top of page

Equity, Diversity, and Inclusion

A couple of reflections...

  • Foto do escritorbeatriz buarque

Challenging racism in cyber security courses

Atualizado: 28 de jun.

My first encounter with issues related to Equity, Diversity, and Inclusion in higher education was in 2022 when I was teaching the online course Trust and Security in a Digital World: From Fake News to Cyber Criminals. I always wanted to teach that course because it is interdisciplinary and it offers a great overview of some of the key issues involving trust and security in the digital world.

In one of its introductory modules, the course describes some key concepts in cyber security. Besides familiarising students with different types of cyber crimes, the module highlights that not all hackers are criminals. Whereas some hackers may use their digital skills to cause harm, others may help companies identify vulnerabilities, preventing, thus, cyber attacks. In some cases, hackers can also assist police investigations, helping the police recover data/money that was stolen or even sharing intelligence that may be crucial to find the location of the criminal. My discomfort started when I saw the expressions used to refer to these two types of hackers. In cyber security, criminal hackers are known as 'black hat' and the ethical hackers are known as 'white hat'. This binary was presented in the course without further reflection, thus reinforcing racist associations between blackness and criminality.

It took me a while to express my discomfort with the course leader. I was not sure whether I should do it because it was the first time that I was teaching the course and I was in the very early stage of my career as an academic. Nevertheless, I was worried about students' learning experience. Black students could feel the same discomfort that I felt. Consequently, I sent an email to the course leader, suggesting some modifications in the course material to address the racist essence of part of the language used in cyber security.

I was really glad when the course leader promptly answered to my email, acknowledging the problematic language and suggesting the introduction of a text box to encourage students to reflect on how cyber security research and practice have historically used the word 'white' to refer to positive things and 'black' to negative.

Instead of overlooking how cyber security language has often played a role in the maintenance of structural racism, the course now acknowledges this problem and it additionally gives students an opportunity to pay attention to the recurrence of similar problematic binaries in the discipline.

Have you ever heard references to 'whitelist' and 'blacklist'? What about the 'dark net'? A more inclusive approach to cyber security would entail the substitution of the associations white-positive and black-negative with other terms. For instance, criminal hacker and ethical hacker; approved list and block list.

Recently, some countries and organisations have acknowledged the racist tone of part of the language used in cyber security and they have removed non-inclusive terms from their code and technology. In 2020, the National Cyber Security Centre (NCSC) declared that it would replace the terms ‘whitelist’ and ‘blacklist’ with ‘allow list’ and deny list’. Microsoft adopted a similar approach. Apple announced an initiative to remove non-inclusive language in its developer ecosystem. UK Finance in collaboration with EY and Microsoft produced a report about the usage of non-inclusive language in technology and cybersecurity. It is worth taking a look at it.

Can you think of any racist binary that has often been used in your discipline? What could you do to address this issue?

Send me some examples on the chat and I will write another article based on your contributions. They may help scholars who do not teach courses related to technology and cyber security.

7 visualizações


bottom of page