The most important thing is not life, but the good life.Socrates · 399 B.C.
Applied ethics narrows it to something practical — how should I act, here, in this situation? It lives in personal reflection, in community values, and in the professional codes that bind doctors, lawyers and engineers.
We bake our values into everything we build — and into how we distribute and use it. Technology doesn’t just serve what we want; it shapes what we come to want.
Technology reshapes society faster than laws and regulators can respond.
Lawmakers rarely understand the systems — so technologists must anticipate the harms.
The same tool creates winners and losers. That makes it a question of justice, not just engineering.
Cybersecurity protects the integrity and reliability of the human systems we all depend on. Behind every network sits a real life.
The work happens behind the scenes. That invisibility is exactly why its ethical weight is so easy to miss.
Identity theft, surveillance, blackmail, extortion. Even people who live “off the grid” are exposed through their doctors, lawyers and employers. Sensitive data rarely stays where it was created.
Theft of funds, trade secrets and intellectual property. Even “defensive” moves like hacking back can spill collateral damage onto innocent third parties — Stuxnet infected hundreds of thousands of unrelated machines.
Security has real cost — money, speed, usability. A system that is maximally secure but unusable can’t be justified, just as you wouldn’t secure a bank by padlocking every door. Striking that balance is itself an ethical act.
There’s a default duty to disclose known risks so people can protect themselves — held in tension against the danger of tipping off attackers before a patch exists. No single rule fits every case.
Competing loyalties — to employer, client, nation, the public, and yourself — frequently collide. Untangling them takes deliberate ethical reflection, not reflex.
The market for zero-day exploits pays for both finding and exposing dangerous tools — the perfect portrait of cybersecurity’s tangled incentives.
To profess is to stand publicly for a value and accept accountability for it. Society grants professionals respect and power in exchange for protecting a vital public good. A stakeholder is anyone your work can affect — and your trivial interest never outweighs another person’s vital one.
With great power comes great responsibility.Public trust is real power — and real obligation
A patch had been available for two months before the breach. Equifax knew for months before disclosing. Its consumer-help site was itself insecure — and tried to waive the right to sue. One admin panel was guarded by “admin / admin.” Executives sold ~$2B in stock before the public announcement.
Discuss — Which of the ten challenges does this touch? How could an ethical culture, not just better tooling, have changed the outcome?
Focuses on character — what a good person is like. Cultivate practical wisdom; learn from exemplars.
Judges by outcomes — the greatest good, the least harm, for everyone affected.
Grounded in duties and rights. Kant: never treat a person as a mere means to an end.
Each has limits — strongest when used together to test a decision from every angle.
Anthony & Sarah fight malware by releasing their own patch-worms “into the wild,” auto-disabling infected machines without warning, and hacking back at attackers — risking innocent third parties. They hide their methods from employer, users and the public.
Discuss — Test them against all three frameworks. Which best practices do they ignore? Is the employer’s “the less I know, the better” stance ethical?
Cybersecurity protects human flourishing, not just machines.
Legal ≠ ethical — the hard calls live where rules run out.
Think in stakeholders; rank by what each stands to lose.
Use virtue, consequences & duty together.
Make reflection standard, pervasive and rewarding.
Pick a breach from this week’s news. Who were the stakeholders? Which challenges and best practices were in play — and what would you have done?