Cover Image

The Ethics of Cybersecurity.

Bibliographic Details
Main Author: Christen, Markus.
Other Authors: Gordijn, Bert., Loi, Michele.
Format: eBook
Language:English
Published: Cham : Springer International Publishing AG, 2020.
Edition:1st ed.
Series:The International Library of Ethics, Law and Technology Series
Subjects:
Electronic books.
Online Access:Click to View
Table of Contents:
  • The Ethics of Cybersecurity
  • Acronyms and Abbreviations
  • Contents
  • List of Figures
  • List of Tables
  • About the Contributors
  • Chapter 1: Introduction
  • 1.1 Explaining the Foundations
  • 1.2 Outlining the Problems
  • 1.3 Presenting Recommendations
  • References
  • Part I: Foundations
  • Chapter 2: Basic Concepts and Models of Cybersecurity
  • 2.1 Introduction
  • 2.2 Threats
  • 2.2.1 Information Security
  • 2.2.2 Systems Security
  • 2.2.3 Security Versus Safety
  • 2.2.4 Security as Risk Management
  • 2.3 Approaches for Attack and Defence
  • 2.3.1 Attackers and Their Motives
  • 2.3.2 Defences
  • 2.3.3 Stages of an Intrusion
  • 2.4 Threats and Solutions in Data Security
  • 2.4.1 Unauthorised Disclosure of Information
  • 2.4.2 Unauthorised Modification and Fabrication
  • 2.4.3 The Benefits of Asymmetric Cryptography
  • 2.4.4 Case Study: Secure HTTP
  • 2.5 Malware Threats and Solutions
  • 2.5.1 Propagation and Delivery
  • 2.5.2 Payloads
  • 2.5.3 Countermeasures
  • 2.6 Threats and Solutions in Software Security
  • 2.6.1 Case Study: Buffer Overflows
  • 2.6.2 Case Study: SQL Injections
  • 2.6.3 Finding and Handling Vulnerabilities
  • 2.7 Threats and Solutions in Network Security
  • 2.7.1 Case Study: Reconnaissance
  • 2.7.2 Case Study: Perimeter Security Via Firewalls
  • 2.7.3 Case Study: Denial of Service Attacks
  • 2.7.4 Case Study: Network Intrusion Detection Systems
  • 2.8 Continuous Testing
  • 2.9 Conclusion
  • References
  • Chapter 3: Core Values and Value Conflicts in Cybersecurity: Beyond Privacy Versus Security
  • 3.1 Introduction
  • 3.2 Values and Value Clusters
  • 3.2.1 What Are Values?
  • 3.2.2 Value Clusters
  • 3.3 Value Clusters in Cybersecurity
  • 3.3.1 Security
  • 3.3.2 Privacy
  • 3.3.3 Fairness
  • 3.3.4 Accountability
  • 3.4 Value Conflicts in Cybersecurity
  • 3.4.1 What Are Value Conflicts?.
  • 3.4.2 Value Conflicts in Cybersecurity
  • 3.4.2.1 Privacy Versus Security
  • 3.4.2.2 Privacy Versus Fairness
  • 3.4.2.3 Privacy Versus Accountability
  • 3.4.2.4 Security Versus Accountability
  • 3.4.2.5 Security Versus Fairness (and Democracy)
  • 3.5 Conclusions: Beyond Security Versus Privacy
  • References
  • Chapter 4: Ethical Frameworks for Cybersecurity
  • 4.1 Introduction
  • 4.2 Principlism
  • 4.3 Human Rights
  • 4.4 From Principlism and Human Rights to the Ethics of Risk
  • 4.5 Cybersecurity and the Ethics of Risk
  • 4.5.1 Expected Utility Maximisation
  • 4.5.2 The Maximin Rule
  • 4.5.3 Deontological and Rights-Based Theories
  • 4.5.4 Contractualism and Risk
  • 4.6 Contextual Integrity
  • 4.7 Conclusions
  • References
  • Chapter 5: Cybersecurity Regulation in the European Union: The Digital, the Critical and Fundamental Rights
  • 5.1 Formulating Cybersecurity as a Policy Area and Its Objectives
  • 5.2 A Virtuous But Vicious Circle of Regulation: From Cybersecurity Law to Policy and Vice Versa
  • 5.3 Conceptualising Cybersecurity as a Policy Area Through Piecemeal Legislation and Policy
  • 5.4 Principle of Conferral Limits the Scope of Cybersecurity
  • 5.5 Remaining Challenges to an Effective Cybersecurity Legal Framework
  • 5.5.1 Choice of Appropriate Regulatory Measures
  • 5.5.2 Targeting the Right Addressees
  • 5.5.3 The Long-Awaited Recast of Product Liability Directive, Pending
  • 5.6 A Pressing Need to (Cyber)Secure EU Values and Interests
  • 5.7 Concluding Remarks
  • References
  • Part II: Problems
  • Chapter 6: A Care-Based Stakeholder Approach to Ethics of Cybersecurity in Business
  • 6.1 Introduction
  • 6.2 Ethical Issues in Cybersecurity
  • 6.3 Gaps in the Literature on Ethics and Cybersecurity
  • 6.4 Care-Based Stakeholder Theory
  • 6.5 Ransomware Attacks
  • 6.6 The Stakeholders and Their Interests
  • 6.6.1 Shareholders.
  • 6.6.2 Employees
  • 6.6.3 The Local Community
  • 6.6.4 Customers
  • 6.6.5 Suppliers
  • 6.6.6 Competitors
  • 6.6.7 Hackers
  • 6.6.8 General Public
  • 6.7 Conflicts of Interests Between the Stakeholders
  • 6.7.1 Grey Hats' Interests Versus the Other Named Stakeholders' Interests
  • 6.7.2 Black Hats Interests Versus the Other Named Stakeholders' Interests
  • 6.8 Responsibilities of Business
  • References
  • Chapter 7: Cybersecurity in Health Care
  • 7.1 Introduction: The Value of Health
  • 7.2 Principles, Moral Values and Technical Aims
  • 7.2.1 Principlism as a Starting Point of Ethical Analysis
  • 7.2.2 Technical Aims Mapping to Ethical Principles
  • 7.2.3 Other Moral Values
  • 7.3 Case Studies
  • 7.3.1 Cardiac Pacemakers and Other Implantable Medical Devices
  • 7.3.1.1 Brief Description of the Case
  • 7.3.1.2 Conflicting Ethical Values
  • 7.3.2 Electronic Health Card (eHC) in Germany and Elsewhere
  • 7.3.2.1 Brief Description of the Case
  • 7.3.2.2 Conflicting Ethical Values
  • 7.3.3 Cybersecurity and Ethics in Health: A Tentative Summing-Up
  • 7.4 Conclusion
  • References
  • Chapter 8: Cybersecurity of Critical Infrastructure
  • 8.1 Introduction
  • 8.2 Review of the Literature on Cybersecurity in the National Security Domain
  • 8.2.1 Ethical Issues That Emerged in the Literature
  • 8.2.2 Value Conflicts Identified in the Literature
  • 8.2.3 The Gap in the Literature
  • 8.3 Cybersecurity of Critical Infrastructure
  • 8.3.1 Cybersecurity of Industrial Control Systems
  • 8.3.2 AI and Cybersecurity of Critical Infrastructure
  • 8.3.3 Value Conflicts in the Use of AI in Cybersecurity in the National Security Domain
  • 8.4 Case Studies of Cybersecurity in the National Security Domain
  • 8.4.1 Iranian Attack to the US Power Grid System (Counter-Measure to Stuxnet)
  • 8.4.2 Hacking of Citizens' Telephone with Exodus
  • 8.4.3 'Biased' Face Recognition Systems.
  • 8.4.4 Government Buying Zero-Day Exploits
  • 8.5 Conclusion
  • References
  • Chapter 9: Ethical and Unethical Hacking
  • 9.1 Introduction
  • 9.2 What Actually Is a 'Hacker'?
  • 9.2.1 Hackers in the Early Days
  • 9.2.2 Hackers in the 2000s
  • 9.2.3 Modern Hackers
  • 9.2.4 Today's Hackers
  • 9.3 Towards a More Systematic Hackers' Classification
  • 9.3.1 A First Taxonomy
  • 9.3.2 A Second Taxonomy
  • 9.3.3 Ethical Hacking
  • 9.4 Is 'Ethical Hacking' Ethical?
  • 9.4.1 Inethical, Unethical and Ethical Hacking
  • 9.4.2 Competing Ethical Values
  • 9.4.3 A Pragmatic Best Practice Approach
  • 9.5 Conclusion
  • References
  • Chapter 10: Cybersecurity and the State
  • 10.1 Introduction
  • 10.2 Cybersecurity Strategies at the European Union Level
  • 10.3 Cybersecurity Strategies at the National Level
  • 10.4 The EU Data Protection Framework Addressing Cybersecurity
  • 10.5 Tensions Between Cybersecurity and Data Protection
  • 10.6 Recommended Realignment and Solution Approaches
  • References
  • Chapter 11: Freedom of Political Communication, Propaganda and the Role of Epistemic Institutions in Cyberspace
  • 11.1 Introduction
  • 11.2 Fake News, Hate Speech and Propaganda
  • 11.3 Freedom of Communication, Truth and Liberal Democracy
  • 11.4 Epistemic Institutions, Market-Based Social Media Platforms and Combating Propaganda
  • 11.5 Conclusion
  • References
  • Chapter 12: Cybersecurity and Cyber Warfare: The Ethical Paradox of 'Universal Diffidence'
  • 12.1 Introduction
  • 12.2 Ethics and Individuals in the Cyber Domain
  • 12.3 Ethics and Inter-State Relations in the Cyber Domain
  • 12.4 Privacy, Vulnerability and the 'Internet of Things'
  • 12.5 Our Own Worst Enemy
  • References
  • Chapter 13: Cyber Peace: And How It Can Be Achieved
  • 13.1 Cyber Conflicts of Today
  • 13.2 Cyber Peace
  • 13.2.1 Current State of Cyber Peace.
  • 13.2.2 How to Achieve a State of Stable Cyber Peace
  • 13.3 Security and Resilience
  • 13.4 Trust and Confidence
  • 13.5 Roles and Responsibilities
  • 13.5.1 Policy Makers
  • 13.5.2 The Society
  • 13.5.3 The Private Sector
  • 13.5.4 The Individual
  • 13.6 Conclusion
  • References
  • Part III: Recommendations
  • Chapter 14: Privacy-Preserving Technologies
  • 14.1 Introduction
  • 14.1.1 Design Strategies
  • 14.2 Identity, Authentication and Anonymity
  • 14.2.1 Digital Signatures
  • 14.2.1.1 Blind Signatures
  • 14.2.1.2 Group Signatures
  • 14.2.1.3 Identity-Based Signatures
  • 14.2.1.4 Attribute-Based Signatures
  • 14.2.2 Zero-Knowledge Proofs
  • 14.2.3 Implicit Authentication
  • 14.3 Private Communications
  • 14.3.1 End-to-End Encryption
  • 14.3.2 Anonymous Channels
  • 14.4 Privacy-Preserving Computations
  • 14.4.1 (Partially) Homomorphic Encryption
  • 14.4.2 Multiparty Computation
  • 14.5 Privacy in Databases
  • 14.5.1 Respondent Privacy: Statistical Disclosure Control
  • 14.5.2 Non-perturbative Masking
  • 14.5.3 Perturbative Masking
  • 14.5.4 Synthetic Microdata Generation
  • 14.5.5 Privacy Models
  • 14.5.5.1 k-Anonymity and Extensions
  • 14.5.5.2 Differential Privacy
  • 14.5.5.3 Permutation Model for Anonymisation
  • 14.5.6 Redaction and Sanitisation of Documents
  • 14.5.7 Data Stream Anonymisation
  • 14.5.8 Owner Privacy: Privacy-Preserving Data Mining
  • 14.5.9 User Privacy: Private Information Retrieval
  • 14.6 Discrimination Prevention in Data Mining
  • References
  • Chapter 15: Best Practices and Recommendations for Cybersecurity Service Providers
  • 15.1 Introduction: Dilemmas of Cybersecurity Service Providers
  • 15.1.1 Example: Dealing with Governmental Malware
  • 15.1.2 Dilemmas of Cybersecurity Service Providers
  • 15.2 Domains for Policy Implementations
  • 15.2.1 Customer Data Handling
  • 15.2.2 Information About Breaches.
  • 15.2.3 Threat Intelligence Activities.

Similar Items