U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SOUPS 2024 Design-A-Thon: Designing Effective and Accessible Approaches for Digital Product Cybersecurity Education and Awareness

Image of a lock on a shield with a multicolored circles in the background to represent cybersecurity.
Credit: Daniel Eliot/NIST

 

This Design-A-Thon will explore creating effective and accessible education and awareness materials addressing the cybersecurity for digital products, drawing together the decades of research and expertise of the Symposium on Usable Privacy and Security (SOUPS) community. Teams will develop an education and awareness strategy for different types of digital products (e.g., smart thermostat, public electric-vehicle charger) that can inform users about: 

  • The product’s cybersecurity capabilities; 
  • How to maintain the product during its lifetime and after the period of security support;
  • How the product can be securely re-provisioned or disposed of;
  • Vulnerability management options that could be leveraged by users; and 
  • Additional product cybersecurity information users may need to know. 

The purpose of the design-a-thon is to develop a series of case studies that provide experience in considering the human element of cybersecurity from a variety of perspectives. 

Background: 

Efforts across the globe (e.g., baselines, labels, standards) to drive digital product cybersecurity are emerging. For example, cybersecurity labeling and certification schemes in the United States, Europe, and Asia focus on consumer IoT products, while government and standards bodies examine the cybersecurity of connected medical  devices and other connected industrial products. While interest in digital product cybersecurity is welcome, technical considerations frequently-draw attention while non-technical and usability considerations are overlooked. Yet, strong cybersecurity capabilities built into digital products can be weakened, circumvented, or ignored if users are not aware of the capabilities or not well-versed in cybersecurity. User education and awareness can increase users’ knowledge of cybersecurity risks in digital products, communicate their role in securing their products, and empower them to leverage product cybersecurity capabilities. Robust, effective, and accessible cybersecurity education and awareness can maximize the use and utility of products’ cybersecurity capabilities, increasing users' self-efficacy and encouraging positive cybersecurity outcomes for users of digital products. Despite its critical importance, strategies for promoting education and awareness of cybersecurity are not well reflected in guidance and standards. Work like that published at SOUPS captures many of the insights and approaches that can help develop effective strategies for educating users and making them aware of cybersecurity related to the digital products they use.

Before the Design-A-Thon:

If you are interested in participating in the Design-A-Thon, please email us at iotsecurity [at] nist.gov (iotsecurity[at]nist[dot]gov)

  • Name
  • Organization
  • Experience with IoT products

We plan to assign participants who email us their interest to teams of 3-5 for the Design-A-Thon. If you have already assembled a team of 3-5 individuals, please let us know in advance and we can keep you as a team for the event!

At the Design-A-Thon: 

This is an in-person event and all participants must attend the design-a-thon, which will be held at the  Twentieth Symposium on Usable Privacy and Security in Philadelphia, PA. Teams  of 3 to 5 people will document their strategies for the sample digital product assigned to each team. Participants will be encouraged to think outside the box and leverage their knowledge and expertise to develop ideas and strategies for informing users of the digital products about the areas important to product lifecycle cybersecurity, as highlighted above. 

Agenda 

09:30-10:00 – Welcome and Instructions

10:00-10:05 – Breakout into teams and assignment of digital products

10:05-10:30 – Teams Initial Brainstorm (25 mins)

10:30-10:35 – Checkpoint

10:35-11:25 – Teams Honing of Ideas (50 mins)

11:25-11:30 – Checkpoint

11:30-12:30 – Teams Finalize Ideas (60 mins)

12:30-12:35 – Break and Regroup

12:35-1:15 – Team Presentations

01:15-1:30 – Closing Remarks

 

After the Design-A-Thon: 

These strategies, the experiences of the teams developing them, and the thinking that went into the choices for each product will be captured by the organizers so that general findings and potential next steps for researchers, policy makers, manufacturers, etc. can be published in a report by NIST.

If you have any questions, please email the design-a-thon organizers at iotsecurity [at] nist.gov (iotsecurity[at]nist[dot]gov).

NIST Speakers

Michael Fagan
Julie Haney
Kristina Rigopoulos
Daniel Eliot
Barbara Bell Cuthill

This event page exists for the limited purpose of identifying where and when NIST employees will be speaking or presenting with respect to the topics identified. The existence of this page is not intended to imply a recommendation or endorsement of this event or its organizers. After the presentation, NIST will endeavor to make the materials created and presented by NIST employees available on this page, at no cost.

Created March 28, 2024, Updated April 4, 2024