Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Anticipatory ethics for vulnerability disclosure
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. Swedish Defence University, Stockholm, Sweden. (Informationssystem, Information Systems)ORCID iD: 0000-0002-7552-9465
Towson University, United States / Hoffberger Center for Professional Ethics, University of Baltimore, United States.
2020 (English)In: Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS 2020 / [ed] Brian K. Payne, Hongyi Wu, Reading: Academic Conferences and Publishing International Limited, 2020, p. 254-261Conference paper, Published paper (Refereed)
Abstract [en]

This article presents the ethical dilemma related to under what circumstances vulnerabilities should be disclosed. Vulnerabilities exist in hardware and software, and can be as a consequence of programming errors or design flaws. Threat actors can exploit these vulnerabilities to gain otherwise unintended access to information systems, resources and/or stored information. In other words, they can be used to impact the confidentiality, integrity and availability of information in information systems. As a result, various types of vulnerabilities are highly sought after since they enable this type of access. The most highly sought are so-called “zero-day”-vulnerabilities. These are vulnerabilities that exist but are unknown, and when exploited, enable one way of entry into a system that is not thought possible. This is also why zero-day vulnerabilities are very popular among criminal organizations, states and state-sponsored advanced persistent threats. The other side of the coin is when a state identifies a zero-day, and ends up in the ethical dilemma of whether to release the news and inform the vendor to patch it, i.e. close the vulnerability, or to use it for offensive or intelligence purposes. This article employs these distinctions to apply anticipatory ethics in the Stuxnet-case. Stuxnet was a computer software that was allegedly developed by the U.S. together with Israel to disrupt Iran's development of uranium for their nuclear program. More exactly, it was developed to disable the uranium centrifuges used to enrich uranium. To achieve this, Stuxnet exploited four zero-day vulnerabilities and, according to some experts, managed to delay Iran's nuclear program by one to two-years, forcing them to the negotiation table. Using vulnerabilities like zero-days presents opportunities but also risks. The results of the application of anticipatory ethics to the Stuxnet case are then compared with the “Osirak”-case and the “al-Kibar”-case. Osirak was the nuclear reactor in Iraq and was bombed in 1981; al-Kibar was the nuclear reactor being built up in Syria, also bombed in 2007. 

Place, publisher, year, edition, pages
Reading: Academic Conferences and Publishing International Limited, 2020. p. 254-261
Series
Proceedings of the International Conference on Cyber Warfare and Security, ISSN 2048-9870, E-ISSN 2048-9889
Keywords [en]
Anticipatory Ethics, Ethical Dilemma, Information Systems, Iran Nuclear Program, Stuxnet, Vulnerabilities, Zero-Days, Computer crime, Information use, Nuclear reactors, Uranium, Hardware and software, Programming errors, Vulnerability disclosure, Zero day vulnerabilities, Ethical aspects
National Category
Social Sciences Interdisciplinary Information Systems Political Science (excluding Public Administration Studies and Globalisation Studies)
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-18417ISI: 000560067200031Scopus ID: 2-s2.0-85083400703ISBN: 978-1-912764-52-5 (print)ISBN: 1-912764-53-9 (print)ISBN: 978-1-912764-53-2 (electronic)OAI: oai:DiVA.org:his-18417DiVA, id: diva2:1427666
Conference
15th International Conference on Cyber Warfare and Security, ICCWS 2020; Norfolk; United States; 12 March 2020 through 13 March 2020; Code 158670
Note

10.34190/ICCWS.20.053

Available from: 2020-04-30 Created: 2020-04-30 Last updated: 2020-12-29Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Scopushttps://www.academic-bookshop.com/ourshop/prod_7115710-ICCWS-2020-PDF-Proceedings-of-the-15th-International-Conference-on-Cyber-Warfare-and-Security.html

Authority records

Huskaj, Gazmend

Search in DiVA

By author/editor
Huskaj, Gazmend
By organisation
School of InformaticsInformatics Research Environment
Social Sciences InterdisciplinaryInformation SystemsPolitical Science (excluding Public Administration Studies and Globalisation Studies)

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 176 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf