{"title":"Invisible Security: Protecting Users with No Time to Spare","authors":"J. Dykstra","doi":"10.1109/CIC50333.2020.00031","DOIUrl":null,"url":null,"abstract":"For over 50 years, the cybersecurity community has sought to protect vulnerable systems and users from victimization. Despite ongoing and valiant work at adoption and usability, some users cannot or will not avail themselves of necessary cybersecurity measures such as patching. Average, non-expert users-particularly those in small businesses-cannot afford to devote time to cybersecurity. Instead of accepting the risk of no security, alternatives are possible which achieve both security outcomes and conservation of time. We explore the paradigm of invisible security focused on creating cyber defenses that occur automatically without end user intervention. Invisible security is the next evolutionary step to aid users, now that automation is robust and effective in supporting it. Even though some example implementations, such as automatic updates, have existed for years, dedicated focus on this emerging paradigm is required to develop, measure, and deploy new capabilities. We present examples consistent with this approach in existence today, including automatic software updates and protective DNS. We draw insight and comparisons to other domains, including automobile safety. Then we describe how invisible defenses may aid potential beneficiaries in health care, the defense industrial base, and the general public. Finally, we present benefits and limitations of the approach and propose areas of future research and innovation.","PeriodicalId":265435,"journal":{"name":"2020 IEEE 6th International Conference on Collaboration and Internet Computing (CIC)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 6th International Conference on Collaboration and Internet Computing (CIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIC50333.2020.00031","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
For over 50 years, the cybersecurity community has sought to protect vulnerable systems and users from victimization. Despite ongoing and valiant work at adoption and usability, some users cannot or will not avail themselves of necessary cybersecurity measures such as patching. Average, non-expert users-particularly those in small businesses-cannot afford to devote time to cybersecurity. Instead of accepting the risk of no security, alternatives are possible which achieve both security outcomes and conservation of time. We explore the paradigm of invisible security focused on creating cyber defenses that occur automatically without end user intervention. Invisible security is the next evolutionary step to aid users, now that automation is robust and effective in supporting it. Even though some example implementations, such as automatic updates, have existed for years, dedicated focus on this emerging paradigm is required to develop, measure, and deploy new capabilities. We present examples consistent with this approach in existence today, including automatic software updates and protective DNS. We draw insight and comparisons to other domains, including automobile safety. Then we describe how invisible defenses may aid potential beneficiaries in health care, the defense industrial base, and the general public. Finally, we present benefits and limitations of the approach and propose areas of future research and innovation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
