Zero Days, One Obligation: Cyberspace Computer Software Vulnerability Disclosure Policy by the U.S. Government, Cyberethics and the Roles of Morality, Utilitarianism, Strategic and National Interests Zero Days, One Obligation: Cyberspace Computer Software Vulnerability Disclosure Policy by the U.S. Government, Cyberethics and the Roles of Morality, Utilitarianism, Strategic and National Interests

Zero Days, One Obligation: Cyberspace Computer Software Vulnerability Disclosure Policy by the U.S. Government, Cyberethics and the Roles of Morality, Utilitarianism, Strategic and National Interests

Progressive Management
    • £6.49
    • £6.49

Publisher Description

This informative report from March 2019 has been professionally converted for accurate flowing-text e-book format reproduction. This study set out to apply the moral principle of utilitarianism to the policy problem associated with zero-day vulnerabilities. These vulnerabilities can be understood as errors in coding that are potentially exploitable and unknown to either the creators or users of the software. If attack vectors related to zero-day vulnerabilities are completely dependent upon correctable coding errors, what should policy require when the U.S. government detects a zero-day vulnerability? Should it be disclosed publicly so it can be patched or restrict knowledge of it so it can be weaponized? This study applied revisionist John Stuart Mill's unique and nuanced description of utilitarianism to the Vulnerabilities and Equities Policy and Process (VEP) to evaluate what aspects of the policy fulfilled Mill's moral code and what areas could be improved. The improvement recommendation is made on strictly moral terms. This study acknowledges while moral policy has undeniable benefits, there are times where the moral can come at the expense of the strategic, and national interests can be compromised. Ultimately, much like the VEP, this study recommends balance.

This compilation includes a reproduction of the 2019 Worldwide Threat Assessment of the U.S. Intelligence Community.

There is a debate surrounding zero-day vulnerabilities and the exploits associated with them. A variety of attack vectors exist in cyberspace: spearfishing exploits human gullibility through email, brute force techniques like Distributed Denial of Service (DDoS) can overwhelm servers, and some less technical approaches simply take advantage of predictable or lackadaisical security practices. The attack vector, ominously referred to as a zero-day weapon, is something different. Zero-days weapons are not inherently violent, rather they represent the exploitation of an error in a program's coding. The error in coding is the vulnerability. Research scientists at RAND in their The Defender's Dilemma defined zero-days as, "those vulnerabilities for which no patch or fix has been publicly released" An attack utilizing a zero-day weapon exploits the coding vulnerability. If a patch does not exist, no protection is available, and the zero-day weapon effectively becomes a cyber-silver bullet.

If a nation has numerous zero-day weapons in its arsenal, it also essentially has a long list of exploitable vulnerabilities. After all, the nation would not choose to weaponize the vulnerability if it could not produce a worthwhile effect, an effect that although advantageous for the user, is detrimental and dangerous for the victim. The problem is that nothing stops other nations from detecting and weaponizing the same vulnerability, which means one's own nation may also be the potential victim. Instead of exploiting and weaponizing the vulnerability, the nation could opt to notify the software manufacturer and recommend they patch the vulnerability. The threat would then be eliminated, but so would any usefulness from the zero-day.

GENRE
Computing & Internet
RELEASED
2019
22 June
LANGUAGE
EN
English
LENGTH
156
Pages
PUBLISHER
Progressive Management
SIZE
285.3
KB

More Books Like This

Conflicts, Crimes and Regulations in Cyberspace Conflicts, Crimes and Regulations in Cyberspace
Conflicts, Crimes and Regulations in Cyberspace
2021
Security and Intelligence in a Changing World Security and Intelligence in a Changing World
Security and Intelligence in a Changing World
2021
Critical Information Infrastructure Protection and the Law Critical Information Infrastructure Protection and the Law
Critical Information Infrastructure Protection and the Law
2003
Cyberwar and Information Warfare Cyberwar and Information Warfare
Cyberwar and Information Warfare
2012
Blockchains in National Defense: Trustworthy Systems in a Trustless World - The Evolving Cyber Threat, Air Force Should Research and Develop Blockchain Technology to Reduce Probability of Compromise Blockchains in National Defense: Trustworthy Systems in a Trustless World - The Evolving Cyber Threat, Air Force Should Research and Develop Blockchain Technology to Reduce Probability of Compromise
Blockchains in National Defense: Trustworthy Systems in a Trustless World - The Evolving Cyber Threat, Air Force Should Research and Develop Blockchain Technology to Reduce Probability of Compromise
2019
Cyber Conflict Cyber Conflict
Cyber Conflict
2013

More Books by Progressive Management

Wings in Orbit: Scientific and Engineering Legacies of the Space Shuttle, 1971-2010 Wings in Orbit: Scientific and Engineering Legacies of the Space Shuttle, 1971-2010
Wings in Orbit: Scientific and Engineering Legacies of the Space Shuttle, 1971-2010
2011
2011 Complete Guide to IEDs: Improvised Explosive Devices: Enemy Tactics, Roadside Bombs, Counter-IED Targeting, Defeat the Device, Programs, Technologies, Afghanistan, Iraq, JIEDDO 2011 Complete Guide to IEDs: Improvised Explosive Devices: Enemy Tactics, Roadside Bombs, Counter-IED Targeting, Defeat the Device, Programs, Technologies, Afghanistan, Iraq, JIEDDO
2011 Complete Guide to IEDs: Improvised Explosive Devices: Enemy Tactics, Roadside Bombs, Counter-IED Targeting, Defeat the Device, Programs, Technologies, Afghanistan, Iraq, JIEDDO
2010
Nigeria: Federal Research Study and Country Profile with Comprehensive Information, History, and Analysis - Politics, Economy, Military Nigeria: Federal Research Study and Country Profile with Comprehensive Information, History, and Analysis - Politics, Economy, Military
Nigeria: Federal Research Study and Country Profile with Comprehensive Information, History, and Analysis - Politics, Economy, Military
2011
21st Century Guide to Solar Power and Photovoltaics: Green Domestic Power from the Sun - Practical Information about Home Electricity, Water Heating, Panel and Cells, Solar Energy Financing 21st Century Guide to Solar Power and Photovoltaics: Green Domestic Power from the Sun - Practical Information about Home Electricity, Water Heating, Panel and Cells, Solar Energy Financing
21st Century Guide to Solar Power and Photovoltaics: Green Domestic Power from the Sun - Practical Information about Home Electricity, Water Heating, Panel and Cells, Solar Energy Financing
2010
The Smell of Kerosene: A Test Pilot's Odyssey - NASA Research Pilot Stories, XB-70 Tragic Collision, M2-F1 Lifting Body, YF-12 Blackbird, Apollo LLRV Lunar Landing Research Vehicle (NASA SP-4108) The Smell of Kerosene: A Test Pilot's Odyssey - NASA Research Pilot Stories, XB-70 Tragic Collision, M2-F1 Lifting Body, YF-12 Blackbird, Apollo LLRV Lunar Landing Research Vehicle (NASA SP-4108)
The Smell of Kerosene: A Test Pilot's Odyssey - NASA Research Pilot Stories, XB-70 Tragic Collision, M2-F1 Lifting Body, YF-12 Blackbird, Apollo LLRV Lunar Landing Research Vehicle (NASA SP-4108)
2012
21st Century U.S. Military Manuals: Sniper Training - FM 23-10 - Marksmanship, Equipment, Ballistics, Weapon Capabilities, Sniping Techniques (Value-Added Professional Format Series) 21st Century U.S. Military Manuals: Sniper Training - FM 23-10 - Marksmanship, Equipment, Ballistics, Weapon Capabilities, Sniping Techniques (Value-Added Professional Format Series)
21st Century U.S. Military Manuals: Sniper Training - FM 23-10 - Marksmanship, Equipment, Ballistics, Weapon Capabilities, Sniping Techniques (Value-Added Professional Format Series)
2011