For over 50 years, the cybersecurity community has sought to protect vulnerable systems and users from victimization. Despite ongoing and valiant work at adoption and usability, some users cannot or will not avail themselves of necessary cybersecurity measures. Average, non-expert users—particularly those in small businesses—cannot afford to devote time to cybersecurity. Instead of accepting the risk of no security, alternatives are possible which achieve both security outcomes and conservation of time. In this talk, we explore the paradigm of invisible security focused on creating cyber defenses that occur automatically without end user intervention. We present examples consistent with this approach in existence today, including automatic software updates and protective DNS. Then we describe how invisible defenses may aid potential beneficiaries in health care, the defense industrial base, and the general public. Finally, we present benefits and limitations of the approach and propose areas of future research and innovation.
- Tags
-