Honolulu, Hawaii
June 24, 2007
June 24, 2007
June 27, 2007
2153-5965
Engineering Ethics
13
12.1462.1 - 12.1462.13
10.18260/1-2--2666
https://peer.asee.org/2666
491
The Role of Information Warfare in Information Assurance Education: A Legal and Ethical Perspective
Abstract
Typically, information assurance (IA) professionals utilize information warfare (IW) techniques learned in professional development courses when performing vulnerability and security assessments. With cyber crime on the rise, both government and industry have come to rely on academia to properly train future IA professionals, reducing the need for professional developmental courses. This presents a topic for debate since there is some disagreement if it is legally or ethically appropriate to teach IW techniques in an academic setting due to the many risks involved.
In order to address the questions raised by teaching these skills, we examine the legal and ethical responsibilities of IA professionals and how this affects educational programs. We identify several key knowledge areas and skill sets that IA professionals require and examine the benefits and risks that are associated with teaching these skills. The legal aspects of the issue are addressed by examining important computer security laws, such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley (SOX) Act and the Federal Criminal Code, and how they affect education at the institution, instructor and student level. Evaluation of the ethical issues is done by using the ACM Code of Ethics as well as two ethical theories: utilitarianism, based on maximizing the good consequences for society; and deontology, where ethical actions are based on an individual's duties and the rights of others.
We conclude by offering our recommendations for creating an IA program by addressing the need for cyber defense exercises and test-bed environments. In addition, we provide some topics for consideration on how to safely teach these skills and reduce the possibility of an incident.
Introduction
Computer engineering programs aim to provide students with the skills they need to design, build, and deploy computer systems. With our increasing reliance on computers and networks for personal and business applications comes the need to protect such systems from malicious attacks. For this reason, many universities have added courses, degrees, and certifications focusing on computer and network security. These programs, often referred to as information assurance (IA) programs, teach the skills required to secure software, systems, and networks. Unfortunately, in the wrong hands the tools and information presented could be used for malicious purposes.
Some experts argue that students should not be taught the specifics on how computer systems are attacked and compromised; however, these information warfare (IW) techniques are easily found on the Internet through a simple search. Since a strong understanding of attack principles is necessary to successfully protect systems and networks, this knowledge proves to be a necessary tool for IA professionals. Still, the decision to include IW skills in a computer engineering or IA
Hoernecke, A., & Gillispie, T., & Anderson, B., & Daniels, T. (2007, June), The Role Of Information Warfare In Information Assurance Education: A Legal And Ethical Perspective Paper presented at 2007 Annual Conference & Exposition, Honolulu, Hawaii. 10.18260/1-2--2666
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2007 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015