cyber security IT Services

New Federal Cyber R&D Plan Emphasizes Human-Centered Cybersecurity: What It Means for Users and Organizations

view from behind woman sitting at desk and pulling her hair in frustration as her computer appears to be hacked. | cybersecurity blog

The Whitehouse’s recent Federal Cybersecurity Research and Development (R&D) Strategic Plan, is prioritizing human-centered cybersecurity for the next four years. This is a great approach as we have seen an increase in attacks that exploit human error.

“Increasingly, cyberattacks exploit the roles, actions, unintentional errors, and propensities of humans, particularly as end users. A greater emphasis is needed on human-centered approaches for cybersecurity,” it notes.

This plan emphasizes the importance of designing cybersecurity systems with the needs, motivations, behaviors, and abilities of people in mind. This shift towards a more people-focused approach is in harmony with recent warnings from many cybersecurity professionals.

But what does a more effective collaboration between humans and technology look like?

The Battle Against Rising Phishing Tales

Human-centered cybersecurity aims to make systems more secure by accounting for human factors, such as behavior and motivation, in the design process. This approach could lead to more intuitive and user-friendly security measures, reducing the likelihood of human error and improving overall system security. However, implementing human-centered cybersecurity principles also presents challenges, including the need for collaboration between cybersecurity experts, psychologists, and designers.

For the rest of us, operational awareness has never been more important. “Organizations need to invest in training now to ensure that their employees can handle the increase in social-engineering attacks,” states ATS President Maria Chamberlain. “The cost of a slow response to this threat could be in the millions.”

Employee awareness involves ongoing reporting, assessment and adjustment to evolving threats. Compliance and regulatory updates may also be necessary for some organizations to ensure that they are meeting the requirements of this new focus on human-centered cybersecurity.

Human-centered, not Tech-centered.

Human-centered cybersecurity can be thought of as designing a security system that is tailored to the people who use it, rather than expecting people to adapt to the system. This is similar to designing a building with accessible entrances and elevators so that everyone can easily navigate the space. In the same way, a human-centered cybersecurity system is designed to be intuitive and user-friendly, reducing the likelihood of human error and making it easier for people to do their jobs securely.

While the innovation of new, or the improvement of older systems may take time, there are steps that organizations can take now to improve their human-centered security position:

Preventative Measures and Awareness:

To begin implementing some basic human-centered cybersecurity principles, organizations can take the following steps:

  1. Conduct a thorough assessment of the current cybersecurity system to identify areas where human factors may be contributing to vulnerabilities.
  2. Collaborate with experts in cybersecurity to develop a tailored approach to human-centered cybersecurity.
  3. Provide training and resources to employees to ensure that they are well-equipped to handle the rising threats that demand this approach.
  4. Regularly assess and adjust the cybersecurity system and user behaviors to ensure that it remains effective and intuitive for users.
NIST Phish Scale Training Logo

The National Institute of Standards and Technology (NIST) offers resources and guidance on implementing human-centered cybersecurity principles HERE.

“Organizations need to invest in training now to ensure that their employees can handle the increase in social-engineering attacks, the cost of a slow response to this threat could be in the millions.”

Maria Chamberlain, President, Acuity Total Solutions


The shift towards human-centered cybersecurity represents a significant change in the way that organizations approach cybersecurity. While there are potential benefits to this approach, it also presents challenges that will require collaboration, investment, and ongoing assessment. By prioritizing human-centered cybersecurity, organizations can create systems that are more secure, user-friendly, and resilient in the face of cyber threats.

Additional Notes:

According to the 2023 Federal Cybersecurity R&D Strategic Plan, “Traditionally, cybersecurity has been approached through a technology-centric perspective, with limited consideration for people’s needs, motivations, incentives, and behaviors. As a consequence, organizations have given emphasis to technological solutions (e.g., firewalls, intrusion detection systems) and have underprioritized a holistic understanding of the human-centered issues, including the needs, choices, and motivations of people. As a result, a majority of cyberattacks exploit the roles and actions of people, particularly as end users.”

This quote highlights the potential benefits of a human-centered approach to cybersecurity and underscores the need for organizations to prioritize this approach in their cybersecurity strategies.

Special thanks to Meritalk’s coverage of this Government IT News.