Cybersecurity Ethics

providing the ciphertext

using a sequence of key bits that loads one by one

loading all the key bits into the locking gates

testing out all combinations

adding encryption engine that implements AES

adding flip-flops (and states to the FSM)

inserting a hardware trojan

adding XOR/XNOR gates

placement of flip-flops

identity theft, blackmail, extortion

locking a computer system

misappropriate electronic funds

misappropriate electronic funds

steal valuable intellectual property

act of god

indemnification

adding countermeasures

extending encryption

protecting intellectual property

securing hardware systems

withhold information from all those affected

consider the cost of cybersecurity within the organization

disclose risks, when known, to those affected

remotely cause damage or destruction

Have we prepared for the worst scenario?

What encryption do we use?

Have we struck a balance and all agree on it?

How do we securely store information?

What are the gray areas in our responses?

What do we do if agencies told us to weaken encryption?

What do we do if we’re told to violate our duty?

How do we monitor our network without intruding on our users?

How do we monitor devices we don’t own but are used in our company?

How to safely store and send over private data?

What do we do if someone tells us to hold off saying that there’s a problem?

Have we struck this balance and all agree on it?

Who is responsible for each aspect of cybersecurity practice?

How to safely store and send over private data?

What do we do if someone tells us to give someone access that we don’t think should have it?

What are the gray areas in our responses?

What do we do if we’re told to violate our duty?

How to contract 3rd parties?

Who is responsible for each aspect of cybersecurity practice?

Have we considered the POV of others besides our own?