A principlist framework for cybersecurity ethics

Paul Formosa*, Michael Wilson, Deborah Richards

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

29 Citations (Scopus)


The ethical issues raised by cybersecurity practices and technologies are of critical importance. However, there is disagreement about what is the best ethical framework for understanding those issues. In this paper we seek to address this shortcoming through the introduction of a principlist ethical framework for cybersecurity that builds on existing work in adjacent fields of applied ethics, bioethics, and AI ethics. By redeploying the AI4People framework, we develop a domain-relevant specification of five ethical principles in cybersecurity: beneficence, non-maleficence, autonomy, justice, and explicability. We then illustrate the advantages of this principlist framework by examining the ethical issues raised by four common cybersecurity contexts: penetration testing, distributed denial of service attacks (DDoS), ransomware, and system administration. These case analyses demonstrate the utility of this principlist framework as a basis for understanding cybersecurity ethics and for cultivating the ethical expertise and ethical sensitivity of cybersecurity professionals and other stakeholders.

Original languageEnglish
Article number102382
Pages (from-to)1-15
Number of pages15
JournalComputers and Security
Publication statusPublished - Oct 2021


  • Cybersecurity ethics
  • Principlism
  • AI ethics
  • Penetration testing
  • Privacy
  • DDoS attacks
  • Ransomware


Dive into the research topics of 'A principlist framework for cybersecurity ethics'. Together they form a unique fingerprint.

Cite this