Since this week’s readings discussed ethical, legal, illegal, and morally defensible actions in cyberspace, I thought I would discuss the theory of the common good approach and how it applies to cybersecurity; this topic is interesting as many world leaders and the general public do not quite understand the digital realm, so applying thought processes from other fields that they might already understand may assist in their learning process. Santa Clara University’s Markkula Center for Applied Ethic’s article, “The Common Good,” describes the common good approach as an attractive method in that it uses the attention of an individual’s gain for motivation; however, those advantages are then shared community-wide (if everyone contributes). As a species, we are prone to only looking out for ourselves or loved ones by nature. The common good approach can be more enticing than the other approaches due to the inclusion of the “doing this will benefit you, thus, benefiting everyone” thought process (Velasquez, Meyer, J, Shanks, & Andre, 2018).
For example, let us look at the current global warming disaster. It has been quite challenging to convince a large portion of the population, especially the older generations, of their personal responsibility for the overall human-impact we have on Earth. Even more so, it is difficult to believe that one person can even do anything significant for the cause. With the common good approach, incentives can be created, such as tax right-offs, with solar panels’ installation. So, for one individual to do something ‘good’ by installing solar panels, it then affects the community around him by providing a more environmentally friendly solution for our planet’s health. You could also go further by mentioning that his/her actions could inspire their neighbors to go the solar route as well, thus leading to a truly common good approach.
In cybersecurity, say you introduce a new policy where each I.T. group (security, helpdesk, web dev, sysadmin, etc.), regardless of role, is jointly responsible for ensuring that each member of their group chronicles all their activities and jobs by time started/completed, date started/completed, nature of the work, and the length of time it took. So, at the start of the program, you are directly motivated to personally contribute to the common good (of your group) by contributing to your own self-interest (of looking obedient/getting the job done). However, as time goes on, you find some members of your group relying on others to perform the data entry for them; then, those who are having to do extra work will begin to switch their interest from the common good to their own benefits (or in this case, risks). Most likely, those who are doing their work, plus the work of the freeloaders, will inform a higher-up of this issue, knowing it will create tension on the entire group, just so that that one individual (who is doing all the work) can ensure they do not get held responsible for the freeloader’s actions. This example probably would not have any legal implications involved unless they were using these collections of work data/times for calculating wage (which then makes the common-good approach, with the inclusion of freeloaders, highly dangerous).
I find cybersecurity can be explained using the common good approach’s way of thinking, specifically regarding many organization’s management’s understanding of how their cybersecurity staff protects against threats. As we all know, the weakest link of the chain of cybersecurity is the human element, thus relying on each other to collectively solve the problem that is the always-evolving cyber landscape is not necessarily feasible; this, however, should be a goal, and upper management should not only allow their subordinates to try to achieve it, but provide them the motivation and resources to do so.
Velasquez, M., Meyer, M. J., J, S., Shanks, T., Andre, C. (2018, August). The Common Good. Retrieved February 24, 2021, from https://www.scu.edu/ethics/ethics-resources/ethical-decision-making/the-common-good/.