STEI-DMG: Opportunities and Risks of Teaching Students Hacking Skills
Sociotechnical (social science) perspective vs. Stakeholder perspective | Society
| Business/industry | ||
Impact analysis | Intended ends
| Possible side effects
| Intended ends | Possible side effects
|
>Social
| Address a cybersecurity skill/knowledge gap (a national vulnerability): · to reduce the risk of rising student hacking crime; · to address a cybersecurity skill gap that threatens stable business and government; and · to protect students by teaching social hacking skills (mitigation/ethical and legal consequences).
| Rising student hacking crime. | · to address a cybersecurity skill gap: cybersecurity professionals are needed for IT security; · to teach ethical hacking (penetration testing as information security testing) taught within an IT governance framework; and · to teach AI based intelligence/surveillance technologies especially network security and network awareness applications (to improve security and business performance, especially in BI applications).
· CS/CE programs should teach students hacking skills with mitigation: 1) teach the ethical-legal consequences and 2) teach as assurance/IA/QA holistic audit approach to security management. | AI based intelligence technologies can be used in spying on businesses. |
>Technical
|
|
|
|
|
>Ethics
Duty
| The duty approach: Which action respects social moral obligations or rules?
Doing the right thing means teaching students the necessary ST hacking skills to empower them to protect themselves and to protect society--to support national security (to offer citizens “social contract” security/privacy them expect).
| There may be a tendency to underestimate the need to weigh the benefits against the potential risks of using the various hacking and surveillance technologies--some are more dangerous than others--there is a need for a risk-based regulation.
| Support teaching students hacking skills because a vibrant economy needs it (to maintain the standard/quality of living. | Misuse of surveillance technologies in spying or in committing insider’s data breaches. |
Rights
| Teach students hacking skills because this respects their right to education that will help them succeed in life. | Students may commit crime or unethical acts.
The risks have to be weighed against the potential benefits.
| Businesses would like to find ethical hacking talent to remain in business. | Students to learn skills that meet the needs of business, corresponding to ST changes. |
Virtue
| In virtue ethics, society “has an obligation to develop educational and learning opportunities for citizens to develop their full potential” (May, 2012, p. 27). Students ought to be given the opportunities to achieve self-actualization--they ought to be taught hacking skills to enable them to realize their full potential.
| Because it emphasizes the importance of role models and education to ethical behavior, it can sometimes merely reinforce current cultural norms as the standard of ethical behavior.
Emphasizing virtues can make it more difficult to resolve disputes, as there can often be more disagreement about virtuous traits than ethical actions. | Business should find channels to help students self-actualize in collaboration with academia, e.g., through cybersecurity talent competition, internships, and scholarships. |
|
Utilitarianism
| Utilitarians would argue that teaching students hacking skills is ethical because it reduces crime risk and thus produces the greatest amount of good with the least harm. | Some harm might be done and hence a need to consider how everyone’s rights have been respected.
| Teach students the skills the industry needs, as it produces the greatest good and least harm. | The risk to be weighed against the benefit. |
Connect with author: LinkedIn.com/in/DTI-Techs