SoK: Is Sustainable the New Usable? Debunking The Myth of Fundamental Incompatibility Between Security and Sustainability

Every year, millions of functional systems become e-waste because users are pressured to send their systems to landfills due to a lack of vendor support and difficulty in recycling. Vendors cite ``cybersecurity''as the driver for short product support periods, leading to a prevalent, but uninterrogated, belief that cybersecurity and environmental sustainability are fundamentally contradictory; i.e., it is difficult, if not impossible, to build products that are secure, long-lasting, and reusable. To understand the nuanced relationship between security and sustainability, we systematically analyze 29 papers and distill 155 sustainability guidelines into 12 sustainability themes. These themes enable us to compare the sustainable HCI and sustainable software engineering guidance with that of cybersecurity, identifying points of alignment and tension. We find little evidence of a fundamental tension between these two domains; the few instances of tension can be mitigated through thoughtful consideration of security and sustainability objectives. We also find that sustainability, like usable security, struggles with the myth of users as the weakest link and the individualization of responsibility. Building on these parallels, we argue that the usable security community is well-positioned to integrate sustainability considerations, as both fields share challenges in shifting responsibility from individuals to systemic design.