Is there such an acceptable for taking responsibility for lawful offense, given the current cybersecurity landscape and potential issues which have been going on for years, silently in the background?
Do we need to have a set of ethics as to what is acceptable vs non acceptance?
What are your thoughts?
I can only point to the ISC2 Code of Ethics, in which Canon II says the following:
"Act honorably, honestly, justly, responsibly, and legally."
The order of the words here matters greatly and was carefully considered when drafting the CoE. To be ethical, an action by a professional does not need to be legal. If the professional has considered whether the act is honorable, honest, just, and/or responsible, it can be perfectly ethical while being completely illegal.
I do not think that we need more than Canon II to cover the debated scenarios. I also seriously doubt that this will become an issue outside of government business any time soon. I don't see the US government handing out the digital equivalent of letters of marque any time soon.
Unless you are a Government, there is no such thing as "Lawful Offense". Let's not even try to address "responsible". No organization/entity has the right to use offensive measures in cyberspace -- period. MyHealthOnline Portal
Very serious issue you have selected here, as you said it depend on
the choice is whether and how to engage in them responsibly and minimize cost to societies. Unless you are a Government, there is no such thing as "Lawful Offense". Let's not even try to address "responsible".
Hi @Judyblanks don't ever say never, there are policies from nations circulating these days, who are contemplating retaliation against other nations, should they be attacked etc.
It is becoming legitimate through nation policies.