BreachExchange mailing list archives
What Star Wars can teach us about cyber ethics
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 11 Jan 2016 17:42:16 -0700
http://www.securityinfowatch.com/article/12157054/what-star-wars-can-teach-us-about-cyber-ethics As media headlines have been dominated by the launch of Star Wars: The Force Awakens and shenanigans (or worse) with voter data by Bernie Sanders political campaign, I pondered the question: what do these recent news stories have in common? Without going into the specific details of what happened (especially in the new movie), a few possible answers include: - We have seen the enemy, and they are us. Or, not all data breaches come from foreign hackers, organized crime or other “outsiders” with malicious intent. - Security controls and even technology training have limitations. Or, Darth Vader (and several other Jedi Knights) were well-trained – but used their skills to go over to the “dark side.” - There are shades of gray that technology professionals face in their daily duties that often get darker if not exposed and corrected early enough. Or, “the road to hell is paved with good intentions.” Ethical Challenges for Security Professionals Oftentimes, security pros quietly think they are above Internet laws, company rules and regulations. As the cyber police, bending a policy may seem acceptable, as long as no one catches you in the process. Sometimes, it may even seem to be required – like the state police needing to speed to catch a car going 100 miles per hour. Beyond cyber war and the good guys having the right tools to catch the bad guys, there can be a tendency to ignore “more mundane” acceptable use directives. That is, security staff can download copyrighted material, view porn at work, look at private information, “borrow” passwords or delete log files to cover their tracks, etc. These acts may almost be viewed as “the spoils of war.” Hackers come across this data once as part of their job, and later they become accustomed to accessing it freely. But actions have consequences. Much like Anakin Skywalker’s turn to the dark side, this is a slippery slope. The reality is that the smarter you are, the more you advance as a cyber security expert, the farther you go as a hacker, the greater your temptation will be. As you learn what the enemy does and how they do what they do (in order to stop them), the new ways to avoid detection, the secrets of the trade and the best ways to build and get around defenses, you will face a series of crossroads. Your ethics, values and beliefs will inevitably be tested. This is similar to a cop who arrests drug lords and finds a stash of cocaine or cash. Should he/she take a bit of the money while no one is looking? It seems so easy, so close and perhaps even innocent. Sadly, I have seen talented security and technology professionals disciplined for inappropriate behavior at home or work such as stealing property, downloading files or distributing child porn. I personally know technically savvy staff members who are in jail, and I must say that I never would have guessed that certain “experts” would turn to the dark side. Additionally, I have read and heard about dozens of such cases. People are blinded to their own deceitfulness. Avoid the Dark Side So what can be done to strengthen the ethical culture in your situation? First, we need to be aware of the problem. Ethics is important, not only my children when on Facebook, but perhaps even more vitally for veteran security and technology professionals who know how to beat the system. No doubt, we are all susceptible to slip and being honest about the challenges and temptations is a good start. Understanding that these situations will arise and discussing appropriate actions with your team is a good initial step. Here are a few other ways to help in this area: Seek advice from respected colleagues regarding practical ethical behavior as a security pro. Find one or more accountability partner(s) who share your professional values. Remember that accountability is for winners, not losers. The best musicians, artists, athletes, and other experts are accountable to teachers or coaches. Everyone who strives to improve needs accountability. Find a trusted mentor who you admire in the industry. Make yourself accountable to this person regarding the direction of your professional career decisions. Practice these seven habits of online integrity. Bottom line, cyber ethics is not just an academic topic or a class you once took to get a computer degree. Cyber ethics are the brakes that enable us to traverse cyberspace safely.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- What Star Wars can teach us about cyber ethics Audrey McNeil (Jan 14)