In this paper, we present our plans for a project currently underway, in which we design a videogame to train IT students in the moral principles that are needed to make ethical decisions in cybersecurity. The focus of the work is on improving player’s moral sensitivity by training them to recognise five foundational moral principles relevant to the majority of cybersecurity decisions:
- Beneficence: Cybersecurity technologies should benefit humans and promote human well-being. It should be used to make our lives better.
- Non-maleficence: Cybersecurity technologies should not be used to intentionally harm humans. It should not be used to make our lives worse.
- Autonomy: Cybersecurity technologies should respect human autonomy. It should allow humans to make informed decisions for themselves about how to use that technology in their lives.
- Justice: Cybersecurity technologies should promote fairness, equality, and impartiality. It should not unfairly discriminate, undermine solidarity, or prevent equal access.
- Explicability: Cybersecurity technologies should operate in ways that are intelligible, transparent, and comprehensible. It should be clear who is accountable and responsible for its operations.
The game will require the player to identify where these principles arise in complex scenarios based on real-world cyber-ethics incidents, and make judgements by weighing different factors against each other. The design will be based on the Morality Play model proposed in our 2017 paper.