Vice or virtue? Exploring the dichotomy of an offensive security engineer and government “hack back” policies

Kim L. Withers, James L. Parrish, James N. Smith, Timothy J. Ellis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In response to increasing cybersecurity threats, government and private agencies have increasingly hired offensive security experts: "red-hat” hackers. They differ from the better-known “white-hat” hackers in applying the methods of cybercriminals against cybercriminals and counter or preemptively attacking, rather than focusing on defending against attacks. Often considered the vigilantes of the hacker ecosystem, they work under the same rules as would be hackers, attackers, hacktivists, organized cybercriminals, and state-sponsored attackers-which can easily lead them into the unethical practices often associated with such groups. Utilizing the virtue (ethics) theory and cyber attribution, we argue that there exists a dichotomy among offensive security engineers, one that appreciates organizational security practices, but at the same time violates ethics in how to retaliate against a malicious attacker.

Original languageEnglish (US)
Title of host publicationProceedings of the 53rd Annual Hawaii International Conference on System Sciences, HICSS 2020
EditorsTung X. Bui
PublisherIEEE Computer Society
Pages1813-1822
Number of pages10
ISBN (Electronic)9780998133133
StatePublished - 2020
Event53rd Annual Hawaii International Conference on System Sciences, HICSS 2020 - Maui, United States
Duration: Jan 7 2020Jan 10 2020

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
Volume2020-January
ISSN (Print)1530-1605

Conference

Conference53rd Annual Hawaii International Conference on System Sciences, HICSS 2020
Country/TerritoryUnited States
CityMaui
Period1/7/201/10/20

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Vice or virtue? Exploring the dichotomy of an offensive security engineer and government “hack back” policies'. Together they form a unique fingerprint.

Cite this