Offensive Cyberspace Operations and Zero-days: Anticipatory Ethics and Policy Implications for Vulnerability Disclosure
Abstract:
This article addresses the question under which circumstances zero-day vulnerabilities should be disclosed or used for offensive cyberspace operations. Vulnerabilities exist in hardware and software and can be seen as a consequence of programming errors or design flaws. The most highly sought are so-called zero-day-vulnerabilities. These vulnerabilities exist but are unknown and, when exploited, enable one way of entry into a system that is otherwise not thought possible. Therefore, from an anticipatory ethics perspective, it is important to understand in what cases zero-days should be disclosed or not.
AUTHORS
Department of Military Studies Swedish Defence University, Stockholm,
and
Department of Computer and Systems Sciences, Kista,
Sweden
Gazmend Huskaj is a doctoral student in Cyberspace Operations at the Swedish Defence University. Previously, he was Director of Intelligence in the Swedish Armed Forces on cyber-related issues. Prior to that, he was Head of the United Nation’s Intelligence Cell in a mission area for several years. He is a veteran, with more than five years of duty in conflict and post-conflict areas, including two tours in the Balkans and one in Central Asia. He is a graduate of Harvard Kennedy School in Cybersecurity: The Intersection of Policy and Technology, and Geneva Centre for Security Policy European Training Course (ETC). In 2014, he was awarded the best idea answering to EEAS Deputy Secretary General’s thread on the EU as a security provider. Huskaj holds a two-year-master’s (MSc) in Information Security from Stockholm University and an MSc in Security and Risk Management from the University of Leicester. He is also an ISACA Certified Information Security Manager (CISM).
Department of Philosophy and Computer and Information Sciences Towson University, Towson, Maryland,
and
Hoffberger Center for Professional Ethics University of Baltimore, Baltimore, Maryland,
United States
Richard L. Wilson is a Professor of Philosophy and Computer and Information Sciences at Towson University in Towson, MD, and Senior Research Scholar in the Hoffberger Center for Professional Ethics at the University of Baltimore, MD. Professor Wilson is a specialist in applied ethics with a variety of publications in cyber warfare ethics, information warfare ethics, and ethics of warfare. In addition, he works in business ethics, engineering ethics, environmental ethics, media ethics, and medical ethics. Teaching ethics in a wide variety of areas has led Professor Wilson to the commitment to an interdisciplinary approach to and in all fields of ethics and the centralizing in all of his work to “anticipatory ethics”.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
