The cybersecurity community often depends on technological solutions without fully appreciating the human element – the key individual and social factors impacting security adoption. To address this shortfall, the Human-Centered Cybersecurity program at the National Institute of Standards and Technology (NIST) seeks to “champion the human in cybersecurity” by performing human-centered research at the intersection of cybersecurity and human factors. This presentation will provide an overview of usable cybersecurity, why it’s so important, and the goals and projects of the NIST Human-Centered Cybersecurity program. NIST’s recent research project to better understand consumers’ challenges and perceptions of smart home security and privacy will be described in greater detail as an example project. This project informs efforts to develop guidance on how smart home stakeholders can implement more usable security solutions and assist consumers in understanding the security and privacy implications of these products.
Keywords: cybersecurity, privacy, usability, smart homes, internet of things
Julie Haney leads the National Institute of Standards and Technology’s Human-Centered Cybersecurity program, which seeks to provide actionable guidance to practitioners, policy makers, and standards developers. Her recent research focuses on security professionals’ work practices and consumers’ smart home security/privacy experiences. Julie’s current role leverages a prior 22-year career in the Department of Defense as a security professional and technical director, where she conducted vulnerability assessments and authored widely-adopted security guidance. She earned a Ph.D. and M.S. in Human-Centered Computing from University of Maryland, Baltimore County, an M.S. in Computer Science from University of Maryland, and a B.S. in Computer Science from Loyola University Maryland.