TY - GEN
T1 - Vice or virtue? Exploring the dichotomy of an offensive security engineer and government “hack back” policies
AU - Withers, Kim L.
AU - Parrish, James L.
AU - Smith, James N.
AU - Ellis, Timothy J.
N1 - Publisher Copyright:
© 2020 IEEE Computer Society. All rights reserved.
PY - 2020
Y1 - 2020
N2 - In response to increasing cybersecurity threats, government and private agencies have increasingly hired offensive security experts: "red-hat” hackers. They differ from the better-known “white-hat” hackers in applying the methods of cybercriminals against cybercriminals and counter or preemptively attacking, rather than focusing on defending against attacks. Often considered the vigilantes of the hacker ecosystem, they work under the same rules as would be hackers, attackers, hacktivists, organized cybercriminals, and state-sponsored attackers-which can easily lead them into the unethical practices often associated with such groups. Utilizing the virtue (ethics) theory and cyber attribution, we argue that there exists a dichotomy among offensive security engineers, one that appreciates organizational security practices, but at the same time violates ethics in how to retaliate against a malicious attacker.
AB - In response to increasing cybersecurity threats, government and private agencies have increasingly hired offensive security experts: "red-hat” hackers. They differ from the better-known “white-hat” hackers in applying the methods of cybercriminals against cybercriminals and counter or preemptively attacking, rather than focusing on defending against attacks. Often considered the vigilantes of the hacker ecosystem, they work under the same rules as would be hackers, attackers, hacktivists, organized cybercriminals, and state-sponsored attackers-which can easily lead them into the unethical practices often associated with such groups. Utilizing the virtue (ethics) theory and cyber attribution, we argue that there exists a dichotomy among offensive security engineers, one that appreciates organizational security practices, but at the same time violates ethics in how to retaliate against a malicious attacker.
UR - http://www.scopus.com/inward/record.url?scp=85108144965&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108144965&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85108144965
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 1813
EP - 1822
BT - Proceedings of the 53rd Annual Hawaii International Conference on System Sciences, HICSS 2020
A2 - Bui, Tung X.
PB - IEEE Computer Society
T2 - 53rd Annual Hawaii International Conference on System Sciences, HICSS 2020
Y2 - 7 January 2020 through 10 January 2020
ER -