Cybersecurity’s Lessons for Growing Digital Ethics in Practice
On this episode, I’m joined by Mark Hughes, DXC’s senior vice president of Offerings and Strategic Partners. Mark is responsible for DXC’s technology strategy by driving innovation in DXC’s core offerings. Before stepping into this role, Mark led DXC's security organization and offerings and he previously served as BT’s Chief Executive of Security. Mark is a Royal Military Academy graduate and British Army veteran and he serves on the World Economic Forum’s Global Cybersecurity Board.
Mark’s extensive experience with the development of cybersecurity and privacy moving from concepts to recognized business functions gives him a window into the possible future for digital ethics. Mark described several phases of cybersecurity coalescing to be what it is today, from industry recognition of the risks to aligning on a systemic multi-stakeholder approach, to the development of governance frameworks both within industry and from external regulatory bodies, to identifying specific roles that are now responsible for ensuring adherence to those regulatory frameworks.
But building an effective approach to cybersecurity (and by extension digital ethics) isn’t just about developing the right formal processes, it’s also about building the right culture of expectations so that doing ethics is simply part of the everyday practice of developing new products & services. It’s important to have formal checks in place, but a lot can be managed by simply making ethical considerations a regular part of the development cycle. One area that Mark often sees being missed is developing an approach to rapidly respond when things do go wrong, as they inevitably will no matter how carefully considerations are made leading up to that point. Without minimizing the importance of the avoidance of harm, often the thing that really differentiates successful approaches from unsuccessful ones is the ability to respond quickly & effectively to a problem once it’s been identified.
Mark finished with the idea that it’s more important to get started with a simple process than to try and perfect everything before proceeding. In software development we’re all familiar with the idea of patching to respond to threats that have been identified since these systems are far too complex to identify every potential issue from the start; we also need to develop an approach to digital ethics that keeps potential risks & benefits in constant review with processes to respond to emergent harms.