• United States



Can Cyber Ethics training work for adults?

Feb 11, 20075 mins
Identity Management SolutionsIT Leadership

Back in the late 1980s, it seemed like everyone at work was talking about the book “All I Really Need To Know I Learned In Kindergarten.”

Many adults share that view about cyber ethics training today – with perhaps an upgrade from Kindergarten to eighth grade and a few words added. You know, be nice online, be fair online, don’t steal or cheat online, etc.  Adults don’t need ethics training do they?

As I’ve been discussing over the past few weeks in my blogs, many of the online behaviors that we’re seeing as CSOs are starting to take new turns. People are crossing the policy lines, and it’s tough for the policies to keep up. What can we do about it?

 Cyber ethics training for kids abounds at many websites, with ample lists of dos and don’ts. Headlines seem to daily remind us of the harm that can be caused by predators and thieves. Still we know that most of our employees want to do the right thing. How can we move forward in this new world?      

As I researched this topic, I’ve come across quite a few good ideas and thought-provoking commentaries. One piece by Don Gotterbarn is entitled: “Cyber Ethics Considered Harmful.”

 He discusses how many college students and adult professionals are turned off by lists of do’s and don’ts  – which are mostly committed by criminals. He discusses the history of cyber ethics training classes with summaries like:

“The reactive emphasis (of the classes) did not encourage proactive behavior. Students were encouraged merely to judge the morality of an act that has occurred rather than to determine or guide action to prevent or discourage immoral behaviors.”

Gotterbarn brings up many excellent points as he criticizes attempts to teach “Internet Professional Ethics” or IPEs to adults. He concludes his paper with this conclusion:

 “There are two significant tasks needed as preparation to introduce this material into the professional/technical curriculum. The first task is the preparation of materials which start with a clear concept of IPE showing how, within the context of professional ethics, sound ethical decisions can and must be made.

 The second task is a concerted research effort to clearly articulate the values that drive good Internet development practices. These can then be used to help guide the professional decisions of Internet developers.”

Another great article on ethical issues in technology was written by the editor of State and Local Technology Magazine, Lee Copeland. She lays out the ethical dilemmas facing technology professionals as we move forward. Here’s one quote:

“Medicine has the Hippocratic oath. The heavily regulated medical profession licenses its practitioners and tracks and restricts the prescription of drugs. But what about IT? Other than a few providers of professional certifications, there’s no professional standards or regulatory body that governs IT or determines what qualifies as ethical behavior.”

Clearly what we’re doing now doesn’t cut it. We need clearer ethical guidance. I think CSOs shy away from this, since it seems more like a duty for churches – including the need to make moral judgments. And yet, isn’t that what we are doing with our policies?  We can’t assume that people know where all the potholes are on the Internet. We’ll need to devise classes along the lines that Gotterbarn describes.

What does that mean? What about “adult” men and women behaving badly at work? They know what they’re doing. How can we address this growing group that thinks it’s ok to speed on cyber highways? Some say it can never be stopped – without way too much pain. Back to the original question, they know exactly how to avoid getting caught – at least they think they do. Put up a better firewall or a new process, and they’ll be tools and ways to get around it.

We’re back to the different views on morality and personal ethics.  Clearly there are (at least) two groups, and just like on interstate highways, some will speed – but eventually they’ll get caught. Other people will continue their immoral behavior, but eventually “their sins will find them out.” As CSOs we’re seeing it now, and we see how it devastates lives.

 While only time will tell if the next generation of cyber ethics training will slow this new trend, I think one thing is clear.  This will need to be a new kind of training. It will be a blend between what today is values training, ethics training and the current cybersecurity (more hand-on) training. It will need to address a different set of questions than the status quo. It will go beyond explaining viruses, worms, botnets, identity theft or whatever is “hot” at the moment, and start to address deeper philosophical issues which affect lifestyles and cyber behaviors.

Most of all, it will need to motivate positive behaviors and actions. It needs to enable the good guys to do more proactive things and stay on the straight and narrow, and not just stop the bad guys or prevent bad things from happening.  It may require a complete rethink of where the lines are. Not to water down immoral behavior, but to rethink what’s acceptable at work with government dollars. (Remember, most governments have policies that still forbid the majority of personal phones calls.)

We have a whole new set of challenges to answer, but it’s not just for kids. Cyber ethics training needs to be for adults as well.


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author