- Contribution to the modification of standards to facilitate their use by manufacturers and writers of associated vertical standards
Cybersecurity/Network and Information security
Cybersecurity standards have traditionally focused on the operation of the hardware, software and firmware of the systems. The needs of the human elements have often not been fully considered and negative viewpoints are sometimes heard in cybersecurity standards meeting with respect to untrained and/or vulnerable consumers/end users. By considering and supporting the `human element’ in products with digital elements (an essential element), it is hoped to reduce the potential for harm to the system and also to reduce the harm to the end user. In particular improved communication should reduce the physiological harm caused to the end user when something goes wrong and they think it is their fault. Cybersecurity standards for digital systems can thus be seen to support vulnerable users and to acknowledge that all end users can be vulnerable in specific circumstances
- Using accessibility standards to increase the cybersecurity of the full range of consumers
Accessibility of ICT products and services
My contribution impacts in SMEs in a small but important way. The requirements of consumers with respect to how security information (such as updates or warnings) needs to be presented to end users in a clear, easy to understand and timely manner, without the use of unnecessary, unfamiliar terminology. Many SMEs will have access to or employ Cyber Security experts. They will therefore have similar requirements for information to be presented in a clear, useable, timely and concise way. I have referred to the issue of information to be presented in a useable way in a number of meetings. This is particularly relevant with respect to information impacting purchasing decisions or with reference to security updates.
My work supports ICT accessibility and digital skills. It did this by promoting the requirements of end users when these people were acting as part of a system involving the use of products with digital elements. These end users will include vulnerable end users. In these systems the end users will be involved in a range of set up and management activities with respect to the digital elements including choosing the products and their application, selecting and maintaining levels of Cybersecurity and making decisions on when the product has reached its end of life. Products with digital elements include health monitoring and quality of life products which can improve the life and health of the end user, if they fail or become unsafe, they may impact the physical, sensory or cognitive health of the end user. If their operation becomes uncertain, they may cause stress, which impacts the cognitive health of the end user. By supporting the end users to make sensible decisions when selecting or maintaining a product with digital elements, the followers of the relevant CRA standard will increase the digital skills of the end users. This can be achieved by enabling standards writers to create standards which consider the needs of all end users. The aim of this project was to assist the standard writers to do this.
Value of Research
The standards being developed should cover the requirements of the full range of stakeholders (including users, affected bystanders and manufacturers etc) over the complete lifetime of the product.
Title & Organisation Name: Independent Expert
Country: United Kingdom
