Apply the Ethical Code of Conduct for Cyber Space Is Needed Now More Than Ever

By Tuan Anh Nguyen, Director of The Michael Dukakis Institute for Leadership and Innovation, and Co-Founder, Editor-in-Chief, and Chief Executive Officer of The Boston Global Forum.

The recent hack of Equifax, one of the three major credit reporting bureaus, that resulted in the theft of some 160 million personal records, Federal investigation of Russia’s meddling in our Presidential election, and the ability of North Korea to censor the US motion picture industry after that nation hacked Sony’s computers, raise a key question: Is a framework for ethical behavior on the internet even possible and if it is, will anyone work within that ethical framework?

Jubin Pejman, managing director and founder of FCM360, a cybersecurity company that provides ‘round the clock protection, put It this way, “The first question one must ask is if records cannot be secured, such as with the credit reporting bureau situation, is it ethical for that company to collect the information in the first place. There will always be intruders, and knowing this, the responsibility rests with Equifax and others who possess personal data to protect the consumer. When problems occur they must right the wrong.”

The challenge for the typical cyberspace user, which is all of us, is daunting adds Pejman, “Hacks do not have to be so big that they make international news. Foreign governments often piece together bits and pieces of information from several executives from the same company or government agency to create a composite picture that will provide competitors with intellectual property, state secrets, customer lists, passwords and more. Who the bad actors are is no surprise with Russia, China and Iran heading the list,” says Pejman an Iranian native who left the country when the Shah was deposed in 1979.

The often quoted, Prof. Sung-Yoon Lee, the Kim Koo-Korea Foundation Professor of Korean Studies, at Tufts Fletcher School of Diplomacy spoke to Boston Global Forum members at a recent World Reconciliation Day symposium about the cyber threat North Korea poses. In addition to nuclear fears, North Korea proved its ability to threaten our way of life by successfully using the Internet to intimidate Hollywood from screening “The Interview,” a spoof on leader Kim Jun Un. Lee told the delegates at Boston Global Forum-organized proceedings, that one of the world’s most restrictive governments, one that monitors and controls all communication, has effectively censored communication in another sovereign nation that prides itself on free speech through cyber intimidation.

While the road to safer cyberspace may seem filled with potholes, Boston Global Forum is beginning to look at the problem from an ethical vantage point by advancing solutions to educate people on cyber ethics for global citizens. Much of the focus is on social media—where a recent poll showed that half the respondents got all of their political news and information from Facebook—a medium that came under scrutiny for publishing ads from sources that have been traced back to Russia. In addition to hacking, younger social media users are creating a kind of information tumult by writing anything they please regardless of taste, accuracy, and whether criticism of people, both public and private, is with sufficient evidence—including cyber bullying.

Disinformation and fake news from sources who are not who they say they are pollutes our cyber environment and threatens global stability and democracy in the digital age. Harvard University Professor Thomas Patterson observed that even though the idea of “fake news,” was popularized by President Donald Trump, it has been around for some time. During the 2016 presidential election, fake news circulated on Facebook, exceeded real news coverage of the election.

According to Patterson fake news has become such a phenomenon because it is rooted in our deeply divided partisan political culture in this country in which people look for information to support their own biases and beliefs, rather than being open to opposing opinions. The unconscious engagement in selective perception allows members of both political parties to solidify their own worldview and maintain sometimes-blind partisan loyalty by voters who do not bother to check the facts.

Fake news is flourishing due to diminishing source credibility, Patterson points out. Fewer people subscribe to legitimate newspapers, while more people are getting information from online posts on social media that are both true and false. This increased reliance on the Internet contributes to public distrust of traditional media outlets. “When the voters do not trust the media, they are more willing to trust alternative sources.”

Repetition enhances the impact of fake news as well. The more individuals are exposed to a story, true or false, the more likely they will believe it to be true. When fake news goes viral—often achieved by “like farms,” where people are paid to “like” fake news stories on Facebook to get them trending—those exposed to the same link repeatedly are more inclined to believe it.

Fake news is spread by professional social influencers backed by their own political motives working every day to intentionally mislead the public and therefore influence voting and opinion polling outcomes. Patterson underscored the importance of nipping fake news at the source. Most fake news is generated by small, illegitimate websites, that are driven by online robots or “bots” that permeate the Web with the falsehoods. Patterson suggested that, as a society, we must strengthen the voices of reliable, sophisticated, news media, while encouraging bipartisan voices because fake news flourishes best in a polarized political environment.

In addition to out-and-out theft of data, DDOS attacks are on the rise. DDoS or Distributed Denial of Service attacks are crude assaults. Simply put, the hacker initiates a DDoS attack by overwhelming the target’s servers—sending so much data so quickly that customers can no longer gain access to services. According to Pejman, of FCM360 (www.fcm360.com), “Hackers do not have to destroy the victim’s servers and Internet operations. All they have to do is deny service for periods of time. Companies victimized by these attacks can range from major banks to retailers to information providers such as International Movie Database (IMDB). Imagine, for example, the cost to HSBC when it was unable to serve its customers due to massive DDoS attacks that resulted in multiple outages. The attacks were not long lived, but the cost in lost revenue could have easily reached millions of dollars per attack—this is to say nothing of the reputational loss and depreciation of brand equity.”

Mikko Hypponen, Chief Research Officer at Finnish computer security company F-Secure sees five types of computer hackers who commit Internet crimes. They are:

White hat hackers who help corporations and government agencies identify and eliminate vulnerabilities,

Hactivists who break into computer systems as a form of protest,

Organized crime, which is motivated by greed and responsible for some 400,000 daily attacks,

Governments that engage in espionage, considered acceptable Internet behavior while hacking foreign corporations to steal intellectual property is frowned upon, and

Extremists, such as ISIS, the use the internet to cause harm as well as to recruit sympathizers.

Ethical Solutions

Not only are the threats in cyberspace mounting, but reliance on a safe and secure cyberspace is increasing markedly. To cite just one example, cryptocurrency, such as Bitcoin, relies on blockchain as a public ledger to eliminate double spending of the same currency thus protecting its value. Though the distributed nature of blockchain processing is ironclad it does illustrate a big expansion in the need for a safe cyber environment.

To be sure, the bad actors such as Russia, North Korea and hackers motivated by greed or ideology get all the attention. Federal and international laws standards and law enforcement provide limited comfort and security—but law enforcement can bring bad actors to justice only AFTER a crime is committed. Something must be done at the root, and I believe cyber ethics needs to be part of every citizen’s ethical development. Educators need to focus how ethical behavior on the internet will assure a peaceful, secure and safe environment for all citizens of the world. The vast majority of thinking folks who depend on cyberspace for their work, finances, entertainment and socializing would, agree that something must be done to encourage ethical behavior down to the individual level. An approach, now being developed and advanced by The Boston Global Forum, a think tank focused on peaceful solutions to global tensions, is a worldwide program aimed at establishing and encouraging acceptable cyber conduct. Such an effort, I believe, holds the key to our future safety and security in cyberspace.

Toward that aim, Boston Global forum introduced an Ethical Code of Conduct for Cyber Peace and Security or ECCC, which has been updated and revised several times to the current version. ECCC provides a framework of acceptable behaviors for individuals, policymakers, technical experts and governments. Boston Global Forum is urging educators starting in public schools and continuing at the university level to embrace the ECCC framework. Additionally, these ethical standards need to be part of the training for mainstream journalists and corporate executives need to make ethical behavior part of their Corporate Social Responsibility or CSR programs. Likewise, governments need to adopt the code both domestically and internationally. One cannot argue that one type of government hacking is ethically sound while another is not.

We are already seeing public campaigns against cyberbullying gain public acceptance. I envision a time when users of Facebook, Twitter, LinkedIn and other social media outlets will make adherence to ethical standards part of their image and their brand. Perhaps individuals and other social media users will adopt the tenets of the ECCC and display the letters “ECCC” as assurance to the public and a benefit to stakeholders that this is a site you can visit safely and an entity that can be trusted.

Specific Steps

To advance the ECCC and its goal of creating a safe and secure cyber environment for all citizens of the world, The Boston Global Forum has brought together several leading thinkers on the subject. Among them are Governor Michael Dukakis, cofounder of The Boston Global Forum, Allan Cytryn, Risk Masters International, Prof. Nazli Choucri, MIT, Thomas Patterson, Harvard University, Prof. Derek Reveron, Naval War College and Prof. John E. Savage, Brown University and myself.

Their specific recommendations for maintaining the security, stability and integrity of cyberspace addresses several levels starting with the user level.

The group of thinkers urges Net Citizens to:

  • engage in responsible behavior on the Internet, that includes the same thoughtfulness, consideration and respect for others that one would expect from others, both online and offline.
  • not visit suspicious websites.
  • not share news or content from sources that are not trustworthy.
  • learn and apply security best practices, by updating software when notified, run virus protection, and use strong, frequently changed passwords.
  • not transmit personally identifiable information to unknown sites.
  • maintain a healthy suspicion of email from unknown sources.
  • on web communication use HTTPS instead of HTTP when possible.

Policy Makers Should

  • endorse and implement recommendations made by the 2015 UN Group of (G20), summarized below are the important norms concerning information and communication technologies (ICTs).
  • states should help limit harmful uses of ICTs, especially those that threaten international peace and security.
  • a state should not conduct or permit ICT use that damages the critical infrastructure of another state or impairs its operations.
  • no state should conduct or support ICT-enabled theft of intellectual property, trade secrets or other confidential business information for commercial gain.
  • not create nor tolerate the dissemination of fake news and the governmental level.

IT Engineers Should

  • apply best practices in the design, implementation and testing of hardware and software products so as to avoid ICT vulnerabilities, and protect user privacy and data.
  • use NIST “Framework for Improving Critical Infrastructure Cybersecurity” as a guide for improving the security of critical applications.
  • not create nor use technology to create or disseminate fake news.

Corporations and Corporate Leaders Should

  • create employment criteria to ensure that employees are qualified to design and implement products and services that meet high security standards.
  • ensure that IT engineers are kept abreast of the latest ICT security threats and best cybersecurity practices
  • implement effective Cyber Resilience internally.
  • engage in information sharing of ICT hazards with companies in similar business sectors, subject to reasonable safeguards.

Educators, Influencers and Not-for-Profit Institutions Should

  • teach the responsibilities of net citizens described in this article, including fostering good behavior and avoidance of malicious activity.
  • help global citizens acquire the critical thinking needed to identify and avoid fake news and discourage its dissemination.
  • ensure that IT engineers are taught the skills necessary to produce safe, reliable and secure ICT products and services.
  • educate and lead global citizens to support and implement the ECCC.
  • create honors and awards to recognize outstanding individuals who contribute greatly to a secure and safe cyberspace environment.

Global Cybersecurity Day

Indeed, fostering worldwide ethical standards and implementing a broad spectrum of ethical education and best practices is a big challenge. On December 12, 2017, which marks the third, Global Cyber Security Day, industry leaders and thinkers will gather at Harvard University to examine the current state of affairs in cyberspace and offer recommendations to further refine ECCC ethical standards and implementation. A safe and secure cyber environment can be achieved through determination and diligence and, it is my hope that the standards set for by The Boston Global Forum’s ECCC will be adopted as mainstream behavior for all citizens of the world.