Every year, millions of functional systems become e-waste because users are pressured to send their systems to landfills due to a lack of vendor support and difficulty in recycling. Vendors cite ``cybersecurity'' as the driver for short product support periods, leading to a prevalent, but uninterrogated, belief that cybersecurity and environmental sustainability are fundamentally contradictory; i.e., it is difficult, if not impossible, to build products that are secure, long-lasting, and reusable. To understand the nuanced relationship between security and sustainability, we systematically analyze 29 papers and distill 155 sustainability guidelines into 12 sustainability themes. These themes enable us to compare the sustainable HCI and sustainable software engineering guidance with that of cybersecurity, identifying points of alignment and tension. We find little evidence of a fundamental tension between these two domains; the few instances of tension can be mitigated through thoughtful consideration of security and sustainability objectives. We also find that sustainability, like usable security, struggles with the myth of users as the weakest link and the individualization of responsibility. Building on these parallels, we argue that the usable security community is well-positioned to integrate sustainability considerations, as both fields share challenges in shifting responsibility from individuals to systemic design.

翻译：每年，数百万台功能完好的系统因缺乏厂商支持与回收困难而被用户迫于压力送往垃圾填埋场，成为电子废弃物。厂商常以"网络安全"为由缩短产品支持周期，导致一种普遍但未经审视的观点盛行：网络安全与环境可持续性在根本上相互矛盾；换言之，开发既安全、耐用又可重复利用的产品即便可能也极为困难。为深入理解安全性与可持续性之间的复杂关系，我们系统分析了29篇学术文献，将155条可持续性准则提炼为12个可持续性主题。基于这些主题，我们将可持续人机交互与可持续软件工程领域的指导原则与网络安全领域进行对比，识别出两者的契合点与冲突点。研究发现，这两个领域之间几乎不存在根本性冲突的证据；少数冲突案例可通过审慎权衡安全与可持续性目标得以缓解。研究还表明，可持续性领域与可用安全性领域类似，均深陷"用户是最薄弱环节"的迷思及责任个体化的困境。基于这些共性，我们认为可用安全研究社区具备整合可持续性考量的优势，因为这两个领域在将责任从个体转向系统设计层面面临着相似的挑战。