The National Institute of Standards and Technology (NIST) recently hosted a workshop focusing on human-centered cybersecurity, as detailed in a new report. Ann Rangarajan, an assistant professor at Illinois Tech, contributed to the "Workshop Summary Report for ConnectCon 2024: Minding the Gaps in Human-Centered Cybersecurity," published by the United States Department of Commerce.
Rangarajan was among 13 authors from academia, industry, and government who examined how cyber attackers exploit human factors such as roles, actions, tendencies, errors, and lack of knowledge. The report aims to address these vulnerabilities.
“This report potentially holds to spark a broader movement—one that truly elevates the human element in cybersecurity,” said Rangarajan. She emphasized the importance of integrating human considerations into cybersecurity discussions across all levels.
ConnectCon gathered 45 experts to discuss how human-centered cybersecurity can be integrated into workplaces. They identified five key challenges and proposed solutions for each. “What struck me deeply was witnessing the walls between academia, government, and industry come down,” Rangarajan noted about the collaborative environment at ConnectCon.
Challenges highlighted included innovation gaps due to misunderstandings of human behavior, siloed communities, technical overemphasis, adversary flexibility, lack of shared agendas for human-centered cybersecurity impacts measurement, psychological stressors, cognitive overloads, and decision fatigue.
Proposed solutions involved defining human-centered cybersecurity clearly with outcome-based guidance focused on impact measurement. It also suggested creating employee engagement platforms and tailored education programs.
Rangarajan's research delves into how psychological stressors affect digital decision-making. “Another ‘next step’ I’m passionate about is embedding the human element more deeply into cybersecurity education,” she stated.
During the workshop sessions structured with guided discussions and interactive exercises allowed participants to identify challenges organizations face when implementing human-centered strategies while exploring potential solutions collaboratively.
Her work focuses on socio-technical systems that examine interactions between people and technology towards shared goals by aligning both components mutually supportive within organizations or communities. With over two decades of leadership experience in IT involving Fortune 100 teams globally gaining insights into often-overlooked aspects impacting system deployment robustness alongside resilience understanding implications if neglected affecting professionals developing maintaining systems along end-users adopting relying upon them alike echoing NIST’s mission bridging researcher-practitioner gaps delivering actionable guidance building evidence aligned strongly combining scholarly expertise alongside industry leadership according Rangarajan herself emphasizing significance behind this program initiative ultimately towards broader societal technology adoption paradigms exploring throughout various contexts individuals groups beyond locally towards wider global scales further promoting greater alignment mutual supportiveness thereof
“The mission of NIST Human-Centered Cybersecurity program is to deliver actionable guidance build evidence bridge gap researchers practitioners which strongly aligns my combined expertise scholar industry leader” affirmed Rangarajan concluding remarks regarding involvement contribution therein overall summary findings observations outcomes derived accordingly resulting therein collectively agreed consensus reached among participating stakeholders engaging actively meaningfully therein altogether subsequently