The Real Story of how the Internet became so vulnerable

Ethics and Technology - Cybersecurity

The most controversial dilemma caused by Cyberspace is that while it seeks to satisfy increasing consumer needs, the side effect of its innovation may result in crucial damage to our way of life.?If we don’t address cyber ethical issues, the cyber age could force upon us a Faustian Future. The story of Faust has become a metaphor for a promise or tradeoff that initially seems appealing, but with time is revealed to be a bad bargain?(M.M.Pant, 2020). We must decide on the right path, which allows us all to benefit from the cyber revolution.

The advent of Cyberspace has spurred innovation, cultivated knowledge, encouraged free expression on social media. However, the technology that enables these benefits creates a dangerous situation where legitimate functions or features are attacked and exploited. Cyberspace is vulnerable to malicious activity, malfunction, human error, placing the Nation and its people at risk?(Office of the Press Secretary, 2016). For example, foreign actors could take measures in cyberspace to undermine the credibility of the entire democratic apparatus with divisive disinformation attacks.

? Cyberspace should be as safe and secure as real-world space. That the real world is not so safe an environment illustrates why law and order is a desired attribute for society and Cyberspace. What is a reasonable expectation of security in Cyberspace??The law is the most prominent of the regulators but not the only one. Bureaucracy, Politics, and Ethics also constrain Cyberspace Cybersecurity.

?Definitions

1. Cyberspace can be characterized into three layers: the infrastructure, the application, and the core. At different levels, cyberspace shall be treated distinctively and shall require different understandings between each actor which differs at each level.
2. Cybersecurity can be characterized as the state of being protected against the criminal or unauthorized use of electronic data or the resources used to achieve this.

Background

In 1968, The Advanced Research Projects Agency Network (ARPANET), began work on a groundbreaking computer network, the agency recruited scientists affiliated with the nation’s top universities. This group developed the internet but did not build security into the architecture. The architects of the internet did not focus on how one might wreck the system intentionally, they were focused on getting the system to work at all?(Timberg, 2015).

The Internet and its problems outgrew the idealistic world of “a bunch of geeks who didn’t have any intention of destroying the network.”?Those who helped design this network over subsequent decades focused on the technical challenges of moving information quickly and reliably. When they thought about security, they foresaw the need to protect the network against potential intruders or military threats, but they didn’t anticipate that the Internet’s own users would someday use the network to attack one another?(Timberg, 2015).

Design decisions made by engineers in the late 1960s have implications until today, especially for security. From the early prototype phase as ARPANET (1967-1972) to the gradual development into “the Internet” (1973-1983), technological protocols that define how data is exchanged were written in a free and uncensored spirit?(Naughton, 2016).

Cybersecurity Bureaucracy

The decision to have a system with minimal rules that had no central power and no censor was deliberate and based on the philosophical and political beliefs of the technical community?(Berners-Lee, 1999).?Today, the rise of cybercrime has caused words such as cybersecurity, ransomware, spyware,?viruses,?worms to find their way into the news headlines every day.?

Cyber threats and attacks are dangerous and a huge concern. For many years Cybersecurity languished a bit just kind of on the back burner in terms of policymakers’ minds. ?“Part of it is because, as a more technical issue, a lot of policymakers in our federal agencies just didn't want to engage on it personally they felt like they didn't understand it”?(Ugoretz, 2022).

And then the real eye-opener came in 2016 with the presidential election. ?That was when Cybersecurity couldn’t be relegated to the back burner in the bureaucracy anymore. That was when both members of Cyber-bureaucracy, and Congress realized that malicious cyber activity like what Russia did in 2016 in terms of hacking and leaking information was too big to ignore and it was hitting close to home. That incident galvanized a change in policymaker attention. Cybersecurity is now a priority for every organization?(Mutune, 2021).

“Which, when it comes to bureaucracy and lanes in the road, decisions about how we deal with cyber threats, and response - PPD 41 guides everything done. It really doesn't put anybody in charge, and so that I think is for two main reasons, one I think the nature of the cyber threat is a little bit different. And then the set of skills and authorities that you need to disrupt operationally and respond to threats and incidents which is called threat response in the document. It’s difficult, at least in the US Government construct to see all of that, coming under one agency, and so I think PPD 41 recognizes that”?(Ugoretz, 2022).

Bureaucracy constrains and seeks to regulate Cyberspace Cybersecurity.?For example, the Office of the National Cyber Director was established by the National Defense Authorization Act.?ONCD is working to ensure every American can share in the full benefits of our digital ecosystem, including the economic prosperity and democratic participation it enables, while aggressively addressing and mitigating the risks and threats at large in cyberspace.

? By cultivating unity of purpose and efforts across agencies and sectors, ONCD will contribute to the development and implementation of stronger national strategy, policy, and resilience for our digital ecosystem.?So as new entities are created from a federal government perspective, we have to figure out how do we integrate Cyber-bureaucracy into current ways of doing things and with policies that already exist and are ever-evolving.

Cybersecurity Ethical issues

While technological innovation is aimed at satisfying consumer needs, it may also produce unintended consequences damaging the real-world environment. ?Constant technological innovation has ethical consequences.

Well-designed and well-used technologies can make it easier for people to live well (for example, by allowing more efficient use and distribution of essential resources for a good life, such as food, water, energy, or medical care). Poorly designed or misused technologies can make it harder to live well (for example, by toxifying our environment, or by reinforcing unsafe, unhealthy, or antisocial habits)?(Shannon Vallor, 2022).

Ethical considerations constrain and seeks to regulate Cyberspace Cybersecurity.?

?????????

????????????????Figure 1. Technological Innovation - Ethical Considerations

? Technologies are not ethically ‘neutral’, for they reflect the values that we ‘bake in’ to them with our design choices, as well as the values which guide our distribution and use of them.?Ethical issues are raised by Facebook’s use of the social media data it is accumulating. With social media, we are still learning how to behave. ?Access to so many people and so much information, creates problems with bad actors and fake news.

We have choices in the technologies we make and live by. Ethical questions we should ask of the new technology include: What should we be doing with these new powers that have been developed? What are we trying to achieve? How can this technology help or harm people?

Ethically significant harms can come from poor technical choices.?Even acts performed without direct intent, such as exposing sensitive user data to hackers, can involve ethical choice-making e.g., the negligent choice to use outdated cybersecurity tools.

Further, there are ethical implications of a future dominated by new forms of technology.?For example, as Artificial Intelligence (AI) becomes more prominent, the role of humans will evolve towards oversight and management of computer systems. AI requires guardians to ensure the continuity of the values, ethics, and policies that define human societies?(Damien Van Puyvelde, 2019).

Cybersecurity Political issues

Political considerations constrain and seeks to regulate Cyberspace Cybersecurity. Cybersecurity politics is characterized by two main factors: Presidential Policy Directive 41 PPD 41 and second, by the state and its bureaucracies, society, and the private sector, geared towards defining roles, responsibilities, legal boundaries, and acceptable rules of behavior in Cyberspace?(Shannon Vallor, 2022).

So PPD 41 recognizes Cyberspace governance originated in the technical nature and function of cyberspace. Having a stake in how cyberspace operates, multiple institutions and actors seek to play a role in the management of Cyberspace. ?Here there is no single agency that can address all of the issues by itself.

For example, PPD 41 acknowledges and gives a seat at the table to the private sector because 80 to 85% of U.S. critical infrastructure is in private sector hands so it's impossible to think about protecting U.S. critical infrastructure and responding to threats and incidents without talking about what role does the private sector play in that. Parties working together is political, so the unity of effort really needs to be figured out. Governance in cyberspace is a contentious and difficult issue.

And there are foreign policy implications. Do we have this apparatus in place to be collaborative to make sure that everyone's equities are considered before big decisions are made?

Conclusion: The nature of cyberspace requires individuals, organizations, and the government to all play roles in Cybersecurity. The immediate creation of Cybersecurity mitigations is prudent. Should Cyberspace remain as safe and secure as real-world space? What is a reasonable expectation of security in Cyberspace???

“Its sort of ‘the Internet is this risky activity, and it’s up to each person to protect themselves from what’s out there. There’s this sense that the [Internet] provider’s not going to protect you. The government’s not going to protect you. It’s kind of up to you to protect yourself.”

Recommendation: Bureaucracy, Politics, and Ethics regulate Cyberspace Cybersecurity.?Figuring out how to integrate ways of doing things with existing and evolving policies to establish closer partnerships between stakeholders is a start. Defining new roles, responsibilities, legal boundaries in Cyberspace is another start. ?

Technologies are not ethically ‘neutral’, for they reflect the values that we ‘bake in’ to them with our design choices, as well as the values which guide our distribution and use of them.?We have choices in the technologies we make and live by. The reality is that we need to accept Cyberspace for what it is and figure out how to navigate in ways that reduce risk.