Research into the ethics of cybersecurity is an established and growing topic of investigation, however the translation of this research into practice is lacking: there exists a small number of professional codes of ethics or codes of practice in cybersecurity, however these are very broad and do not offer much insight into the ethical dilemmas that can be faced while performing specific cybersecurity activities. In order to address this gap, we leverage ongoing work on the Cyber Security Body of Knowledge (CyBOK) to help elicit and document the responsibilities and ethics of the profession. Based on a literature review of the ethics of cybersecurity, we use CyBOK to frame the exploration of ethical challenges in the cybersecurity profession through a series of 15 interviews with cybersecurity experts. Our approach is qualitative and exploratory, aiming to answer the research question "What ethical challenges, insights, and solutions arise in different areas of cybersecurity?". Our findings indicate that there are broad ethical challenges across the whole of cybersecurity, but also that different areas of cybersecurity can face specific ethical considerations for which more detailed guidance can help professionals in those areas. In particular, our findings indicate that security decision-making is expected of all security professionals, but that this requires them to balance a complex mix of technical, objective and subjective points of view, and that resolving conflicts raises challenging ethical dilemmas. We conclude that more work is needed to explore, map, and integrate ethical considerations into cybersecurity practice; the urgent need to conduct further research into the ethics of cybersecurity AI; and highlight the importance of this work for individuals and professional bodies who seek to develop and mature the cybersecurity profession in a responsible manner.

翻译：网络安全伦理研究是一个成熟且日益增长的探究领域，然而这些研究成果向实践转化的过程仍显不足：现有少量网络安全专业伦理准则或实践规范，但这些准则过于宽泛，难以深入揭示执行特定网络安全活动时可能面临的伦理困境。为填补这一空白，我们依托网络安全知识体系（CyBOK）的持续工作，协助引出并记录该专业的责任与伦理。基于网络安全伦理文献综述，我们通过对15位网络安全专家的系列访谈，以CyBOK为框架探索网络安全职业领域的伦理挑战。本研究采用定性探索性方法，旨在回答"网络安全不同领域存在哪些伦理挑战、见解与解决方案"这一研究问题。研究结果表明，网络安全领域存在普遍性伦理挑战，但不同网络安全领域亦面临特定的伦理考量，针对这些领域制定更详尽的指导方针有助于专业从业者。特别值得关注的是，研究发现所有安全专业人员都需具备安全决策能力，但这要求他们平衡技术、客观与主观等多元视角构成的复杂组合，而解决冲突过程会引发棘手的伦理困境。我们得出结论：仍需开展更多工作以探索、映射并整合伦理考量至网络安全实践；亟需对网络安全人工智能伦理开展进一步研究；同时强调此项工作对于以负责任方式发展并完善网络安全职业的个人及专业机构具有重要价值。