Working Group 3: Optimal Security approaches and their impact on the user
Working group leader: Dr Davide ANDREOLETTI
This activity concerns “responsible by design” optimal security solutions. The starting point for feeding this WG is the increasing and pervasive use of technology in the daily life of human beings. This massive use of technology requires a deep reflection on the correlated aspects of cyber security and how it must be managed. In particular, optimal security solutions related to the massive use of disruptive technologies, should be thought in respect of ethics and human rights approaches to conceive security solutions that are responsible by design. There are three key stages for optimal responsible by design security tools and solutions: 1) the first phase is represented by the design and development; 2) the second part is concerning the deployment and 3) the last stage is the use and application (including the use of security measures). The universal acceptability of the solution by the final user is paramount for realizing successful security tools. In particular, the security algorithm perception as well as their impact on the human being need to be studied and considered in the design of the security algorithms. This WG requires technical and non-technical stakeholders to account for the key factors that integrate the responsible concept into the development, deployment, and use of optimal security solutions
Tasks
The main purpose of this task is to achieve a holistic understanding of the relations between cybersecurity systems and humans. The starting point will be represented by an inclusive definition of the social responsibility of cybersecurity. Recently, some efforts in this direction have been accomplished to define Social Responsibility of AI. The rationale to introduce a similar concept for cybersecurity is threefold. From the one hand, in the previous WGs it was remarked an increasing tie between AI and cybersecurity, with a double use of it to increase the protection of communication systems as well as to improve the cyberattacks effectiveness. From another point of view, the increasing ubiquity of wireless networks in our daily life, intended for different population ages and involving more and more younger people, oblige to define new ethical principles and policies, to be established in consultation with lawyers. Finally, the interconnection between AI and cybersecurity is paramount for a protected society, and thus it is fundamental to include AI (and XAI) aspects in cybersecurity. New metrics accounting for the different aspects, namely legal, technical, and ethical need to be defined.
This task will be devoted to the highly challenging objective to account for the different aspects highlighted in T3.1 and in the other WGs, in order to define new metrics or at least guidelines for cyber solutions that have to be acknowledged as responsible by design, while keeping their effectiveness to protect the communication systems and make them robust to advanced attacks.
