The Ethics of Cybersecurity.
Saved in:
| Superior document: | The International Library of Ethics, Law and Technology Series ; v.21 |
|---|---|
| : | |
| TeilnehmendeR: | |
| Place / Publishing House: | Cham : : Springer International Publishing AG,, 2020. ©2020. |
| Year of Publication: | 2020 |
| Edition: | 1st ed. |
| Language: | English |
| Series: | The International Library of Ethics, Law and Technology Series
|
| Online Access: | |
| Physical Description: | 1 online resource (388 pages) |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Table of Contents:
- The Ethics of Cybersecurity
- Acronyms and Abbreviations
- Contents
- List of Figures
- List of Tables
- About the Contributors
- Chapter 1: Introduction
- 1.1 Explaining the Foundations
- 1.2 Outlining the Problems
- 1.3 Presenting Recommendations
- References
- Part I: Foundations
- Chapter 2: Basic Concepts and Models of Cybersecurity
- 2.1 Introduction
- 2.2 Threats
- 2.2.1 Information Security
- 2.2.2 Systems Security
- 2.2.3 Security Versus Safety
- 2.2.4 Security as Risk Management
- 2.3 Approaches for Attack and Defence
- 2.3.1 Attackers and Their Motives
- 2.3.2 Defences
- 2.3.3 Stages of an Intrusion
- 2.4 Threats and Solutions in Data Security
- 2.4.1 Unauthorised Disclosure of Information
- 2.4.2 Unauthorised Modification and Fabrication
- 2.4.3 The Benefits of Asymmetric Cryptography
- 2.4.4 Case Study: Secure HTTP
- 2.5 Malware Threats and Solutions
- 2.5.1 Propagation and Delivery
- 2.5.2 Payloads
- 2.5.3 Countermeasures
- 2.6 Threats and Solutions in Software Security
- 2.6.1 Case Study: Buffer Overflows
- 2.6.2 Case Study: SQL Injections
- 2.6.3 Finding and Handling Vulnerabilities
- 2.7 Threats and Solutions in Network Security
- 2.7.1 Case Study: Reconnaissance
- 2.7.2 Case Study: Perimeter Security Via Firewalls
- 2.7.3 Case Study: Denial of Service Attacks
- 2.7.4 Case Study: Network Intrusion Detection Systems
- 2.8 Continuous Testing
- 2.9 Conclusion
- References
- Chapter 3: Core Values and Value Conflicts in Cybersecurity: Beyond Privacy Versus Security
- 3.1 Introduction
- 3.2 Values and Value Clusters
- 3.2.1 What Are Values?
- 3.2.2 Value Clusters
- 3.3 Value Clusters in Cybersecurity
- 3.3.1 Security
- 3.3.2 Privacy
- 3.3.3 Fairness
- 3.3.4 Accountability
- 3.4 Value Conflicts in Cybersecurity
- 3.4.1 What Are Value Conflicts?.
- 3.4.2 Value Conflicts in Cybersecurity
- 3.4.2.1 Privacy Versus Security
- 3.4.2.2 Privacy Versus Fairness
- 3.4.2.3 Privacy Versus Accountability
- 3.4.2.4 Security Versus Accountability
- 3.4.2.5 Security Versus Fairness (and Democracy)
- 3.5 Conclusions: Beyond Security Versus Privacy
- References
- Chapter 4: Ethical Frameworks for Cybersecurity
- 4.1 Introduction
- 4.2 Principlism
- 4.3 Human Rights
- 4.4 From Principlism and Human Rights to the Ethics of Risk
- 4.5 Cybersecurity and the Ethics of Risk
- 4.5.1 Expected Utility Maximisation
- 4.5.2 The Maximin Rule
- 4.5.3 Deontological and Rights-Based Theories
- 4.5.4 Contractualism and Risk
- 4.6 Contextual Integrity
- 4.7 Conclusions
- References
- Chapter 5: Cybersecurity Regulation in the European Union: The Digital, the Critical and Fundamental Rights
- 5.1 Formulating Cybersecurity as a Policy Area and Its Objectives
- 5.2 A Virtuous But Vicious Circle of Regulation: From Cybersecurity Law to Policy and Vice Versa
- 5.3 Conceptualising Cybersecurity as a Policy Area Through Piecemeal Legislation and Policy
- 5.4 Principle of Conferral Limits the Scope of Cybersecurity
- 5.5 Remaining Challenges to an Effective Cybersecurity Legal Framework
- 5.5.1 Choice of Appropriate Regulatory Measures
- 5.5.2 Targeting the Right Addressees
- 5.5.3 The Long-Awaited Recast of Product Liability Directive, Pending
- 5.6 A Pressing Need to (Cyber)Secure EU Values and Interests
- 5.7 Concluding Remarks
- References
- Part II: Problems
- Chapter 6: A Care-Based Stakeholder Approach to Ethics of Cybersecurity in Business
- 6.1 Introduction
- 6.2 Ethical Issues in Cybersecurity
- 6.3 Gaps in the Literature on Ethics and Cybersecurity
- 6.4 Care-Based Stakeholder Theory
- 6.5 Ransomware Attacks
- 6.6 The Stakeholders and Their Interests
- 6.6.1 Shareholders.
- 6.6.2 Employees
- 6.6.3 The Local Community
- 6.6.4 Customers
- 6.6.5 Suppliers
- 6.6.6 Competitors
- 6.6.7 Hackers
- 6.6.8 General Public
- 6.7 Conflicts of Interests Between the Stakeholders
- 6.7.1 Grey Hats' Interests Versus the Other Named Stakeholders' Interests
- 6.7.2 Black Hats Interests Versus the Other Named Stakeholders' Interests
- 6.8 Responsibilities of Business
- References
- Chapter 7: Cybersecurity in Health Care
- 7.1 Introduction: The Value of Health
- 7.2 Principles, Moral Values and Technical Aims
- 7.2.1 Principlism as a Starting Point of Ethical Analysis
- 7.2.2 Technical Aims Mapping to Ethical Principles
- 7.2.3 Other Moral Values
- 7.3 Case Studies
- 7.3.1 Cardiac Pacemakers and Other Implantable Medical Devices
- 7.3.1.1 Brief Description of the Case
- 7.3.1.2 Conflicting Ethical Values
- 7.3.2 Electronic Health Card (eHC) in Germany and Elsewhere
- 7.3.2.1 Brief Description of the Case
- 7.3.2.2 Conflicting Ethical Values
- 7.3.3 Cybersecurity and Ethics in Health: A Tentative Summing-Up
- 7.4 Conclusion
- References
- Chapter 8: Cybersecurity of Critical Infrastructure
- 8.1 Introduction
- 8.2 Review of the Literature on Cybersecurity in the National Security Domain
- 8.2.1 Ethical Issues That Emerged in the Literature
- 8.2.2 Value Conflicts Identified in the Literature
- 8.2.3 The Gap in the Literature
- 8.3 Cybersecurity of Critical Infrastructure
- 8.3.1 Cybersecurity of Industrial Control Systems
- 8.3.2 AI and Cybersecurity of Critical Infrastructure
- 8.3.3 Value Conflicts in the Use of AI in Cybersecurity in the National Security Domain
- 8.4 Case Studies of Cybersecurity in the National Security Domain
- 8.4.1 Iranian Attack to the US Power Grid System (Counter-Measure to Stuxnet)
- 8.4.2 Hacking of Citizens' Telephone with Exodus
- 8.4.3 'Biased' Face Recognition Systems.
- 8.4.4 Government Buying Zero-Day Exploits
- 8.5 Conclusion
- References
- Chapter 9: Ethical and Unethical Hacking
- 9.1 Introduction
- 9.2 What Actually Is a 'Hacker'?
- 9.2.1 Hackers in the Early Days
- 9.2.2 Hackers in the 2000s
- 9.2.3 Modern Hackers
- 9.2.4 Today's Hackers
- 9.3 Towards a More Systematic Hackers' Classification
- 9.3.1 A First Taxonomy
- 9.3.2 A Second Taxonomy
- 9.3.3 Ethical Hacking
- 9.4 Is 'Ethical Hacking' Ethical?
- 9.4.1 Inethical, Unethical and Ethical Hacking
- 9.4.2 Competing Ethical Values
- 9.4.3 A Pragmatic Best Practice Approach
- 9.5 Conclusion
- References
- Chapter 10: Cybersecurity and the State
- 10.1 Introduction
- 10.2 Cybersecurity Strategies at the European Union Level
- 10.3 Cybersecurity Strategies at the National Level
- 10.4 The EU Data Protection Framework Addressing Cybersecurity
- 10.5 Tensions Between Cybersecurity and Data Protection
- 10.6 Recommended Realignment and Solution Approaches
- References
- Chapter 11: Freedom of Political Communication, Propaganda and the Role of Epistemic Institutions in Cyberspace
- 11.1 Introduction
- 11.2 Fake News, Hate Speech and Propaganda
- 11.3 Freedom of Communication, Truth and Liberal Democracy
- 11.4 Epistemic Institutions, Market-Based Social Media Platforms and Combating Propaganda
- 11.5 Conclusion
- References
- Chapter 12: Cybersecurity and Cyber Warfare: The Ethical Paradox of 'Universal Diffidence'
- 12.1 Introduction
- 12.2 Ethics and Individuals in the Cyber Domain
- 12.3 Ethics and Inter-State Relations in the Cyber Domain
- 12.4 Privacy, Vulnerability and the 'Internet of Things'
- 12.5 Our Own Worst Enemy
- References
- Chapter 13: Cyber Peace: And How It Can Be Achieved
- 13.1 Cyber Conflicts of Today
- 13.2 Cyber Peace
- 13.2.1 Current State of Cyber Peace.
- 13.2.2 How to Achieve a State of Stable Cyber Peace
- 13.3 Security and Resilience
- 13.4 Trust and Confidence
- 13.5 Roles and Responsibilities
- 13.5.1 Policy Makers
- 13.5.2 The Society
- 13.5.3 The Private Sector
- 13.5.4 The Individual
- 13.6 Conclusion
- References
- Part III: Recommendations
- Chapter 14: Privacy-Preserving Technologies
- 14.1 Introduction
- 14.1.1 Design Strategies
- 14.2 Identity, Authentication and Anonymity
- 14.2.1 Digital Signatures
- 14.2.1.1 Blind Signatures
- 14.2.1.2 Group Signatures
- 14.2.1.3 Identity-Based Signatures
- 14.2.1.4 Attribute-Based Signatures
- 14.2.2 Zero-Knowledge Proofs
- 14.2.3 Implicit Authentication
- 14.3 Private Communications
- 14.3.1 End-to-End Encryption
- 14.3.2 Anonymous Channels
- 14.4 Privacy-Preserving Computations
- 14.4.1 (Partially) Homomorphic Encryption
- 14.4.2 Multiparty Computation
- 14.5 Privacy in Databases
- 14.5.1 Respondent Privacy: Statistical Disclosure Control
- 14.5.2 Non-perturbative Masking
- 14.5.3 Perturbative Masking
- 14.5.4 Synthetic Microdata Generation
- 14.5.5 Privacy Models
- 14.5.5.1 k-Anonymity and Extensions
- 14.5.5.2 Differential Privacy
- 14.5.5.3 Permutation Model for Anonymisation
- 14.5.6 Redaction and Sanitisation of Documents
- 14.5.7 Data Stream Anonymisation
- 14.5.8 Owner Privacy: Privacy-Preserving Data Mining
- 14.5.9 User Privacy: Private Information Retrieval
- 14.6 Discrimination Prevention in Data Mining
- References
- Chapter 15: Best Practices and Recommendations for Cybersecurity Service Providers
- 15.1 Introduction: Dilemmas of Cybersecurity Service Providers
- 15.1.1 Example: Dealing with Governmental Malware
- 15.1.2 Dilemmas of Cybersecurity Service Providers
- 15.2 Domains for Policy Implementations
- 15.2.1 Customer Data Handling
- 15.2.2 Information About Breaches.
- 15.2.3 Threat Intelligence Activities.