Christen, Markus.
The Ethics of Cybersecurity. - 1st ed. - 1 online resource (388 pages) - The International Library of Ethics, Law and Technology Series ; v.21 . - The International Library of Ethics, Law and Technology Series .
The Ethics of Cybersecurity -- Acronyms and Abbreviations -- Contents -- List of Figures -- List of Tables -- About the Contributors -- Chapter 1: Introduction -- 1.1 Explaining the Foundations -- 1.2 Outlining the Problems -- 1.3 Presenting Recommendations -- References -- Part I: Foundations -- Chapter 2: Basic Concepts and Models of Cybersecurity -- 2.1 Introduction -- 2.2 Threats -- 2.2.1 Information Security -- 2.2.2 Systems Security -- 2.2.3 Security Versus Safety -- 2.2.4 Security as Risk Management -- 2.3 Approaches for Attack and Defence -- 2.3.1 Attackers and Their Motives -- 2.3.2 Defences -- 2.3.3 Stages of an Intrusion -- 2.4 Threats and Solutions in Data Security -- 2.4.1 Unauthorised Disclosure of Information -- 2.4.2 Unauthorised Modification and Fabrication -- 2.4.3 The Benefits of Asymmetric Cryptography -- 2.4.4 Case Study: Secure HTTP -- 2.5 Malware Threats and Solutions -- 2.5.1 Propagation and Delivery -- 2.5.2 Payloads -- 2.5.3 Countermeasures -- 2.6 Threats and Solutions in Software Security -- 2.6.1 Case Study: Buffer Overflows -- 2.6.2 Case Study: SQL Injections -- 2.6.3 Finding and Handling Vulnerabilities -- 2.7 Threats and Solutions in Network Security -- 2.7.1 Case Study: Reconnaissance -- 2.7.2 Case Study: Perimeter Security Via Firewalls -- 2.7.3 Case Study: Denial of Service Attacks -- 2.7.4 Case Study: Network Intrusion Detection Systems -- 2.8 Continuous Testing -- 2.9 Conclusion -- References -- Chapter 3: Core Values and Value Conflicts in Cybersecurity: Beyond Privacy Versus Security -- 3.1 Introduction -- 3.2 Values and Value Clusters -- 3.2.1 What Are Values? -- 3.2.2 Value Clusters -- 3.3 Value Clusters in Cybersecurity -- 3.3.1 Security -- 3.3.2 Privacy -- 3.3.3 Fairness -- 3.3.4 Accountability -- 3.4 Value Conflicts in Cybersecurity -- 3.4.1 What Are Value Conflicts?. 3.4.2 Value Conflicts in Cybersecurity -- 3.4.2.1 Privacy Versus Security -- 3.4.2.2 Privacy Versus Fairness -- 3.4.2.3 Privacy Versus Accountability -- 3.4.2.4 Security Versus Accountability -- 3.4.2.5 Security Versus Fairness (and Democracy) -- 3.5 Conclusions: Beyond Security Versus Privacy -- References -- Chapter 4: Ethical Frameworks for Cybersecurity -- 4.1 Introduction -- 4.2 Principlism -- 4.3 Human Rights -- 4.4 From Principlism and Human Rights to the Ethics of Risk -- 4.5 Cybersecurity and the Ethics of Risk -- 4.5.1 Expected Utility Maximisation -- 4.5.2 The Maximin Rule -- 4.5.3 Deontological and Rights-Based Theories -- 4.5.4 Contractualism and Risk -- 4.6 Contextual Integrity -- 4.7 Conclusions -- References -- Chapter 5: Cybersecurity Regulation in the European Union: The Digital, the Critical and Fundamental Rights -- 5.1 Formulating Cybersecurity as a Policy Area and Its Objectives -- 5.2 A Virtuous But Vicious Circle of Regulation: From Cybersecurity Law to Policy and Vice Versa -- 5.3 Conceptualising Cybersecurity as a Policy Area Through Piecemeal Legislation and Policy -- 5.4 Principle of Conferral Limits the Scope of Cybersecurity -- 5.5 Remaining Challenges to an Effective Cybersecurity Legal Framework -- 5.5.1 Choice of Appropriate Regulatory Measures -- 5.5.2 Targeting the Right Addressees -- 5.5.3 The Long-Awaited Recast of Product Liability Directive, Pending -- 5.6 A Pressing Need to (Cyber)Secure EU Values and Interests -- 5.7 Concluding Remarks -- References -- Part II: Problems -- Chapter 6: A Care-Based Stakeholder Approach to Ethics of Cybersecurity in Business -- 6.1 Introduction -- 6.2 Ethical Issues in Cybersecurity -- 6.3 Gaps in the Literature on Ethics and Cybersecurity -- 6.4 Care-Based Stakeholder Theory -- 6.5 Ransomware Attacks -- 6.6 The Stakeholders and Their Interests -- 6.6.1 Shareholders. 6.6.2 Employees -- 6.6.3 The Local Community -- 6.6.4 Customers -- 6.6.5 Suppliers -- 6.6.6 Competitors -- 6.6.7 Hackers -- 6.6.8 General Public -- 6.7 Conflicts of Interests Between the Stakeholders -- 6.7.1 Grey Hats' Interests Versus the Other Named Stakeholders' Interests -- 6.7.2 Black Hats Interests Versus the Other Named Stakeholders' Interests -- 6.8 Responsibilities of Business -- References -- Chapter 7: Cybersecurity in Health Care -- 7.1 Introduction: The Value of Health -- 7.2 Principles, Moral Values and Technical Aims -- 7.2.1 Principlism as a Starting Point of Ethical Analysis -- 7.2.2 Technical Aims Mapping to Ethical Principles -- 7.2.3 Other Moral Values -- 7.3 Case Studies -- 7.3.1 Cardiac Pacemakers and Other Implantable Medical Devices -- 7.3.1.1 Brief Description of the Case -- 7.3.1.2 Conflicting Ethical Values -- 7.3.2 Electronic Health Card (eHC) in Germany and Elsewhere -- 7.3.2.1 Brief Description of the Case -- 7.3.2.2 Conflicting Ethical Values -- 7.3.3 Cybersecurity and Ethics in Health: A Tentative Summing-Up -- 7.4 Conclusion -- References -- Chapter 8: Cybersecurity of Critical Infrastructure -- 8.1 Introduction -- 8.2 Review of the Literature on Cybersecurity in the National Security Domain -- 8.2.1 Ethical Issues That Emerged in the Literature -- 8.2.2 Value Conflicts Identified in the Literature -- 8.2.3 The Gap in the Literature -- 8.3 Cybersecurity of Critical Infrastructure -- 8.3.1 Cybersecurity of Industrial Control Systems -- 8.3.2 AI and Cybersecurity of Critical Infrastructure -- 8.3.3 Value Conflicts in the Use of AI in Cybersecurity in the National Security Domain -- 8.4 Case Studies of Cybersecurity in the National Security Domain -- 8.4.1 Iranian Attack to the US Power Grid System (Counter-Measure to Stuxnet) -- 8.4.2 Hacking of Citizens' Telephone with Exodus -- 8.4.3 'Biased' Face Recognition Systems. 8.4.4 Government Buying Zero-Day Exploits -- 8.5 Conclusion -- References -- Chapter 9: Ethical and Unethical Hacking -- 9.1 Introduction -- 9.2 What Actually Is a 'Hacker'? -- 9.2.1 Hackers in the Early Days -- 9.2.2 Hackers in the 2000s -- 9.2.3 Modern Hackers -- 9.2.4 Today's Hackers -- 9.3 Towards a More Systematic Hackers' Classification -- 9.3.1 A First Taxonomy -- 9.3.2 A Second Taxonomy -- 9.3.3 Ethical Hacking -- 9.4 Is 'Ethical Hacking' Ethical? -- 9.4.1 Inethical, Unethical and Ethical Hacking -- 9.4.2 Competing Ethical Values -- 9.4.3 A Pragmatic Best Practice Approach -- 9.5 Conclusion -- References -- Chapter 10: Cybersecurity and the State -- 10.1 Introduction -- 10.2 Cybersecurity Strategies at the European Union Level -- 10.3 Cybersecurity Strategies at the National Level -- 10.4 The EU Data Protection Framework Addressing Cybersecurity -- 10.5 Tensions Between Cybersecurity and Data Protection -- 10.6 Recommended Realignment and Solution Approaches -- References -- Chapter 11: Freedom of Political Communication, Propaganda and the Role of Epistemic Institutions in Cyberspace -- 11.1 Introduction -- 11.2 Fake News, Hate Speech and Propaganda -- 11.3 Freedom of Communication, Truth and Liberal Democracy -- 11.4 Epistemic Institutions, Market-Based Social Media Platforms and Combating Propaganda -- 11.5 Conclusion -- References -- Chapter 12: Cybersecurity and Cyber Warfare: The Ethical Paradox of 'Universal Diffidence' -- 12.1 Introduction -- 12.2 Ethics and Individuals in the Cyber Domain -- 12.3 Ethics and Inter-State Relations in the Cyber Domain -- 12.4 Privacy, Vulnerability and the 'Internet of Things' -- 12.5 Our Own Worst Enemy -- References -- Chapter 13: Cyber Peace: And How It Can Be Achieved -- 13.1 Cyber Conflicts of Today -- 13.2 Cyber Peace -- 13.2.1 Current State of Cyber Peace. 13.2.2 How to Achieve a State of Stable Cyber Peace -- 13.3 Security and Resilience -- 13.4 Trust and Confidence -- 13.5 Roles and Responsibilities -- 13.5.1 Policy Makers -- 13.5.2 The Society -- 13.5.3 The Private Sector -- 13.5.4 The Individual -- 13.6 Conclusion -- References -- Part III: Recommendations -- Chapter 14: Privacy-Preserving Technologies -- 14.1 Introduction -- 14.1.1 Design Strategies -- 14.2 Identity, Authentication and Anonymity -- 14.2.1 Digital Signatures -- 14.2.1.1 Blind Signatures -- 14.2.1.2 Group Signatures -- 14.2.1.3 Identity-Based Signatures -- 14.2.1.4 Attribute-Based Signatures -- 14.2.2 Zero-Knowledge Proofs -- 14.2.3 Implicit Authentication -- 14.3 Private Communications -- 14.3.1 End-to-End Encryption -- 14.3.2 Anonymous Channels -- 14.4 Privacy-Preserving Computations -- 14.4.1 (Partially) Homomorphic Encryption -- 14.4.2 Multiparty Computation -- 14.5 Privacy in Databases -- 14.5.1 Respondent Privacy: Statistical Disclosure Control -- 14.5.2 Non-perturbative Masking -- 14.5.3 Perturbative Masking -- 14.5.4 Synthetic Microdata Generation -- 14.5.5 Privacy Models -- 14.5.5.1 k-Anonymity and Extensions -- 14.5.5.2 Differential Privacy -- 14.5.5.3 Permutation Model for Anonymisation -- 14.5.6 Redaction and Sanitisation of Documents -- 14.5.7 Data Stream Anonymisation -- 14.5.8 Owner Privacy: Privacy-Preserving Data Mining -- 14.5.9 User Privacy: Private Information Retrieval -- 14.6 Discrimination Prevention in Data Mining -- References -- Chapter 15: Best Practices and Recommendations for Cybersecurity Service Providers -- 15.1 Introduction: Dilemmas of Cybersecurity Service Providers -- 15.1.1 Example: Dealing with Governmental Malware -- 15.1.2 Dilemmas of Cybersecurity Service Providers -- 15.2 Domains for Policy Implementations -- 15.2.1 Customer Data Handling -- 15.2.2 Information About Breaches. 15.2.3 Threat Intelligence Activities.
9783030290535
Electronic books.
BJ59
The Ethics of Cybersecurity. - 1st ed. - 1 online resource (388 pages) - The International Library of Ethics, Law and Technology Series ; v.21 . - The International Library of Ethics, Law and Technology Series .
The Ethics of Cybersecurity -- Acronyms and Abbreviations -- Contents -- List of Figures -- List of Tables -- About the Contributors -- Chapter 1: Introduction -- 1.1 Explaining the Foundations -- 1.2 Outlining the Problems -- 1.3 Presenting Recommendations -- References -- Part I: Foundations -- Chapter 2: Basic Concepts and Models of Cybersecurity -- 2.1 Introduction -- 2.2 Threats -- 2.2.1 Information Security -- 2.2.2 Systems Security -- 2.2.3 Security Versus Safety -- 2.2.4 Security as Risk Management -- 2.3 Approaches for Attack and Defence -- 2.3.1 Attackers and Their Motives -- 2.3.2 Defences -- 2.3.3 Stages of an Intrusion -- 2.4 Threats and Solutions in Data Security -- 2.4.1 Unauthorised Disclosure of Information -- 2.4.2 Unauthorised Modification and Fabrication -- 2.4.3 The Benefits of Asymmetric Cryptography -- 2.4.4 Case Study: Secure HTTP -- 2.5 Malware Threats and Solutions -- 2.5.1 Propagation and Delivery -- 2.5.2 Payloads -- 2.5.3 Countermeasures -- 2.6 Threats and Solutions in Software Security -- 2.6.1 Case Study: Buffer Overflows -- 2.6.2 Case Study: SQL Injections -- 2.6.3 Finding and Handling Vulnerabilities -- 2.7 Threats and Solutions in Network Security -- 2.7.1 Case Study: Reconnaissance -- 2.7.2 Case Study: Perimeter Security Via Firewalls -- 2.7.3 Case Study: Denial of Service Attacks -- 2.7.4 Case Study: Network Intrusion Detection Systems -- 2.8 Continuous Testing -- 2.9 Conclusion -- References -- Chapter 3: Core Values and Value Conflicts in Cybersecurity: Beyond Privacy Versus Security -- 3.1 Introduction -- 3.2 Values and Value Clusters -- 3.2.1 What Are Values? -- 3.2.2 Value Clusters -- 3.3 Value Clusters in Cybersecurity -- 3.3.1 Security -- 3.3.2 Privacy -- 3.3.3 Fairness -- 3.3.4 Accountability -- 3.4 Value Conflicts in Cybersecurity -- 3.4.1 What Are Value Conflicts?. 3.4.2 Value Conflicts in Cybersecurity -- 3.4.2.1 Privacy Versus Security -- 3.4.2.2 Privacy Versus Fairness -- 3.4.2.3 Privacy Versus Accountability -- 3.4.2.4 Security Versus Accountability -- 3.4.2.5 Security Versus Fairness (and Democracy) -- 3.5 Conclusions: Beyond Security Versus Privacy -- References -- Chapter 4: Ethical Frameworks for Cybersecurity -- 4.1 Introduction -- 4.2 Principlism -- 4.3 Human Rights -- 4.4 From Principlism and Human Rights to the Ethics of Risk -- 4.5 Cybersecurity and the Ethics of Risk -- 4.5.1 Expected Utility Maximisation -- 4.5.2 The Maximin Rule -- 4.5.3 Deontological and Rights-Based Theories -- 4.5.4 Contractualism and Risk -- 4.6 Contextual Integrity -- 4.7 Conclusions -- References -- Chapter 5: Cybersecurity Regulation in the European Union: The Digital, the Critical and Fundamental Rights -- 5.1 Formulating Cybersecurity as a Policy Area and Its Objectives -- 5.2 A Virtuous But Vicious Circle of Regulation: From Cybersecurity Law to Policy and Vice Versa -- 5.3 Conceptualising Cybersecurity as a Policy Area Through Piecemeal Legislation and Policy -- 5.4 Principle of Conferral Limits the Scope of Cybersecurity -- 5.5 Remaining Challenges to an Effective Cybersecurity Legal Framework -- 5.5.1 Choice of Appropriate Regulatory Measures -- 5.5.2 Targeting the Right Addressees -- 5.5.3 The Long-Awaited Recast of Product Liability Directive, Pending -- 5.6 A Pressing Need to (Cyber)Secure EU Values and Interests -- 5.7 Concluding Remarks -- References -- Part II: Problems -- Chapter 6: A Care-Based Stakeholder Approach to Ethics of Cybersecurity in Business -- 6.1 Introduction -- 6.2 Ethical Issues in Cybersecurity -- 6.3 Gaps in the Literature on Ethics and Cybersecurity -- 6.4 Care-Based Stakeholder Theory -- 6.5 Ransomware Attacks -- 6.6 The Stakeholders and Their Interests -- 6.6.1 Shareholders. 6.6.2 Employees -- 6.6.3 The Local Community -- 6.6.4 Customers -- 6.6.5 Suppliers -- 6.6.6 Competitors -- 6.6.7 Hackers -- 6.6.8 General Public -- 6.7 Conflicts of Interests Between the Stakeholders -- 6.7.1 Grey Hats' Interests Versus the Other Named Stakeholders' Interests -- 6.7.2 Black Hats Interests Versus the Other Named Stakeholders' Interests -- 6.8 Responsibilities of Business -- References -- Chapter 7: Cybersecurity in Health Care -- 7.1 Introduction: The Value of Health -- 7.2 Principles, Moral Values and Technical Aims -- 7.2.1 Principlism as a Starting Point of Ethical Analysis -- 7.2.2 Technical Aims Mapping to Ethical Principles -- 7.2.3 Other Moral Values -- 7.3 Case Studies -- 7.3.1 Cardiac Pacemakers and Other Implantable Medical Devices -- 7.3.1.1 Brief Description of the Case -- 7.3.1.2 Conflicting Ethical Values -- 7.3.2 Electronic Health Card (eHC) in Germany and Elsewhere -- 7.3.2.1 Brief Description of the Case -- 7.3.2.2 Conflicting Ethical Values -- 7.3.3 Cybersecurity and Ethics in Health: A Tentative Summing-Up -- 7.4 Conclusion -- References -- Chapter 8: Cybersecurity of Critical Infrastructure -- 8.1 Introduction -- 8.2 Review of the Literature on Cybersecurity in the National Security Domain -- 8.2.1 Ethical Issues That Emerged in the Literature -- 8.2.2 Value Conflicts Identified in the Literature -- 8.2.3 The Gap in the Literature -- 8.3 Cybersecurity of Critical Infrastructure -- 8.3.1 Cybersecurity of Industrial Control Systems -- 8.3.2 AI and Cybersecurity of Critical Infrastructure -- 8.3.3 Value Conflicts in the Use of AI in Cybersecurity in the National Security Domain -- 8.4 Case Studies of Cybersecurity in the National Security Domain -- 8.4.1 Iranian Attack to the US Power Grid System (Counter-Measure to Stuxnet) -- 8.4.2 Hacking of Citizens' Telephone with Exodus -- 8.4.3 'Biased' Face Recognition Systems. 8.4.4 Government Buying Zero-Day Exploits -- 8.5 Conclusion -- References -- Chapter 9: Ethical and Unethical Hacking -- 9.1 Introduction -- 9.2 What Actually Is a 'Hacker'? -- 9.2.1 Hackers in the Early Days -- 9.2.2 Hackers in the 2000s -- 9.2.3 Modern Hackers -- 9.2.4 Today's Hackers -- 9.3 Towards a More Systematic Hackers' Classification -- 9.3.1 A First Taxonomy -- 9.3.2 A Second Taxonomy -- 9.3.3 Ethical Hacking -- 9.4 Is 'Ethical Hacking' Ethical? -- 9.4.1 Inethical, Unethical and Ethical Hacking -- 9.4.2 Competing Ethical Values -- 9.4.3 A Pragmatic Best Practice Approach -- 9.5 Conclusion -- References -- Chapter 10: Cybersecurity and the State -- 10.1 Introduction -- 10.2 Cybersecurity Strategies at the European Union Level -- 10.3 Cybersecurity Strategies at the National Level -- 10.4 The EU Data Protection Framework Addressing Cybersecurity -- 10.5 Tensions Between Cybersecurity and Data Protection -- 10.6 Recommended Realignment and Solution Approaches -- References -- Chapter 11: Freedom of Political Communication, Propaganda and the Role of Epistemic Institutions in Cyberspace -- 11.1 Introduction -- 11.2 Fake News, Hate Speech and Propaganda -- 11.3 Freedom of Communication, Truth and Liberal Democracy -- 11.4 Epistemic Institutions, Market-Based Social Media Platforms and Combating Propaganda -- 11.5 Conclusion -- References -- Chapter 12: Cybersecurity and Cyber Warfare: The Ethical Paradox of 'Universal Diffidence' -- 12.1 Introduction -- 12.2 Ethics and Individuals in the Cyber Domain -- 12.3 Ethics and Inter-State Relations in the Cyber Domain -- 12.4 Privacy, Vulnerability and the 'Internet of Things' -- 12.5 Our Own Worst Enemy -- References -- Chapter 13: Cyber Peace: And How It Can Be Achieved -- 13.1 Cyber Conflicts of Today -- 13.2 Cyber Peace -- 13.2.1 Current State of Cyber Peace. 13.2.2 How to Achieve a State of Stable Cyber Peace -- 13.3 Security and Resilience -- 13.4 Trust and Confidence -- 13.5 Roles and Responsibilities -- 13.5.1 Policy Makers -- 13.5.2 The Society -- 13.5.3 The Private Sector -- 13.5.4 The Individual -- 13.6 Conclusion -- References -- Part III: Recommendations -- Chapter 14: Privacy-Preserving Technologies -- 14.1 Introduction -- 14.1.1 Design Strategies -- 14.2 Identity, Authentication and Anonymity -- 14.2.1 Digital Signatures -- 14.2.1.1 Blind Signatures -- 14.2.1.2 Group Signatures -- 14.2.1.3 Identity-Based Signatures -- 14.2.1.4 Attribute-Based Signatures -- 14.2.2 Zero-Knowledge Proofs -- 14.2.3 Implicit Authentication -- 14.3 Private Communications -- 14.3.1 End-to-End Encryption -- 14.3.2 Anonymous Channels -- 14.4 Privacy-Preserving Computations -- 14.4.1 (Partially) Homomorphic Encryption -- 14.4.2 Multiparty Computation -- 14.5 Privacy in Databases -- 14.5.1 Respondent Privacy: Statistical Disclosure Control -- 14.5.2 Non-perturbative Masking -- 14.5.3 Perturbative Masking -- 14.5.4 Synthetic Microdata Generation -- 14.5.5 Privacy Models -- 14.5.5.1 k-Anonymity and Extensions -- 14.5.5.2 Differential Privacy -- 14.5.5.3 Permutation Model for Anonymisation -- 14.5.6 Redaction and Sanitisation of Documents -- 14.5.7 Data Stream Anonymisation -- 14.5.8 Owner Privacy: Privacy-Preserving Data Mining -- 14.5.9 User Privacy: Private Information Retrieval -- 14.6 Discrimination Prevention in Data Mining -- References -- Chapter 15: Best Practices and Recommendations for Cybersecurity Service Providers -- 15.1 Introduction: Dilemmas of Cybersecurity Service Providers -- 15.1.1 Example: Dealing with Governmental Malware -- 15.1.2 Dilemmas of Cybersecurity Service Providers -- 15.2 Domains for Policy Implementations -- 15.2.1 Customer Data Handling -- 15.2.2 Information About Breaches. 15.2.3 Threat Intelligence Activities.
9783030290535
Electronic books.
BJ59