Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure

This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital supply chain of critical infrastructure operators.

A thorough review and analysis of existing relevant literature was performed to establish the current state of knowledge in the field. Ethical frameworks proposed for other areas/disciplines and identified pertinent ethical principles have been used to inform the proposed framework’s development.

The proposed framework provides actionable guidance to security professionals engaged with such activities to support them in assessing whether an HRE project conforms to ethical principles. Recommendations on action needed to complement the framework are also proposed. According to the proposed framework, reverse engineering is neither unethical nor illegal if performed honourably. Collaboration with vendors and suppliers at an industry-wide level is critical for appropriately endorsing the proposed framework.

To the best of the authors’ knowledge, no ethical framework currently guides cybersecurity research, far less of cybersecurity vulnerability research and reverse engineering.