Cybersecurity and Ethics: Lawsuits Involving the CyberTech company

Cybersecurity and Ethics: Lawsuits Involving the CyberTech company


The main purpose of the paper is to examine and analyze the two lawsuits, which involve the CyberTech company and the examination results are used to advise the company on the most appropriate alternative to undertake. The most effective alternative considered would help the company to maintain its integrity, positive branding, and image as an ethical cybersecurity company. in the first lawsuit, CyberTech company is consulting for a law firm that handles the lawsuit from hacking into the Office of Personnel Management (OPM). Hacking into the OPM exposed millions of forms of employees’ information, people’s fingerprints, and background checks for those seeking government security clearance. The second lawsuit involves Anomalous and the Equation Set whereby, Anomalous is accusing the US-based group company of having hacked into its facilities. The two situations are likely to cause a conflict of interest for CyberTech since the company represents some of the OPM breach suspect companies (Anomalous) in the second lawsuit between Anomalous and Equation Set. Therefore, the paper will explore the presence of a conflict of interests and advise CyberTeh to continue with both cases on drop one.


Workers in the Information Technology department of OPM and the government agency in charge of the civilian workforce discovered hacking of the OPM’s files in 2015 and the hacked data included numerous (millions) SF-86 forms containing personal data obtained from background checks for those seeking government security clearance and records of millions of people’s fingerprints. Hacking the OPM’s files led to the resignation of top OPM management executives and Congressional examination of the issue (Fruhlinger, 2018). The situation implies that OPM should advocate for the privacy status of those whose personal data were hacked and stolen to comply with the national security requirements. However, the lack of a smoking gun makes it difficult to link the attack to the specific perpetrator and the overwhelming agreement is that a state-sponsored attacker in the Chinese government hacked OPM. On the other hand, a foreign-based company called Anomalous is suing a US-based company (Equation Set) for hacking its organizational systems. Even though one would believe that Anomalous could present adequate evidence to link Equation Set to the hacking of its system, the paper does not agree with the Anomalous claim against the US-based company, Equation Set.

Ethical Dilemma

Should CyberTech company continue supporting Anomalous in the case against the US-based company, Equation Set, and still involve in the case related to the OPM hack? Will conflict of interest result from CyberTech’s involvement in the two cases? Should CyberTech drop one of the cases to prevent conflict of interest? The solution to the ethical dilemmas should focus on the best alternative that would help the company to maintain its brand and image.

Analysis of Information

Reaching the best solution that would help CyberTech maintain its ethical branding and image would require the company to examine and consider the laws governing the operations and interactions of companies involved. From the information presented in the case study, Anomalous is a foreign company or a non-US-based group company while OPM and Equation Set are US-based companies. Therefore, there are chances that the two cases could have different cybersecurity law implications depending on the government regulations over cybersecurity in each country. According to Formosa et al. (2021), some various international laws and treaties define the relationship between State parties and legally bound the agreement between different States. However, such international laws are implemented slowly and some have become obsolescent due to the rapid technological changes. Fuster & Jasmontaite (2020) acknowledge the presence of a well-established international law regulating organization, which regulates the armed response to physical military attacks against the States.

However, the organization does not address the cybersecurity domains hence; one would agree that States have not passed laws that govern international cyber-attacks. The absence of international laws that would govern CyberTech’s engagement in both cases should never limit the company’s decision to do so since the company has an opportunity to act as the reference point for similar cases in the future. Currently, the cybersecurity sector lacks laid down ethical standards and benchmarks to govern decision making and it would be time-bound for CyberTech to introduce cybersecurity ethical guidelines for providing a sound response to cyber-attacks. The proposed idea is possible and can be implemented since ethics are always subjective and can be affected by various factors such as education, experience, cultural practices, and individual characters.

CyberTech can decide and protect Anomalous in the OPM hack following the privileged position and relationship between the two companies. The fact that Anomalous is suspected in the OPM hack does not mean that the company should be convicted until proven guilty by adequate evidence. Chances are that investigations are being undertaken and the investigators have pointed out the state-sponsored agents as the perpetrators in the case. The number of suspects in the case could have been reduced if Anomalous could use the strength of its relationship with CyberTech to prove its innocence or involvement in the claimed hack. The outlined ethical dilemma could potentially help CyberTech elevate its branding and image if the company effectively uses its forensic work to solve the case or damage its brand by failing to solve the issue.

Analysis of Alternative Viewpoints

One of the possible viewpoints is that CyberTech has the right and capacity to involve in the two cases provided it will handle the cases as separate entities. The most appropriate approach for CyberTech to handle the two cases as separate entities is to assign different workforce (team) to separately address the two cases. However, all the teams must consider the ethical guidelines while undertaking their separate duties. The first alternative would mean that CyberTech would assume the potential conflict of interest or communicate the conflict to the affected parties and ask for their consent. The second option is to ignore one of the cases to avoid the potential conflict of interest. Implementation of any of the two possible viewpoints would require CyberTech to evaluate the potential risks of each alternative while upholding the ethical standards governing the cybersecurity sector.

Conclusion and Recommendation

The paper reveals that the cybersecurity sector lacks ethical guidelines or reference points to safeguard and guide parties involved in cybersecurity cases, most probably due to rapid technological changes. The absence of such ethical standards and guidelines makes it easier for CyberTech to explore any possible alternative without fear of being legally held accountable. Moreover, CyberTech has the opportunity to make and implement any decision to act as the reference point for subsequent cases. Engaging in the two cases would cause a conflict of interest hence; CyberTech should withdraw from engaging with Anomalous. Even though one would argue that conflict of interest may not happen in reality, CyberTech is likely to suffer from the perception of conflict of interest that may negatively affect its brand image. The presence of a good relationship between CyberTech and Anomalous may also limit CyberTech’s interest in the case, perhaps the company might attempt to defend Anomalous to maintain their prior relationship. Therefore, it would be advisable that CyberTech drop the case involving Anomalous not only to prevent conflict of interest but also to protect its brand as an ethical cybersecurity company. Even though the situational analysis proves that CyberTech will not break any law by taking any decision, the paper recommends that the company should withdraw from representing Anomalous to protect its reputation and prevent conflict of interest in the OPM case.

Share this Post