A Research Ecosystem for Secure Computing

TL;DR

This paper emphasizes the importance of developing a secure computing ecosystem by integrating security into design, fostering incentives for adoption, and educating society about vulnerabilities to address modern challenges in interconnected systems and AI.

Contribution

It advocates for a paradigm shift towards security-by-design, emphasizing ecosystem development, incentive structures, and education to enhance societal resilience against cyber threats.

Findings

Security needs to be integrated into system design from the start

Incentive structures are crucial for adopting secure technologies

Education of society on vulnerabilities enhances overall security awareness

Abstract

Computing devices are vital to all areas of modern life and permeate every aspect of our society. The ubiquity of computing and our reliance on it has been accelerated and amplified by the COVID-19 pandemic. From education to work environments to healthcare to defense to entertainment - it is hard to imagine a segment of modern life that is not touched by computing. The security of computers, systems, and applications has been an active area of research in computer science for decades. However, with the confluence of both the scale of interconnected systems and increased adoption of artificial intelligence, there are many research challenges the community must face so that our society can continue to benefit and risks are minimized, not multiplied. Those challenges range from security and trust of the information ecosystem to adversarial artificial intelligence and machine learning. Along with basic research challenges, more often than not, securing a system happens after the design or even deployment, meaning the security community is routinely playing catch-up and attempting to patch vulnerabilities that could be exploited any minute. While security measures such as encryption and authentication have been widely adopted, questions of security tend to be secondary to application capability. There needs to be a sea-change in the way we approach this critically important aspect of the problem: new incentives and education are at the core of this change. Now is the time to refocus research community efforts on developing interconnected technologies with security "baked in by design" and creating an ecosystem that ensures adoption of promising research developments. To realize this vision, two additional elements of the ecosystem are necessary - proper incentive structures for adoption and an educated citizenry that is well versed in vulnerabilities and risks.