HOW ETHICAL CAN ETHICAL HACKERS BE - NIRANJAN GIDWANI - CERTIFIED BOARD DIRECTOR (MCA - INDIA) | BOARD MEMBER | ESG DIRECTOR | DIGITAL DIRECTOR | FELLOW - BOARD STEWARDSHIP | MEMBER UAE SUPERBRANDS COUNCIL.

 

In the digital age, information is king, and side-by-side, misuse of critical information and cybersecurity concerns are also dramatically on the rise. When we mention the term "hacker" it brings to us images of shadowy figures lurking in the depths of the internet and the dark web, all set to unleash havoc on unsuspecting global targets. In fact, most articles on hackers and hacking carry such pictures. Yet, how many of us are aware that in all of this, there exists a beacon of light: a global community or family of ethical hackers.

In the journey towards securing the digital world, we discover a unique convergence of morality and technology in the realm of ethical hacking. Ethical hacking is indeed a noble path. The same way as doctors, lawyers, judges, government officials, politicians and corporate boards are meant to be. The noble path of ethical hacking empowers some to defend, to protect, and to enlighten, bridging the gap between security and a deep-seated sense of doing what is right. Thankfully, as we look around, such a breed still exists. At least as of now.

Ethical hacking is no more about just finding vulnerabilities. Ethical hacking is a lifetime commitment to using skills for the greater good, to safeguard communities and to reinforce the world’s beliefs that trust in technology can and must be maintained.

So, what exactly is ethical hacking? For the layperson, ethical hacking can be defined as the practice of bypassing system securities to identify potential data breaches and threats in a network. Unlike malicious hacking, ethical hacking is conducted with explicit permission from the relevant entities, governments or organizations involved. The sole purpose is to periodically and frequently test and increase the security level of systems. The journey of ethical hackers is supposed to be guided by a very strong moral compass. It is this inner sense of right and wrong that steers ethical hackers towards actions that protect, rather than exploit and harm. It is a testament to the idea that knowledge and power, when guided by morality and a desire to do good, can transform potential threats into powerful safeguards. It is about making the choice, every single day, to be a guardian rather than a destroyer.

While ethical hackers contribute significantly to strengthening digital defenses, the practice can very often traverse extremely complex legal and ethical territories. In the case of other noble professions, professional oaths like the original Hippocratic Oath for medicine and doctors, and the Justinian Oath for law provide ethical guidance in fields that are vital to public order and welfare. The Hippocratic Oath, which dates back to ancient Greece, serves as an ethical code for physicians. It includes promises to respect patient privacy and to use their skills for the benefit of the patient. When global leaders also come to power, they take an oath by placing their hands on a religious book of their choice. One can draw very similar comparisons between this and the ethical considerations of cybersecurity.

So, should the global order create a version of an oath which every ethical hacker takes to be a part of the community? 

Surely an oath cannot solve every ethical challenge but formalizes aspirations and bonds a profession to enduring principles. It stimulates ongoing re-evaluation of practices against the oath to maintain relevance and fill gaps. This would allow the cybersecurity field to declare its alignment with human rights and social responsibility. Should ethical hackers associations get their members to re-confirm their oath in writing every year? And this be placed as part of their database profile? 

And yet there are challenges. Some emerging cybersecurity dilemmas involve tradeoffs which are not simple right-vs-wrong choices. Take for example, encryption protects privacy but also helps in shielding crime. AI can analyze threats efficiently but risks bias. Sharing data aids innovation but enables authorities to increase surveillance. 

Oaths set clearer expectations.  But it is governance, training and tools that enact them. Strong laws disincentivizing unethical breaches are vital. Public-private partnerships improve coordination. Universities should teach ethics alongside technical skills.

However, adding more bureaucracy or technology does not inherently address the root problem of human moral judgment. The intent and integrity behind oaths, policies and tools ultimately determine their effectiveness. 

On the flip side, we now have a well-organized service-oriented industry where organized crime groups pay for specialist hacking skills that they can acquire online and are using to do their everyday business. Almost every traditional criminal market is now being influenced by the disruptive capacity of the internet. As we grow even more critically dependent on networked systems, the consequences of the potential threat from cybercrime are growing exponentially.

Very few ethical cybersecurity professionals are prepared to devote themselves to public service, like law enforcement, when they can earn significantly higher in the private sector. The future of policing is increasingly going to be primarily online. 

One thing is for sure. As a race, we cannot regulate, automate and penalize our way to virtue. Holistic education and ethical leadership remain a big imperative. To conclude, twenty years from now, will the term Ethical Hacker mean what it is supposed to be? Or will it end up being an Oxymoron? Time will be the best judge.