The workshop “Towards a value-sensitive Cybersecurity Industry”, was organized by F-Secure in collaboration with other CANVAS partners. The workshop took place at the F-Secure’s premises in Helsinki on May 28–29, 2018. The key theme of the workshop were ethics-related challenges that cybersecurity companies and organizations cooperating with those face in their research and opera-tions. Topics discussed in the workshop included:
- Investigation of nation-state cyber operations.
- Vulnerability disclosure and creation of proof-of-concept code for public awareness, incentivizing vulnerability fixing efforts, security research, penetration testing, and other purposes.
- Control of customer devices. Backdoors and use of government sponsored malware as possible countermeasures to ubiquitous use of encryption.
- Ethics, artificial intelligence and cybersecurity.
- Assisting the law enforcement without violating customer privacy, a CERT viewpoint.
- Targeted attacks and ethical choices arising due to attacker and defender operations.
- Privacy and its assurance through data economy and encryption, balancing values with finan-cial interests of companies.
Opinions and observations of cybersecurity practitioners were complemented by representatives of such organizations as ENISA (The European Union Agency for Network and Information Security), ECSO (The European Cyber Security Organisation), CERT-FI (Finnish National Computer Emergency Response Team), Europol EC3 (the European Cybercrime Centre), and others.
Since a number of issues discussed in the workshop were quite sensitive, the workshop was held under the Chatham House rule (in particular, no recording policy).
As a part of the workshop arrangements, Dominik Hermann and Martin Müller (University of Bamberg) recorded a series of interviews with the invited speakers. The videos will be shown to students that participate in the CANVAS MOOC, forming a core of case studies.