Abstract
The text aims to demonstrate that establishing cybersecurity is not only a technical challenge, but that legal, economic, or organizational aspects also play at least an important role. The provision of cybersecurity raises ethical questions, since cybersecurity can affect moral values such as autonomy, freedom, or privacy. If measurements necessary for the provision of cybersecurity shall be accepted, it is essential to find a balance between the different claims of all stakeholders involved. This aim is achieved through a detailed ethical analysis accompanied by an extensive literature study. As the most important result of this analysis, it becomes obvious that cybersecurity is in competition or even conflict with other values and interests, and that establishing cybersecurity always involves a trade-off. Not only can there be no 100 percent cybersecurity for technical reasons, but if other values and interests are to be considered, this inevitably leads to compromises in cybersecurity.
References
Ahmad, N. (2009). Restrictions on Cryptography in India – A Case Study of Encryption and Privacy. “Computer Law & Security Review”, 25(2). DOI: 10.1016/j.clsr.2009.02.001.
Al Abdulwahid, A., Clarke, N., Stengel, I., Furnell, S., Reich, C. (2015). Security, Privacy and Usability – A Survey of Users’ Perceptions and Attitudes [In:] Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds.), Trust, Privacy and Security in Digital Business. Heidelberg: Springer. DOI: 10.1007/978-3-319-22906-5_12.
Baranchuk, A., Refaat, M. M., Patton, K. K., Chung, M. K., Krishnan, K., Kutyifa, V., Upadhyay, G., Fisher, J. D. and Lakkireddy, D. R. (2018). Cybersecurity for Cardiac Implantable Electronic Devices. “Journal of the American College of Cardiology”, 71(11). DOI: 10.1016/j.jacc.2018.01.023.
Beauchamp, T. L., Childress, J. F. (2019). Principles of Biomedical Ethics. 8th ed. Oxford: Oxford University Press.
Blythe, J. M., Johnson, S. D., Manning, M. (2020). What is Security Worth to Consumers? Investigating Willingness to Pay for Secure Internet of Things Devices. “Crime Science 9(1). DOI: 10.1186/s40163-019-0110-3.
Brito, J., Watkins, T. (2011). Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy. Mercatus Center, Georg Mason University, Working Paper No. 11–24 [Access: 17.10.2021]. Access on the internet: www.mercatus.org/system/files/LovingCyber-Bomb-Brito-Watkins.pdf
Buchanan, B. (2016). Cryptography and Sovereignty. “Survival”, 58(5). DOI: 10.1080/00396338.2016.1231534.
Campbell, M. (1988). Ethics and Computer Security: Cause and Effect. Proceedings of the 1988 ACM Sixteenth Annual Conference on Computer Science – CSC’88. DOI: 10.1145/ 322609.322781.
Cashell, B., Jackson, W. D., Jickling, M., Webel, B. (2004). The Economic Impact of Cyberattacks. CRS Report for Congress [Access: 17.10.2021]. Access on the internet: https://archive.nyu.edu/bitstream/2451/14999/2/Infosec_ISR_Congress.pdf
Chen, T. M., Jarvis, L., Macdonald, S. (eds.) (2014): Cyberterrorism. New York: Springer. DOI: 10.1007/978-1-4939-0962-9.
Chhaya, L., Sharma, P., Kumar, A., Bhagwatikar, G. (2020). Cybersecurity for Smart Grid: Threats, Solutions and Standardization [In:] Bhoi, A. K., Sherpa, K.S., Kalam, A., Chae G.S. (eds.), Advances in Greener Energy Technologies. Singapore: Springer. DOI: 10.1007/978-981-15-4246-6_2.
Christen, M., Gordijn, B., Loi, M. (eds.) (2019). Ethics of Cybersecurity. Cham: Springer.
Christen, M., Gordijn, B., Weber, K., van de Poel, I., Yaghmaei, E. (2017). A Review of ValueConflicts in Cybersecurity. “The ORBIT Journal”, 1(1). DOI: 10.29297/orbit.v1i1.28.
Christensen, K. K., Liebetrau, T. (2019). A New Role for “the Public”? Exploring Cyber Security Controversies in the Case of WannaCry. “Intelligence and National Security:, 34(3). DOI: 10.1080/02684527.2019.1553704.
Connolly, L. Y., Wall, D. S. (2019). The Rise of Crypto-ransomware in a Changing Cybercrime
Landscape: Taxonomising Countermeasures. “Computers & Security”, 87. DOI: 10.1016/j.cose.2019.101568.
Cooper, H. A. (1995). Computer Security, Ethics, and Law. “Journal of Information Ethics”, 4(1).
Coventry, L., Branley, D. (2018). Cybersecurity in Healthcare: A Narrative Review of Trends, Threats and Ways Forward. “Maturitas”, 113. DOI: 10.1016/j.maturitas.2018.04.008.
CSIS – Center for Strategic and International Studies (2018). Economic Impact of Cybercrime – No Slowing Down [Access: 17.10.2021]. Access on the internet: www.mcafee.com/enterprise/en-us/assets/reports/restricted/rp-economic-impact-cybercrime.pdf
Derbyshire, R., Green, B., Hutchison, D. (2021). “Talking a Different Language”: Anticipating Adversary Attack Cost for Cyber Risk Assessment. “Computers & Security”, 103. DOI: 10.1016/j.cose.2020.102163.
Diffie, W., Landau, S. (1998). Privacy on the Line: The Politics of Wiretapping and Encryption. Cambridge, MA: MIT Press.
Dittrich, D., Bailey, M., Dietrich, S. (2011). Building an Active Computer Security Ethics Community. “IEEE Security & Privacy Magazine”, 9(4). DOI: 10.1109/MSP.2010.199.
Domingo-Ferrer, J., Blanco-Justicia, A. (2020). Ethical Value-centric Cybersecurity: A Methodology Based on a Value Graph. “Science and Engineering Ethics”, 26(3). DOI: 10.1007/ s11948-019-00138-8
Dunn Cavelty, M., Egloff, F. J. (2019). The Politics of Cybersecurity: Balancing Different Roles of the State. “St Antony’s International Review”, 15(1).
Ekelund, S., Iskoujina, Z. (2019). Cybersecurity Economics – Balancing Operational Security Spending. “Information Technology & People”, 32(5). DOI: 10.1108/ITP-05-2018-0252.
Gandhi, R., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., Laplante, P. (2011). Dimensions of Cyber-attacks: Cultural, Social, Economic, and Political. “IEEE Technology and Society Magazine”, 30(1). DOI: 10.1109/MTS.2011.940293.
Garfinkel, S, Lipford, H. R. (2014). Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Privacy, and Trust”, 5(2). DOI: 10.2200/ S00594ED1V01Y201408SPT011.
Gross, M. L., Canetti, D., Vashdi, D. R. (2016). The Psychological Effects of Cyber Terrorism. Bulletin of the Atomic Scientists”, 72(5). DOI: 10.1080/00963402.2016.1216502.
Iasiello, E. (2013). Cyber attack: A Dull Tool to Shape Foreign Policy. 5th International Conference on Cyber Conflict (CYCON 2013).
Jarvis, L., Macdonald, S. (2015). What is Cyberterrorism? Findings from a Survey of Researchers. “Terrorism and Political Violence”, 27(4). DOI: 10.1080/09546553.2013. 847827.
Johnson, S. D., Blythe, J. M., Manning, M., Wong, G. T. W. (2020). The Impact of IoT Security Labelling on Consumer Product Choice and Willingness to Pay. “PLOS ONE” 15(1). DOI: 10.1371/journal.pone.0227800.
Kaplan, F. M. (2016). Dark Territory: The Secret History of Cyber War. New York: Simon & Schuster.
Kitchen, K. (2019). A Major Threat to Our Economy – Three Cyber Trends the U.S. Must Address to Protect Itself [Access: 17.10.2021]. Access on the internet: www.heritage.org/cybersecurity/commentary/major-threat-our-economy-three-cyber-trends-the-us-mustaddress-protect
Leiwo, J. and Heikkuri, S. (1998). An Analysis of Ethics as Foundation of Information Security in Distributed Systems. “Proceedings of the Thirty-First Hawaii International Conference on System Sciences”, 6. DOI: 10.1109/HICSS.1998.654776.
Liebetrau, T., Christensen, K. K. (2021). The Ontological Politics of Cyber Security: Emerging Agencies, Actors, Sites and Spaces. “European Journal of International Security”, 6(1). DOI: 10.1017/eis.2020.10
Liff, A. P. (2012). Cyberwar: A New “Absolute Weapon”? The Proliferation of Cyberwarfare Capabilities and Interstate War. “Journal of Strategic Studies”, 35(3). DOI: 10.1080/ 01402390.2012.663252
Loi, M., Christen, M., Kleine, N., Weber, K. (2019). Cybersecurity in Health – Disentangling Value Tensions. “Journal of Information, Communication and Ethics in Society”, 17(2). DOI: 10.1108/JICES-12-2018-0095
Manjikian, M. (2018). Cybersecurity Ethics: An Introduction. New York: Routledge.
Manpearl, E. (2017). Preventing Going Dark: A Sober Analysis and Reasonable Solution to Preserve Security in the Encryption Debate. “University of Florida Journal of Law & Public Policy”, 28.
Mazzolin, R., Samueli, A. M. (2020). A Survey of Contemporary Cyber Security Vulnerabilities and Potential Approaches to Automated Defence. 2020 IEEE International Systems Conference (SysCon), 1–7. DOI: 10.1109/SysCon47679.2020.9275828
McAfee (2020). The Hidden Costs of Cybercrime. [Access: 17.10.2021]. Access on the internet: www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf
Nadir, I., Bakhshi, T. (2018). Contemporary Cybercrime: A Taxonomy of Ransomware Threats & Mitigation Techniques. 2018 International Conference on Computing, Mathematics and Engineering Technologies (ICoMET), 1–7. DOI: 10.1109/ICOMET.2018.8346329.
Odlyzko, A. (2019). Cybersecurity is Not Very Important. “Ubiquity”. DOI: 10.1145/3333611
Pattison, J. (2020). From Defence to Offence: The Ethics of Private Cybersecurity. “European Journal of International Security”, 5(2). DOI: 10.1017/eis.2020.6
Reijers, W., Koidl, K., Lewis, D., Pandit, H. J., Gordijn, B. (2018a). Discussing Ethical Impacts in Research and Innovation: The Ethics Canvas [In:] Kreps, D., Ess, C., Leenen, L., Kimppa, K. (eds.), This Changes Everything – ICT and Climate Change: What Can We Do? Cham: Springer. DOI: 10.1007/978-3-319-99605-9_23.
Reijers, W., Wright, D., Brey, P., Weber, K., Rodrigues, R., O’Sullivan, D., Gordijn, B. (2018b). Methods for Practising Ethics in Research and Innovation: A Literature Review, Critical Analysis and Recommendations. “Science and Engineering Ethics”, 24(5). DOI: 10.1007/s11948-017-9961-8.
Robinson, M., Jones, K., Janicke, H. (2015). Cyber Warfare: Issues and Challenges. “Computers & Security”, 49. DOI: 10.1016/j.cose.2014.11.007.
Schuijff, M. and Dijkstra, A. M. (2020). Practices of Responsible Research and Innovation: A Review. Science and Engineering Ethics 26(2), 533–574. DOI: 10.1007/s11948-019-00167-3.
Szor, P. (2005). The Art of Computer Virus Research and Defense. Hagerstown, MD: Addison-Wesley.
Thorstensen, E. (2019). Stakeholders’ Views on Responsible Assessments of Assistive Technologies through an Ethical HTA Matrix. “Societies”, 9(3). DOI: 10.3390/soc9030051.
Tripathi, M., Mukhopadhyay, A. (2020). Financial Loss Due to a Data Privacy Breach: An Empirical Analysis. “Journal of Organizational Computing and Electronic Commerce”, 30(4). DOI: 10.1080/10919392.2020.1818521.
Ware, W. H. (1967a): Security and Privacy in Computer Systems. RAND Corporation.
Ware, W. H. (1967b): Security and Privacy in Computer Systems. Proceedings of the April 18–20, 1967, Spring Joint Computer Conference – AFIPS’67 (Spring). DOI: 10.1145/1465482.1465523
Weber, K. (forthcoming). Cybersecurity and Ethics. An Uncommon Yet Indispensable Combination of Issues [In:] Kurz, H. D., Schütz, M., Strohmaier, R. and Zilian, S. (eds.), Handbook of Smart Technologies. New York: Routledge.
Weber, K., Kleine, N. (2020). Cybersecurity in Health Care [In:] Christen, M., Gordijn, B. and Loi, M. (eds.), The Ethics of Cybersecurity. Cham: Springer. DOI: 10.1007/978-3-030-29053-5_7.
Westin, A. (1967). Privacy and Freedom. New York: Atheneum.
Wirth, A. (2017). The Economics of Cybersecurity. “Biomedical Instrumentation & Technology”, 51(s6). DOI: 10.2345/0899-8205-51.s6.52.
Woods, M. (2017). Cardiac Defibrillators Need to Have a Bulletproof Vest: The National Security Risk Posed by the Lack of Cybersecurity in Implantable Medical Devices. “Nova Law Review”, 41(3).
Yaghmaei, E., van de Poel, I., Christen, M., Gordijn, B., Kleine, N., Loi, M., Morgan, G., Weber, K. (2017). Canvas White Paper 1 – Cybersecurity and Ethics. DOI: 10.2139/ssrn.3091909.