A panel discussion on cybersecurity ethics
On February 15, 2018, the Markkula Center for Applied Ethics’ Business, Internet, and Technology Ethics Programs held back-to-back panels about cybersecurity ethics. The event was sponsored by the Ethics Center’s Partners in Business Ethics.
- Sri Athi Vasudevan, Executive Director at EY Cybersecurity: Emerging Technologies Center of Excellence
- Brian Gin, Director of Legal Services at Cisco
- Jeff Klaben, Chief Information Security Officer, SRI International
The panel was moderated by Irina Raicu, Director of Internet Ethics at the Markkula Center for Applied Ethics.
In order to illustrate the pervasiveness of internet-connected devices, Raicu opened the panel by listing a variety of IoT consumer goods, including refrigerators, toothbrushes, cars, hairbrushes, toasters, fitness trackers, light bulbs, baby monitors, pacemakers, toys, insulin pumps, photo frames, etc. The panelists pointed out that many of these IoT devices can help individuals and serve the common good. Specifically, Vasudevan explained that the city of San Diego recently installed smart street lights that listen for gunshots; the lights map the sound of gunshots, which alerts authorities, decreases their response time, and increases safety. The change IoT devices cause in our lives is real and meaningful; however, all of the panelists were quick to point out that for all of the good IoT devices do, there are many challenges in the use and implementation of IoT.
Klaben said that perhaps the biggest problem is people do not understand the risks that internet-connected devices pose to the consumer and that consumers readily tolerate not knowing the privacy implications of bringing IoT devices into their homes. Klaben recommends that consumers write down all of the systems and accounts they rely on in order to become aware of the different places they keep their private information and which devices are connected to that information. This can help consumers make risk-informed decisions.
According to Gin, another challenge is the diversity of players in the IOT ecosystem, including suppliers of devices, software, hardware, security, cities, etc. While this diversity brings great innovation, fragmentation can lead to security challenges; and companies and cities need to think holistically, end-to-end about how best to secure their environments. The panelists agreed that, over time, the industry will ideally develop some framework or standards to build trust in the IoT infrastructure—in some ways similar to how we have international protocols for air traffic and safety. Individuals may not know the details, but they trust that there are systems and controls in place to ensure safety around mechanics and flight paths. IoT would benefit from similar security standardization.
When asked what skills students should have to be successful working in IoT, Vasudevan pointed out that systems thinking will be critical going forward, and he drew on the Center’s Framework for Ethical Decision Making to illustrate his point. For example, when designing IoT devices, engineers and companies should be asking themselves: Who will benefit the most from this device? And who will be harmed the most by this device? Klaben emphasized Vasudevan’s point by saying that the Center’s Framework is “wicked strong kung foo” for people working in IoT because no one is approaching it from an ethical perspective even though ethics should be a primary tool for critical thinking.