Research Proposal

#Cybersecurity

Research proposal v1

The Ethical Boundaries of Cyber Deception in Security Practice

My research proposal is to investigate the question: To what extent can intentional deception in cybersecurity defense, such as the use of honeypots and fake credentials, be ethically justified within professional codes that value the virtues of honesty and integrity?

The issue contains normative elements since it encompasses moral obligations and values, namely if deceiving attackers is permissible for the defense team without violating the value of honesty, which is core to the code of practices in information technology fields such as cybersecurity.

It is an area of interest because it is increasingly becoming mainstream practice in the defense industry, yet I have found little research done in its relation to professional ethics standards. I look forward to gaining an understanding on the perspective of principles like utilitarianism on unethical practices for the sake of defense, also looking forward to understanding industry standards and practices on honeypot technology implementations in the cybersecurity field with relation to ethics.

Keywords: Cyber Deception, Cybersecurity Ethics, Defense, Honeypots, Honesty

Research proposal v2

The Ethics of Cyber Deception in State Cyber Operations

My research proposal is to investigate the question: To what extent can intentional deception in state-level cybersecurity operations, such as, honeypot networks, or fabricated digital evidence, be ethically justified within international norms and moral principles that value honesty, sovereignty, and integrity?

This is a moral issue because it deals with the ethical boundaries of deception as a tool of statecraft. While espionage and concealment have long existed in international relations, cyber deception introduces new layers of harm, ambiguity, and moral uncertainty. What I aim to unpack is whether the deliberate use of falsehood for strategic advantage can ever align with ethical duties and the principles that sustain peaceful global relations. As outlined in the Tallinn Manual 2.0, legal interpretations of cyber conduct exist, yet the moral evaluation of deception remains underexplored. I find it fascinating how cyber deception creates a kind of “no man's land” within cybersecurity operations, an area where truth and defense blur, and through this project, I want to examine the ethical boundaries of that grey dimension of cyberspace.

I plan to analyze a couple cybersecurity events involving state-level deception to understand how ethical reasoning applies when truth and defense intersect. I will use the Tallinn Manual 2.0 as a reference point for the established legal and operational boundaries of state cyber conduct, and build my moral analysis from there. My approach so far relies on utilitarian reasoning and maybe some elements of Just War theory, focusing on principles like proportionality and moral intent. When possible, I also want to connect these ideas to Aristotle's virtue ethics, especially concepts like prudence and honesty, to consider how moral character and good judgment apply to decision-making in cyberspace. These conceptual tools will help me evaluate whether cyber deception can ever be ethically justified as a form of protection, or if it only undermines trust between states.

Provisional claim: Defensive and proportionate deception that prevents harm may be ethically permissible to a certain extent, whereas manipulative or sovereignty-violating deception undermines trust and moral legitimacy in cyberspace. It is necessary to establish ethical principles, so we can promote greater accountability, regulation and protection in the cyberspace.

Brief annotated bibliography: