10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws “Do not remove a fence until you know the reason why it was put up in the first place.” - G.K. Chesterton In Chapter 3 we defined ethical hacking as behaving ethically at all times, respecting the rights of all citizens, and obeying all applicable laws and legal authorities. In Chapter 5 we learned that understanding ethics, rights, and laws is a vital part of cybersecurity governance. In this chapter we will explore these boundaries of cybersecurity and ethical hacking in more detail. Ethical gray areas occur relatively frequently in cyberspace due to the uniqueness of the domain, its intrinsic attributes (e.g., quasi-anonymity, lack of accountability, social distance from actions, etc.), and the fact it is a new area of human exploration. People who work in cybersecurity need to understand the ethical implications of their actions so that they can confidently and successfully navigate these gray areas. Section 10.1 focuses on the field of ethics and explains how to reason about moral decision making with the goal of providing the necessary clarity to behave ethically at all times. As we have seen, cybersecurity is about protecting and respecting the rights of every individual and organization in cyberspace. Because so much of society and the economy revolves around cyberspace, it is essential that cybersecurity personnel understand what these rights are, where they come from, and exactly what they need to protect. Section 10.2 focuses on the United States Constitution and the rights that it guarantees to every citizen so that cybersecurity workers can respect the rights of all citizens in cyberspace just like they are in physical space. Because the stakes are high, the laws that pertain to cyberspace have become increasingly important. In order to protect themselves from criminal prosecution and possible litiChapter 10
RkJQdWJsaXNoZXIy MTM4ODY=