The design and security of information technology systems should take into greater account what end users need, what motivates them, how they behave and what their abilities are, according to a new guide document released by the National Science and Technology Council.
The 2023 Federal Cybersecurity Research and Development Strategic Plan dubs this approach “human-centered cybersecurity” and lists it as one of five objectives and “critical dependencies” to guide federally-funded cybersecurity research toward advancing the goals of the Biden administration.
The plan criticizes what it describes as traditional cybersecurity for being overly focused on technology while underprioritizing people, whose actions cyber attackers ultimately exploit. Under the plan’s proposed approach, people are part of cybersecurity challenges and solutions.
Potential research work involving human-centered cybersecurity include coming up with ways to involve end users in the process of developing secure digital technologies; developing ways to make digital technology design factor in what people or organizations actually want to secure; and formulating approaches to evaluate whether a cybersecurity solution is effective, usable and inclusive, and if it offers a good user experience.
The 2023 Federal Cybersecurity Research and Development Strategic Plan was prepared by the Networking and Information Technology Research and Development Subcommittee of the NSTC Cyber Security and Information Assurance Interagency Working Group.
The 2023 plan updates the 2019 Federal Cybersecurity Research and Development Strategic Plan as required by the Cybersecurity Enhancement Act of 2014.
