Moral Frameworks in CTI and High-Stakes Communications

We live in very polarizing times, particularly in the US. We choose our words carefully, tiptoe around topics that might devolve into argumentation or debate. However, there are times we must address the elephant in the room. In cybersecurity, we do not always have the luxury of ignoring or avoiding political engagement. It is helpful to understand a little more about competing moral frameworks.

Moral frameworks are the background elements that influence a person’s values and character. Experiences, schooling, and media consumed contribute to someone’s moral framework; however, the most influential are the people who are most significant in their lives, for better or worse.

Understanding moral frameworks has valuable applications in analyzing cyber threat intelligence, particularly when evaluating a potential threat actor’s motivation and opportunity metrics. In CTI, there is no real “right way” to do analysis. It is not a linear path, and I still maintain that AI is incapable of the higher level of thinking necessary to do a proper risk assessment for the simple reason that we are defending people against other people. People from different backgrounds who have differing intentions and motivations. Attackers, even amongst ransomware gangs, are not always in it for purely financial reasons.

Moral frameworks are part of a larger topic of ethical hermeneutics. It is easy to dismiss or “other” people who may have competing moral frameworks or even label them as unethical. In CTI, we think in terms of Black Hat vs. White Hat, red vs blue, good vs evil. However, this thought process can be limiting when analyzing or interpreting to gain a deeper understanding. We only know what we know; there are other horizons to explore, but we must engage with, even if only on an intellectual level, with those outside of our scope of understanding.

A mutual interest in applied hermeneutics in various fields led me to an introduction to Dr. David Haney, who shared with me his recent and timely article published in the Journal of Applied Hermeneutics titled “Ethical Hermeneutics Engaging Individual-based Instrumental Reason: Lessons for Leaders in the Modern Social Imaginary.” His timely article sparked my interest in applying these philosophies to cyber threat intelligence.

Dr. David Haney gives us an example that hermeneutics can be helpful in a leadership setting with competing moral languages: “Left to their own devices, interlocutors will often end at an impasse without understanding why they cannot talk to each other. However, a hermeneutic perspective that sees them instead as different horizons implicated in different traditions can open possibilities for productive communication.”

Instead of debating to win, we can view others’ perspectives as a different horizon to explore. We can approach with curiosity and empathy to understand that their history, lived experience, and people closest to them all make up their moral framework in the background. This will expand our horizons, enabling us to identify the root causes of the problems and collaborate on finding solutions.

And finally, an interesting application is in the high-stakes communications or crisis simulation exercises. Try it there first; broaching topics you might otherwise avoid due to fear of derailing an exercise may be the best place to do it. It is far better to engage and derail an exercise than to derail the incident response.