Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.

Senior Editor of Communications of the ACM, Moshe Vardi, Shares Concern Over Lack of Incentive Structure in Cybersecurity

October 24th, 2022 / in Uncategorized / by Maddy Hunter

Moshe Y. Vardi, Computer Science Professor at Rice University and Senior Editor of Communications of the Association for Computing Machinery (ACM), wrote an article in the November 2022 issue of the Communications of the ACM magazine, Accountability and Liability in Computing. The article articulates his concerns for the slow progress and lack of conclusive knowledge on how to build secure information systems. Vardi speculates the issue is not due to a lack of technical advancements but a lack of incentives encouraging hardware security developments and solutions. It is becoming vital to address this “market failure” as we become more reliant on technical systems and become increasingly vulnerable to cyberattacks. 

Vardi recently attended the Computing Community Consortium (CCC)  workshop, Mechanism Design for Improving Hardware Security. Led by Simha Sethumadhavan (Columbia University) and Tim Sherwood (University of California, Santa Barbara), the workshop brought together key stakeholders to discuss potential solutions and possible incentive structures to catalyze cybersecurity efforts.

The current lack of incentives stems, in part, from an absence of liability by big companies when it comes to protecting consumers from cyber attacks. At the moment they are not being held accountable and claim that by consumers clicking through online licenses and accepting the terms they are released from a duty to protect online users. Former CCCCouncil Member Helen Nissenbaum was featured in the article calling attention to the unfair bargaining powers at play with these consent dynamics and how the laws of strict liability that are in place to protect consumers from vendors are not extending to the computing industry. Additionally, the current incentive structure in computing leads companies to prioritize speed and efficiency, often at the expense of resilience and security.

The workshop report from Mechanism Design for Improving Hardware Security will take a deep dive into the aforementioned issues and summarize key findings and recommendations. Be on the lookout in the next couple of months!

 

 

 

Disclaimer: Posts on this blog report on happenings, opportunities, and issues that arise in the broad computing research community, and do not necessarily reflect the opinion of the CCC or the National Science Foundation.


Related posts:

  1. Moshe Vardi on “Hypercriticality” in CACM
  2. NSF CISE Distinguished Lecture: Former CRA Board Member Moshe Y. Vardi on Lessons from COVID-19
  3. NSF CISE Distinguished Lecture Series – Moshe Vardi
  4. ACM SIGARCH Blog – Speculating about speculation: on the (lack of) security guarantees of Spectre-V1 mitigations
  5. CCC@AAAS2019 – Socio-technical Cybersecurity: It’s All About People
Senior Editor of Communications of the ACM, Moshe Vardi, Shares Concern Over Lack of Incentive Structure in Cybersecurity

Tags:

Comments are closed.