Tuesday, September 23, 2014

Ethics vs Morals in Cyber Security, the Insider threat

Having to choose between ethics and morals can sometimes leave an individual to make a choice which in the end, they may have wish they didn’t make. If we consider the cases of Thomas Drake, Edward Snowden and PFC Bradley Manning, we see while the end results were the same, the processes were not. Thomas Drake allegedly tried a number of avenues to have his concerns addressed (ZETTER, 2010)before he went to the media. Contrasting Drake’s action with Edward Snowden’s (HOSENBALL, 2013) or PFC Bradley Manning (POULSEN & ZETTER, 2010), shows while similar they are not necessarily the same.

Ethics is referred to as a set of principles while morals relates to ones beliefs (thewritingsite.org, 2012). Considering those definitions, it is clear that Drake faced a moral dilemma after trying everything ethically possible. Before communicating with the media, it is reported that he spoke to his superiors, then looked to congress, then went to the Defense Department (ZETTER, 2010). Clearly, one can conclude that these were not the actions of someone who was just focused on simply leaking classified information.  He seemed to have been more concerned about discussing the implications of replacing the ThinThread program with one called TrailBlazer. Looking at the actions of Drake, Snowden and Manning from the perspective of the end result may blur the true intent of these various actions.

While it can be debated as to whether the actions of Drake, Manning or Snowden were ethically/unethically or morally/immorally driven, there are cases where one can clearly draw a conclusion.  An administrator who knowingly hosts porn on company servers (Harbert, 2011) along with other illegal activities can be considered as unethical. As an administrator, this employee was entrusted with keeping the company assets and its reputations protected. This employee can and should face the full brunt of the law. 

Considering the preceding paragraphs:

What dilemma do you see with ethics vs morals, as in relates to the insider threat and Cyber Security?

Do you think that the actions of Thomas Drake, Edward Snowden and PFC Bradley Manning should be judged using the same set of criteria? If Yes or No, please elaborate

How would you go about protecting your organization from an Insider Threat?

(2012, 03 12). Retrieved from thewritingsite.org: http://www.thewritingsite.org/ethics-morals/
Harbert, T. (2011, 01 18). Retrieved from computerworld.com: http://www.computerworld.com/s/article/9204581/Security_fail_When_trusted_IT_people_go_bad?taxonomyId=17&pageNumber=1
HOSENBALL, M. (2013, 08 15). Retrieved from reuters.com: http://www.reuters.com/article/2013/08/15/us-usa-security-snowden-dell-idUSBRE97E17P20130815
POULSEN, K., & ZETTER, K. (2010, 06 06). Retrieved from wired.com: http://www.wired.com/2010/06/leak/

ZETTER, K. (2010, 07 14). http://www.wired.com/2010/07/thomas-drake/. Retrieved from wired.com: http://www.wired.com/2010/07/thomas-drake/

1 comment:

  1. Re: Ethics vs Morals in Cyber Security, the Insider threat
    by Randal Reding

    Do you think that the actions of Thomas Drake, Edward Snowden and Bradley Manning should be judged using the same set of criteria? If Yes or No, please elaborate.


    I believe the key word in the case of Drake, Manning, and Snowden is the same word that prosecutors and defense lawyers for many criminal cases try to leverage to argue their point - intent. The intent of Drake, Manning, and Snowden is evident by their actions. If they are each judged based on their actions, intent is easily discernable.

    As you stated, the end result for Drake and Manning, and Snowden were the same - they were all charged with serious crimes - but their outcomes in court (in Manning and Drake’s cases) were very different. The clear reason for all 10 major charges being dropped in Drake's case, as opposed to the prosecution, conviction and sentencing of Manning, is, in my opinion, perceived intent. If Snowden were to be tried in a U.S. court of law today, he likely would receive a similar if not more severe sentence than Manning due to his fleeing the country to elude prosecution.

    Drake was intentional in how he communicated the information about the NSA programs he disagreed with to outside sources. He abided by the ethical principles established by the government on how and how not to expose presumed misconduct or illegal activities within an organization. According to Mayer (2011), Drake reviewed the laws regarding disclosure of information, and decided that if he revealed unclassified information the worst that would happen to him was that he would lose his job. His actions were undoubtedly guided by his own personal "moral compass" as well, since the very reason he was whistleblowing was due to NSA activities he presumed to be both illegal and immoral to the American citizen/tax payer. However, unlike Manning, his moral convictions didn’t trump the ethical principles he was required to abide by to stay within the law.

    On the other hand, Manning and Snowden’s actions show a different intent. According to Carlson & Smith (2013), Manning released over 700,000 classified documents to unauthorized people. According to Hosenball (2013), Snowden released over 200,000 documents. This in my opinion is a clear unethical violation of the Whistleblower Protection Act that proves their true intent – to maliciously cause as much damage as possible. In Manning’s case, the 35 year sentence he received shows the U.S. judicial system came to the same conclusion. In Drake’s case, he only received one year of probation and community service for “misdemeanor of exceeding authorized use of a computer” (Nakashima, 2011). The end result of each case lies in the perceived intent of the actions taken by the individual.

    Carson, P. & Smith, M. (2013, August 22). WikiLeaks source Manning gets 35 years, will seek pardon. CNN. Retrieved from: http://www.cnn.com/2013/08/21/us/bradley-manning-sentencing/index.html?hpt=hp_t2

    Hosenball, M. (2013, November 14). NSA chief says Snowden leaked up to 200,000 secret documents. Reuters. Retrieved from: http://www.reuters.com/article/2013/11/14/us-usa-security-nsa-idUSBRE9AD19B20131114

    Nakashima, E. (2011, June 9). Ex-NSA manager accepts plea bargains in Espionage Act case. The Washington Post. Retrieved from: http://www.washingtonpost.com/national/national-security/ex-nsa-manager-has-reportedly-twice-rejected-plea-bargains-in-espionage-act-case/2011/06/09/AG89ZHNH_story.html

    Mayer, J. (2011, May 23). The Secret Sharer. The New Yorker. Retrieved from: http://www.newyorker.com/magazine/2011/05/23/the-secret-sharer