Offensive Cyberspace Operations and Zero-days: Anticipatory Ethics and Policy Implications for Vulnerability Disclosure

Abstract: 

This article addresses the question under which circumstances zero-day vulnerabilities should be disclosed or used for offensive cyberspace operations. Vulnerabilities exist in hardware and software and can be seen as a consequence of programming errors or design flaws. The most highly sought are so-called zero-day-vulnerabilities. These vulnerabilities exist but are unknown and, when exploited, enable one way of entry into a system that is otherwise not thought possible. Therefore, from an anticipatory ethics perspective, it is important to understand in what cases zero-days should be disclosed or not.


AUTHORS

Photo of Gazmend Huskaj

Department of Military Studies Swedish Defence University, Stockholm,
and
School of Informatics University of Skövde, Skövde, 
Sweden

Gazmend Huskaj is a doctoral student in Cyberspace Operations at the Swedish Defence University. Previously, he was Director of Intelligence in the Swedish Armed Forces on cyber-related issues. Prior to that, he was Head of the United Nation’s Intelligence Cell in a mission area for several years. He is a veteran, with more than five years of duty in conflict and post-conflict areas including two tours to the Balkans and one in Central Asia. He is a graduate from Harvard Kennedy School in Cybersecurity: The Intersection of Policy and Technology, and Geneva Centre for Security Policy European Training Course (ETC). In 2014, he was awarded the best idea answering to EEAS Deputy Secretary General’s thread on the EU as a security provider. Gazmend holds a two-year-master’s (MSc) in Information Security from Stockholm University and an MSc in Security and Risk Management from the University of Leicester. He is also an ISACA Certified Information Security Manager (CISM).

Photo of Richard L. Wilson

Department of Philosophy and Computer and Information Sciences Towson University, Towson, Maryland,
and
Hoffberger Center for Professional Ethics University of Baltimore, Baltimore, Maryland, 
United States

Richard L. Wilson is a Professor of Philosophy and Computer and Information Sciences at Towson University in Towson, MD, and Senior Research Scholar in the Hoffberger Center for Professional Ethics at the University of Baltimore, MD. Professor Wilson is a specialist in applied ethics with a variety of publications in cyber warfare ethics, information warfare ethics, and ethics of warfare. In addition, he works in business ethics, engineering ethics, environmental ethics, media ethics, and medical ethics. Teaching ethics in a wide variety of areas has led Professor Wilson to the commitment to an interdisciplinary approach to and in all fields of ethics and the centralizing in all of his work to “anticipatory ethics”.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    21 North Broad Street
    Suite 2-H
    Luray, VA 
    22835 
  • 757.581.9550
  • JIW@ArmisteadTec.com