Do we need GreenSec?
As we focus more software sustainability, what unique security issues might arise?
The digital world is increasingly a dark forest, with AI emerging as a kind of creeping mycelial Sauron. While there are many benefits, there are also severe security, privacy, and environmental trade-offs.
There is growing momentum behind the green software movement, which incorporates sustainable practices into software development to mitigate environmental harms.
These practices can include adding middleware to track energy consumption or carbon emissions, shifting compute geographically and temporally to leverage cleaner electricity, and developing measurement standards and tooling for transparent environmental impact disclosure.
Sustainable software is increasingly important as the energy demands of software, especially AI, increase. There are ways that sustainability solutions can be in tension with security considerations in ways that should be taken seriously.
There's a potential niche, "green-sec", which focuses on shipping sustainability solutions without compromising traditional security. While many of the relevant security issues are bread and butter for opsec and infosec professionals, and the green software aspects are core for sustainability practitioners, few people straddle both domains, and green-sec also encompasses some unique challenges.
The Two Flavours of Green-Sec
I see two main flavours of green-sec, we can call them Type 1 and Type 2:
Type 1 Green-Sec: the exposure or expansion of attack surfaces as a side-effect of sustainability solutions. It exacerbates traditional operational security (op-sec) concerns due to the implementation of sustainability measures.
Hypothetical examples of Type-1 green-sec issues include:
Reduced Redundancy: A failover system is removed to reduce an organisation's operational emissions, leaving the primary system vulnerable to failures and attacks.
Vulnerable Hardware: Using outdated or vulnerable hardware to avoid the embedded emissions associated with early replacement, thereby increasing the risk of failures and breaches.
Data Privacy Risks: Systems are sited in regions with weaker privacy and data integrity laws due to the availability of lower carbon intensity energy.
Delayed Patches: Software patches and upgrades are delayed to minimise associated emissions, leaving systems vulnerable to known exploits.
New Attack Vectors: Sustainability monitors and middleware introduce new attack vectors, including supply chain attacks.
Information Leakage: Leakage of private or sensitive information in sustainability disclosures, where detailed data on energy usage and resource consumption can inadvertently reveal confidential information about an organisation's operations.
Fragility: adding monitors, green schedulers and other software solutions increases the overall complexity of existing software and therefore the maintenance burden and likelihood of something breaking.
Type 2 Green-Sec: how sustainability solutions can be manipulated or gamed to achieve dishonest outcomes or even increase environmental harms. This type focuses on the integrity and manipulability of sustainability metrics and practices.
Hypothetical examples of Type-2 green-sec issues include:
Greenwashing: Sustainability metric design that enables greenwashing, where organisations present a misleadingly positive image of their environmental impact.
Manipulable Metrics: Metrics and measurement frameworks that can be easily manipulated to show improved sustainability performance without actual reductions in environmental impact.
Game Theoretical Considerations: Metrics, frameworks, and reporting standards that inadvertently incentivise undesirable behaviours.
Grid security: Moving compute around grids can cause management challenges - as demand for energy to support software increases it needs to be met without jeopardising other systems that share the grid.
Geopolitical Considerations: International location shifting can have geopolitical and jurisdictional implications, such as moving data centres to countries with more lenient environmental regulations, which can lead to increased overall impacts and reduced transparency.
Metrics as targets: Goodheart's Law states that once a measure becomes a target, it's no longer a good measure.
There seems to be an under explored niche here, building dedicated expertise in balancing the type-1 and type-2 green-sec considerations against the need to ship sustainability solutions for software.
Counterarguments
Here are some reasons to be cautious about green-sec as a concept:
Overlap with existing disciplines: many of the issues handled by green-sec are already in scope for security professionals (mainly Type 1) and sustainability professionals (mainly Type 2) - it’s generally good to avoid terminology bloat.
Green-sec becomes a mechanism for delaying or denying sustainability solutions - endless barriers to action due to manufactured green-sec concerns, either nefariously or because perfect becomes the enemy of the good.
Conclusion
The digital forest is getting darker and less sustainable, accelerated by AI. The emerging discipline of green-sec offers a framework for navigating security and sustainability trade-offs. I'm honestly not sure where this concept goes from here, but I do see these issues being increasingly important as more and more, larger systems incorporate sustainable practises.