Today, I prepared a lecture for students at Jan Evangelista Purkyně University in Ústí nad Labem on the topic of “Ethical Hacking in Practice.” This event was organized in collaboration between UJEP and the National Agency for Information and Communication Technology (NAKIT).
During the lecture, we covered a broad range of topics related to ethical hacking—from the fundamental differences between hacking and ethical hacking, through various ethical approaches, to specific techniques in cybersecurity testing. We also discussed types of attacks, hacker motivations, and the legal aspects that must be considered in testing.
The lecture hall was full, and some students actively participated in the ensuing discussion. During this lecture, I realised the importance of the topic of meta-ethical hacking—even though this term is not yet widely known, its significance in the field of cybersecurity cannot be underestimated. The lecture encouraged me to delve deeper into this topic.
For those who want to revisit the topic, the lecture materials are available here: Lecture Materials.
From the Lecture at UJEP to Meta-Ethical Hacking
Meta-ethical hacking is essential because it brings a deeper reflection on the moral principles underlying ethical hacking. While conventional ethical hacking—mostly from a current perspective—focuses on the practical use of technical skills to identify and mitigate security risks, meta-ethical hacking examines questions of why and how ethical principles in this field should be defined, interpreted, and applied. This approach leads us to questions about the motives, values, and responsibilities of ethical hackers, which is crucial for building trust among security professionals, organisations, and the public.
Meta-ethics in the context of hacking questions the fundamental nature of moral concepts, for example, “What does it mean to be ‘ethical’ in ethical hacking?” Meta-ethical analysis examines whether concepts like “right” or “wrong” in hacking have an objective value or whether they depend on subjective interpretations of individuals or cultures. This reflection is vital because even ethical hacking requires the consistent application of moral principles that precisely define its boundaries and legitimacy.
Meta-ethics also involves analysing what the term “ethical” means in ethical hacking and how it is interpreted in various situations. For example, when a hacker discovers a vulnerability and decides to disclose it without prior notification to the affected company, some communities consider it beneficial, as it informs the public about potential risks. On the other hand, others view this action as unethical, as it may harm the company and its users. In such a case, meta-ethics examines where the line lies between “right” public disclosure and responsible vulnerability reporting.
Without meta-ethical examination, we might adopt a superficial view of ethics that overlooks the nuances and complexities crucial in cybersecurity. Meta-ethical questions enable us to better understand which moral values are important in ethical hacking and how they can help shape a more responsible and transparent approach to security.
My studies in Information Services Design at Masaryk University enable me to explore different ethical perspectives—and, ultimately, diverse design-philosophical views. I encounter a broad spectrum of approaches and tools for analysing and applying ethical principles in the design of information services.
I hope that I was able to convey to at least some students my perspective on the use of so-called ethical hacking to ensure cybersecurity!