11/2/2017 Katie Carr, CSL & ITI
Written by Katie Carr, CSL & ITI
Whether you’re a cybersecurity student, researcher, or professional, you are likely to confront difficult ethical dilemmas that can have significant implications. Equipped with skills like malware knowledge and hacking techniques, those in the field of cybersecurity have inside knowledge that can be powerful and potentially dangerous. There is a growing need to tether this power to an awareness of the complex web of potential consequences, critical ethical reasoning skills, and perhaps most importantly, a sense of social responsibility to ensure this power is used for the greater good.
To better prepare cybersecurity students to manage the heavy burden of responsibility that comes along with access to information and technological skills, University of Illinois researchers are working to develop an academic curriculum focused specifically on cybersecurity ethics. A key goal is to get students to think through ethical challenges inherent in cybersecurity at the same time as they are developing technological skills.
The curriculum will draw on Illinois’ strength in technical cybersecurity education, says Jane Blanken-Webb, a postdoctoral research associate in the Information Trust Institute.
“We’re taking a wholistic view of cybersecurity education,” Blanken-Webb said. “We recognize that cybersecurity professionals can find themselves in thorny ethical situations that could potentially have significant implications for the rest of society. We want them to be prepared for this. Ethical reflection needs to be built into the practice of cybersecurity—it cannot be an afterthought.”
Blanken-Webb went on to say that often students enter into these fields of study interested in the science and engineering behind it, but aren’t necessarily aware of the ethical and societal implications of their work. The researchers are hoping to develop a curriculum where students can become more sensitized to the issues and gain practical tools while they’re still being trained in the field.
The team received a $277,000 grant from the National Centers of Academic Excellence in Cyber Defense, a National Security Agency and Department of Homeland Defense sponsored program. CAE-CD is interested in developing innovative approaches to cybersecurity education.
The curriculum development team consists of Blanken-Webb, as well as Roy Campbell, a computer science professor and associate dean for information technology, and Masooda Bashir, an associate professor in the School of Information Sciences, who both have experience developing curriculum in digital forensics. Additionally, they are working with Nicholas Burbules, an education professor and education director and principal investigator at the National Center for Professional and Research Ethics.
The course will primarily consist of case studies based on cybersecurity topics, such as misinformation, professional versus societal obligations, privacy versus security, and implications of big data. Some of the case studies will be hypothetical, but the researchers are also pulling from actual events and are working with the community, professionals in the field and an advisory committee to develop realistic and challenging scenarios.
Illinois offers additional courses on ethics in engineering and the researchers are planning to build upon that foundation when developing their course.
“Cybersecurity brings its own particular set of ethical challenges and we want students to establish a culture of dialogue around these issues that they can carry forward into their professional lives,” Blanken-Webb said. “By thinking together through complex scenarios in cybersecurity, we are aiming to foster a community of ethical practice for the field of cybersecurity.”
The researchers are planning to launch the class in January 2018 at Illinois, but have plans to adapt the curriculum down the road for community colleges, graduate colleges, or as continuing education for those currently working in the field.
Blanken-Webb, whose background is in philosophy of education, developed the idea for the curriculum after a discussion about philosophy, education, and ethics in cybersecurity with an Illinois Cyber Security Scholars Program (ICSSP) student.
“Cybersecurity is such an interesting field and rests at the intersection of society and technology, making it essential to adopt a multidisciplinary perspective,” she said. “The problems we’re trying to solve are so complex, so it’s not going to work to just draw on a technical perspective. We also need humanistic and social science perspectives too.”