Sustaining Security and Safety in ICT: A Quest for Terminology, Objectives, and Limits

TL;DR

This paper critically examines the concepts of sustainable security and safety in ICT, highlighting the importance of clear terminology, societal context, and comprehensive impact assessment for developing effective, socially responsible solutions.

Contribution

It clarifies the ambiguous use of sustainability terms in ICT security and safety, emphasizing the need for societal-wide approaches and integrated impact considerations.

Findings

Different notions of sustainability lead to confusion in ICT security and safety.

A societal and life-cycle perspective is essential for meaningful sustainability in ICT.

Integrated solutions should align with societal change and ecological considerations.

Abstract

Security and safety are intertwined concepts in the world of computing. In recent years, the terms "sustainable security" and "sustainable safety" came into fashion and are being used referring to a variety of systems properties ranging from efficiency to profitability, and sometimes meaning that a product or service is good for people and planet. This leads to confusing perceptions of products where customers might expect a sustainable product to be developed without child labour, while the producer uses the term to signify that their new product uses marginally less power than the previous generation of that products. Even in research on sustainably safe and secure ICT, these different notions of terminology are prevalent. As researchers we often work towards optimising our subject of study towards one specific sustainability metric - let's say energy consumption - while being blissfully unaware of, e.g., social impacts, life-cycle impacts, or rebound effects of such optimisations. In this paper I dissect the idea of sustainable safety and security, starting from the questions of what we want to sustain, and for whom we want to sustain it. I believe that a general "people and planet" answer is inadequate here because this form of sustainability cannot be the property of a single industry sector but must be addressed by society as a whole. However, with sufficient understanding of life-cycle impacts we may very well be able to devise research and development efforts, and inform decision making processes towards the use of integrated safety and security solutions that help us to address societal challenges in the context of the climate and ecological crises, and that are aligned with concepts such as intersectionality and climate justice. Of course, these solutions can only be effective if they are embedded in societal and economic change towards more frugal uses of data and ICT.