Cybersecurity Ethics Curriculum

As society becomes more reliant on cyber infrastructures to manage crucial aspects of daily living, threats posed by cyber-attacks become increasingly critical. In response to this, governments funding for cybersecurity initiatives has increased. Despite it, there is still a shortage of skilled cybersecurity professionals as current estimates indicate a global shortfall of skilled cybersecurity professionals of 1.5 million by 2019. There are substantial efforts underway to address the demand of this workforce. However, in order to prepare these future cybersecurity professionals, it is vital to maintaining a holistic view of the education these professionals require.

Many information technology and cybersecurity professionals do not realize how their jobs entail significant ethical dilemmas. Cybersecurity professionals face a heavy ethical burden that comes along with their increased access and skill. They have access to information like private emails, geolocation, web purchasing patterns, and web browsing histories. These professionals are situated on the frontline of ethical decisions about whether and under what conditions to access and use this information.

Jane Blanken-Webb and her colleagues developed an ethics curriculum for cybersecurity that immersed students in real-life ethical dilemmas inherent to cybersecurity. Students engaged in open dialogue and debate engaging, complex dimensions of cybersecurity case studies. The curriculum was designed to develop critical ethical reasoning skills in addition to skills vital for cybersecurity professionals. The pilot graduate-level course was taught in Spring 2018 at the University of Illinois at Urbana-Champaign. The class consisted of one 3-hour class session each week for a 16- week term. After the course, students were surveyed to evaluate the effectiveness of the course in realizing its aims. The goal of the evaluation is to gather information about the students’ perspectives, experiences, and suggestions.

The survey showed that some students commented on how this course helped students become aware of ethical issues in cyberspace. As for the learning objective of the course, students found that facilitating a culture of dialogue was the most successful learning objective met by this course. The second most successful was the courses ability to increase their awareness of ethical dilemmas in cybersecurity. This course was found to be least successful in increasing collaborative problem-solving skills and increasing professional judgment of ethical issues.

One primary challenge with this overall initiative was to introduce ethical reflection into a field that is widely seen as purely technical. Another challenge is the necessarily multidisciplinary approach this initiative required in working to find effective ways of addressing the complex realm of cybersecurity ethics.

Cite: Blanken-Webb, J., Palmer, I., Burbules, N. C., Campbell, R. H. et and Masooda Bashir. (2018). A Case Study-based Cybersecurity Ethics Curriculum. Workshop on Advances in Security Education, Baltimore, MD.

Source: https://www.usenix.org/system/files/conference/ase18/ase18-paper_blanken-webb.pdf