Cyber Security opens up particularly many questions about how to behave responsibly in the conduct of research. Alongside the classical concerns of research integrity, much security research will make use of personal data or monitor human behaviour. A lot of security research involves ‘trying to break things’, and both the way one goes about that, and the disclosure of vulnerabilities thereby discovered is the subject of ongoing dialogue. Such work brings researchers into contact with those who might wish to limit publication – for reasons of commercial protection, or for the defence of their own institution’s reputation. Finally, some research gives rise to concerns about international working – coded as ‘trusted research’ – both in the strength of defensive and protective technologies, and in the discovery of vulnerabilities (and methods for discovering more).
This group will develop an ethics approach for CRANE, inform ongoing activity, and develop a library of guidance for researchers and their institutions.