Ethical Concepts that Guide Cybersecurity Decisions

Ethical Concerns and Laws Related to Counterattacks

U.S. Standpoint on Counterattacks

In the U.S., deploying a counterattack on a threat actor is illegal because of laws like the Computer Fraud and Abuse Act of 1986 and the Cybersecurity Information Sharing Act of 2015, among others. You can only defend.

The only individuals in the U.S. who are allowed to counterattack are approved employees of the federal government or military personnel.

International Standpoint on Counterattacks

The International Court of Justice (ICJ), which updates its guidance regularly, states that a person or group can counterattack if:

• The counterattack will only affect the party that attacked first.

• The counterattack is a direct communication asking the initial attacker to stop.

• The counterattack does not escalate the situation.

• The counterattack effects can be reversed.

Ethical principles and methodologies

Confidentiality means that only authorized users can access specific assets or data.

Privacy protection means safeguarding personal information from unauthorized use.

Laws are rules that are recognized by a community and enforced by a governing entity.

• You must remain unbiased and conduct your work honestly, responsibly, and with the highest respect for the law.

• Be transparent and just, and rely on evidence.

• Ensure that you are consistently invested in the work you are doing, so you can appropriately and ethically address issues that arise.

• Stay informed and strive to advance your skills, so you can contribute to the betterment of the cyber landscape