Reassessing the Role of Ethics in Cybersecurity: The Imperative for Strategic Adaptation
The global cybersecurity landscape is a high-stakes battleground, where the proliferation of digital threats by state and non-state actors presents unprecedented risks to national security, critical infrastructure, and global stability. With the rapid integration of emerging technologies like artificial intelligence (AI), machine learning (ML), and quantum computing, the stakes have never been higher. Yet, while the Global West adheres to strict ethical, legal, and moral frameworks in the deployment of these technologies, adversaries—many of whom are not bound by similar rules—exploit these very standards to gain asymmetric advantages.
This imbalance leaves Western nations and their allies vulnerable to increasingly sophisticated and unrestrained cyberattacks. To effectively defend against such threats, we must rethink our current approach and adapt, while still upholding the core values that define our societies.
In this paper, I argue that if we continue to bind ourselves to self-imposed ethical and legal guardrails while adversaries operate with zero restrictions, we will remain perpetually on the defensive. In such a scenario, the likelihood of winning—or even effectively deterring future threats—diminishes significantly. It is imperative that we reassess how we can adapt our strategies to counter these threats, without allowing our ethical standards to become a strategic weakness.
The Ethical Dilemma in Cybersecurity
The West’s Ethical Standards
The emphasis on ethics and moral standards in the cybersecurity industry is rooted in a desire to protect individual privacy, maintain democratic principles, and uphold international law. These standards guide the development and deployment of emerging technologies, ensuring they are not abused or weaponized in ways that could harm innocent individuals or destabilize societies. Ethical AI, for example, focuses on ensuring fairness, transparency, accountability, and non-maleficence in its applications. However, these standards are largely self-imposed, particularly by actors in the Global West—governments, corporations, and institutions that subscribe to liberal democratic values.
The Reality of Asymmetric Threats
On the other hand, threat actors, including nation-states such as China, Russia, North Korea, and Iran, as well as non-state actors like cybercriminal organizations, operate with few, if any, restrictions. These entities engage in cyber espionage, intellectual property theft, ransomware attacks, and disinformation campaigns with little regard for international law or ethical considerations. For instance, the widespread use of AI-driven cyberattacks, state-sponsored hacking groups, and sophisticated disinformation campaigns demonstrate the lengths to which these actors are willing to go to achieve their objectives, regardless of ethical implications.
The ethical asymmetry between these actors and the Global West creates a profound strategic disadvantage. While Western organizations and governments adhere to rules and limitations that prevent them from employing more aggressive and potentially more effective offensive tactics, adversaries are free to exploit these constraints. This imbalance ensures that we remain in a reactive posture, perpetually defending against threats rather than proactively neutralizing them.
The Need for Strategic Adaptation
The Defensive Trap
Current cybersecurity strategies in the West are predominantly defensive, focused on mitigating damage after attacks have occurred rather than preventing them through offensive measures. This approach, while necessary, is insufficient. As threat actors become more sophisticated, the speed and scale of their attacks increase, leaving defensive measures struggling to keep up. The current paradigm places Western nations and their allies in a defensive trap—responding to incidents as they arise rather than preventing them at their source.
This defensive stance is a direct result of the ethical and legal guardrails that we have imposed on ourselves. In the interest of protecting privacy and upholding international norms, we limit our ability to engage in more aggressive tactics, such as preemptive strikes or widespread surveillance of foreign entities. However, by doing so, we allow adversaries to operate with impunity, using our own ethical frameworks as a shield while they continue to undermine our security.
The Case for Offensive Cyber Operations
To level the playing field, Western nations must reconsider their reluctance to engage in offensive cyber operations. While ethical concerns are valid, we cannot allow them to become a strategic liability. Offensive cyber capabilities—such as preemptive strikes, active cyber espionage, and counter-hacking—must be integrated into our broader cybersecurity strategy. These tactics have the potential to disrupt threat actors before they can launch attacks, degrade their capabilities, and impose costs that may deter future aggression.
There are precedents for such actions. In 2010, the Stuxnet worm, reportedly developed by the United States and Israel, successfully disrupted Iran’s nuclear program. This was a rare instance of offensive cyber warfare being used to achieve a strategic objective without resorting to kinetic military action. However, these types of operations remain the exception rather than the rule in the Global West.
The ethical debate around offensive operations must shift from a question of whether they are permissible to how they can be conducted in a manner that minimizes collateral damage and upholds fundamental values. Rules of engagement for cyber operations, similar to those that govern conventional warfare, can be developed to ensure that offensive tactics are used responsibly, while still allowing for a more proactive stance in defending against cyber threats.
The Role of Emerging Technologies
Emerging technologies such as AI and quantum computing present both opportunities and challenges in this domain. On one hand, AI-driven defensive systems have the potential to detect and neutralize threats in real-time, vastly improving our defensive capabilities. On the other hand, AI can also be weaponized, as adversaries have demonstrated through the development of autonomous cyber weapons and disinformation bots. It is crucial that we do not allow ethical concerns about AI to prevent us from exploring its full potential in both offensive and defensive contexts.
For instance, AI could be used to identify and target adversarial infrastructure, disarm cyber weapons before they are deployed, or disrupt disinformation networks at their source. Similarly, quantum computing could be leveraged to break the encryption used by malicious actors, thereby gaining access to their operations and neutralizing them preemptively. While these technologies raise valid ethical concerns, we must not shy away from their use out of fear of moral compromise. Instead, we should focus on developing robust governance frameworks that guide their responsible use in pursuit of national and global security.
Upholding Values While Adapting Strategy
While it is clear that we must adapt our cybersecurity strategies to include more proactive and offensive measures, this does not mean abandoning our ethical principles. Rather, it requires a recalibration of our approach to ensure that we can effectively defend ourselves without compromising the values that define our societies.
Ethical Adaptation, Not Abandonment
Ethical adaptation is key. We must acknowledge that the current ethical frameworks are not always suited to the realities of the cyber domain, where the speed of innovation and the asymmetry of threat actors create unique challenges. Instead of rigidly adhering to outdated norms, we should strive to develop new ethical frameworks that allow for more flexibility in dealing with cyber threats while maintaining accountability and transparency.
For instance, offensive cyber operations could be governed by international agreements that establish clear rules of engagement, ensuring that these tactics are used responsibly and proportionately. Similarly, the use of AI in cyber warfare could be subject to oversight by international bodies that ensure compliance with human rights standards while allowing for its deployment in situations that clearly benefit global security.
Collaboration with Allies
Moreover, international collaboration is essential in creating a unified front against cyber adversaries. By working together with allies, we can develop shared norms and strategies that allow for more aggressive tactics when necessary while ensuring that these actions are aligned with broader ethical and legal standards. This collaborative approach would help mitigate the risks associated with offensive cyber operations and ensure that they are used as part of a coordinated effort to enhance global security.
So…
In a world where adversaries operate without ethical or legal constraints, it is no longer sufficient for the Global West to remain bound by self-imposed restrictions that limit our ability to defend ourselves. While ethics and moral standards are important, they must not be allowed to become strategic liabilities in the face of increasingly sophisticated and unrestrained cyber threats. We must adapt our cybersecurity strategies to include more proactive and offensive measures, leveraging emerging technologies like AI and quantum computing to neutralize threats before they can cause harm.
This does not mean abandoning our ethical principles, but rather recalibrating them to suit the realities of the modern cyber domain. By developing new frameworks that allow for responsible offensive operations and collaborating with international allies, we can protect our security without compromising the values that make us stronger in the long run. Only by taking such bold steps can we hope to regain the initiative in the ongoing cyber conflict and secure a safer future for all.