, impacting their personal relationships heavily."-- The Psychological Cost of Hacking, February 2021
View the video, Miss Teen USA Hacking Victim to hear about her hacking experience and the trauma it caused.
Technology is NOT Ethically Neutral
Cybersecurity professionals with the "know how" to break into systems are just as powerful as criminals with this same know how. This is why we have to be sure that we are not using our power to victimize others.
Hardware, software and the connections between them reflect the values that humans ‘bake in’ to them with our design choices, as well as the values which guide our distribution and use of technology.
Cybersecurity is typically understood as the protection of the confidentiality, integrity and availability (CIA) of data and systems. This is true, however, cybersecurity practices primarily protect the integrity, functionality, and reliability of human institutions and practices that depend upon data, systems, and networks to survive and thrive.
It's in the protecting of those institutions and practices that cybersecurity professionals, in turn, are protecting the lives and happiness of the human beings who depend upon them. This means that ethical issues are at the core of cybersecurity practices, because what we do is required to secure and shield the ability of human individuals and groups to live well.
Consider these examples of hypothetical cases that raise ethical issues concerning cybersecurity:
Due to a massive network outage caused by DDoS attacks, the Porters, a Texas farming family, are unable to access critical weather updates, including evacuation orders, during an unusually intense hurricane that is takes an unexpected turn toward their local area. By the time the family turns on their emergency radio and learns of the imminent danger they are in, the local access roads to the highway have become impassable, and they have nowhere to go as the unprecedented floodwaters surround their farmhouse.
Dev and Katia, a pair of talented freelance hackers, identify a previously unknown but easily fixed vulnerability in the current operating system of a particular manufacturer’s mobile phones, which allows the remote injection and execution of malicious code. As they discuss what they should do next—contact the affected the manufacturer via a backchannel, notify a popular tech media news site, or expose the vulnerability on their own cybersecurity blog— Dev and Katia are approached by a friend, who works for the phone manufacturer’s primary competitor. The friend offers them both lucrative jobs, on the condition that they remain silent about the exploit they have found.
In each of these examples, one or more unsuspecting persons’ chances of living a good life is profoundly impacted by what cybersecurity professionals and other actors in the information security space have or have not done—or by what they will or will not do.
It is important to note that even when a cybersecurity practice is legal, it may not be ethical. Unethical or ethically dubious cybersecurity practices can result in significant harm and reputational damage to network users, clients, companies, the public, and cybersecurity professionals themselves.
The MCAE Ethical Decision App
The Markkula Center for Applied Ethics (MCAE) Ethical Decision App is a practical tool and guide for working through ethical decision making, based on the 5 Ethical Approaches:
- Utility,
- Rights,
- Justice,
- Common Good, and
- Virtue.
Review the App Demo and...
- Consider downloading the Markkula Center for Applied Ethics (MCAE) ethical decision-making app.
- Use the app when you encounter ethical dilemmas
- Discuss your analysis and decision with fellow cybersecurity professionals and with trusted people outside the field
- Follow the Internet Ethics program at the Markkula Center for Applied Ethics, on Twitter: @IEthics
For more Cybersecurity stories, information, and fun conversation, Subscribe to my YouTube channel Person-Centered Cyber.
Also, if you create cybersecurity training, want better business outcomes, and better performance at work, come see me on my Everyone Deserves an Ypifany (pronounced "epiphany") Youtube Channel
Want Coaching?
If you would like phone coaching and other coaching opportunities with me, schedule time here
Comments
Post a Comment