NIST summer season intern Miles Walker is researching the function of human error in cyberattacks.
Credit score: R. Wilson/NIST
As extra on a regular basis objects, akin to automobiles and even fridges, connect with the web, new alternatives for cyberattacks open up. So, retaining our expertise secure and safe is extra essential than ever.
As a cybersecurity pupil and summer season intern at NIST, I’m studying firsthand concerning the function individuals play in cybersecurity.
It’s possible you’ll suppose that the majority cybersecurity incidents end result from technological errors, however this can be a widespread false impression. As I performed preliminary analysis for my internship as a part of the Summer time Undergraduate Analysis Fellowship (SURF), I used to be shocked to study that human error accounts for greater than 80% of cyberattacks.
Human error can take varied kinds. Workers can ignore password necessities or create weak passwords. In different instances, employees members might by accident put a system in danger, akin to by clicking a hyperlink in a phishing e mail.
These examples illustrate the necessity to take into account human elements, particularly how individuals suppose and function, in cybersecurity. Regardless of the importance of human elements, many organizations fail to deal with these points when designing cybersecurity pointers and procedures. Consequently, they could miss alternatives to establish and stop breaches.
This summer season, I’m interning at NIST’s NICE Program, which promotes cybersecurity schooling, coaching and workforce improvement. I’m conducting a case examine on human elements in cybersecurity. This entails reviewing varied analysis publications on these incidents and analyzing the human elements which will have induced them.
Credit score:
NicoElNino/Shutterstock
To additional slim down my analysis, I’m emphasizing supervisory errors and their doable function.
For instance, I’ve researched the 2011 assault by the hacker group Nameless on the expertise safety firm HBGary. Prime executives’ poor password administration was among the many points that contributed to the assault. Quickly after, the corporate’s safety agency, HBGary Federal, went out of enterprise.
NIST gives the NICE Workforce Framework for Cybersecurity (NICE Framework), a nationally acknowledged useful resource that organizations use to coach and practice their staff and to assist forestall cyber incidents just like the one which occurred at HBGary. Inside the framework, there’s an outlined function for managers, known as the Program Administration Work Position. This work function and others supply steerage on how managers can strengthen cybersecurity of their organizations.
I hope my analysis could be integrated into the steerage for this work function. This could permit organizations to raised educate their supervisors on find out how to scale back avoidable human errors and create a extra strong cybersecurity workforce.
Experiencing NIST as an Intern
As I write this a bit over midway by means of my internship, I can say it has been immensely enriching.
I’m lucky to work underneath an incredible mentor and a supportive workforce full of vibrant minds. I’ve gained worthwhile skilled expertise and analysis expertise that I’ll you’ll want to use as I proceed my schooling.
Probably the most memorable experiences was attending NICE Director Rodney Petersen’s testimony earlier than the Home Homeland Safety Committee. It was a really fascinating glimpse into the interior workings of our authorities departments.
Moreover, dwelling alone has allowed me to additional develop essential life expertise, akin to budgeting and time administration.
Pursuing a Profession in Tech
Having grown up within the 2000s and 2010s, I used to be surrounded by expertise from a younger age. I imagine this was the catalyst for my rising curiosity within the subject.
I knew early on that I needed to review a technology-related subject in faculty and doubtlessly pursue it as a profession. This led me to pursue a pc science diploma at Hampton College, a traditionally Black college in Virginia.
Nevertheless, after realizing that I didn’t benefit from the math facet, I switched to cybersecurity. This opened my eyes to a brand new facet of expertise that I hadn’t checked out intimately earlier than.
After ending my undergraduate schooling, I plan to pursue a grasp’s or legislation diploma. After that, I’m retaining my profession choices open, however I do know that I wish to work within the expertise sector.
The SURF program has given me invaluable expertise working a federal job. I hope to intern at Google, Microsoft or one other tech firm sooner or later to discover work within the personal sector. In an ideal world, I’d like to work within the online game trade, whether or not it’s in cybersecurity or a distinct function.
Recommendation for Future SURF College students
My finest recommendation for future interns is to maintain an open thoughts. Don’t be afraid to discover quite a lot of matters and alter course if wanted. The trail of analysis is rarely a straight line.
Don’t really feel like that you must know a ton about your subject to start out both. The purpose of analysis is to study and discover.
You received’t all the time get the outcomes you anticipate — or the outcomes you need — however you’ll all the time come out of it studying one thing new.
