Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure
Information and Computer Security
ISSN: 2056-4961
Article publication date: 15 January 2024
Issue publication date: 11 June 2024
Abstract
Purpose
This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital supply chain of critical infrastructure operators.
Design/methodology/approach
A thorough review and analysis of existing relevant literature was performed to establish the current state of knowledge in the field. Ethical frameworks proposed for other areas/disciplines and identified pertinent ethical principles have been used to inform the proposed framework’s development.
Findings
The proposed framework provides actionable guidance to security professionals engaged with such activities to support them in assessing whether an HRE project conforms to ethical principles. Recommendations on action needed to complement the framework are also proposed. According to the proposed framework, reverse engineering is neither unethical nor illegal if performed honourably. Collaboration with vendors and suppliers at an industry-wide level is critical for appropriately endorsing the proposed framework.
Originality/value
To the best of the authors’ knowledge, no ethical framework currently guides cybersecurity research, far less of cybersecurity vulnerability research and reverse engineering.
Keywords
Acknowledgements
This work has been funded by the Research Council of Norway in part by Project no. 320932 “Reverse Engineering som metodikk for verifikasjon av sikkerhet i digitale verdikjeder i en kritisk infrastruktur” and in part by Project no. 310105 “Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS)”.
Citation
Nygård, A.R. and Katsikas, S.K. (2024), "Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure", Information and Computer Security, Vol. 32 No. 3, pp. 365-377. https://doi.org/10.1108/ICS-10-2023-0182
Publisher
:Emerald Publishing Limited
Copyright © 2023, Emerald Publishing Limited