This article is published in the November 2022 issue.

Senior Editor of Communications of the ACM, Moshe Vardi, Shares Concern Over Lack of Incentive Structure in Cybersecurity

Moshe Y. Vardi, Computer Science Professor at Rice University and Senior Editor of Communications of the Association for Computing Machinery (ACM), wrote an article in the November 2022 issue of the Communications of the ACM magazine, Accountability and Liability in Computing. The article articulates his concerns for the slow progress and lack of conclusive knowledge on how to build secure information systems. Vardi speculates the issue is not due to a lack of technical advancements but a lack of incentives encouraging hardware security developments and solutions. It is becoming vital to address this “market failure” as we become more reliant on technical systems and become increasingly vulnerable to cyberattacks.

Vardi recently attended the Computing Community Consortium (CCC) workshop, Mechanism Design for Improving Hardware Security. Led by Simha Sethumadhavan (Columbia University) and Tim Sherwood (University of California, Santa Barbara), the workshop brought together key stakeholders to discuss potential solutions and possible incentive structures to catalyze cybersecurity efforts.

The current lack of incentives stems, in part, from an absence of liability by big companies when it comes to protecting consumers from cyber attacks. At the moment, they are not being held accountable and claim that by consumers clicking through online licenses and accepting the terms, they are released from a duty to protect online users. Former CCC Council Member Helen Nissenbaum was featured in the article, calling attention to the unfair bargaining powers at play with these consent dynamics and how the laws of strict liability that are in place to protect consumers from vendors are not extending to the computing industry. Additionally, the current incentive structure in computing leads companies to prioritize speed and efficiency, often at the expense of resilience and security.

The workshop report from Mechanism Design for Improving Hardware Security will take a deep dive into the aforementioned issues and summarize key findings and recommendations. Be on the lookout for it in the next couple of months!