Cyber Safety: Exploring the Human Element in Online Security
Drs. David Schuster and Jeremiah Still
David Schuster and Jeremiah Still, assistant professors in the Psychology Department of the College of Social Sciences, are using their expertise in human factors—the study of how our capabilities (and limitations) affect our ability to interact with technology—to find new ways of addressing the problem.The data loss and resulting avalanche of bad publicity were a stark reminder that no one—not even one of the nation’s largest department store chains—can count on fool-proof computer security. Everyone, from major corporations to the National Security Agency, is vulnerable.
They are part of a “cluster hire” of new faculty in library and information science, computer engineering, computer science and management information systems who have been brought aboard to create a cyber security research group at San José State University.
“It’s inherently an interdisciplinary problem,” Schuster says. “It’s going to require new solutions that we don’t just have in one of our fields.”
The pair brings to the project extensive experience in product design, human-computer interaction and robotics, as well as the determination to find fresh solutions to old problems. It’s a tall order, Still acknowledges. “The Internet is out of control,” he says. “We’ve never really been in control of it. If we think we’re in control, it’s an illusion.”
Schuster, a Green Bay, Wisc., native who studied psychology as an undergraduate at the University of Tampa, received his Ph.D. in human factors studies last summer from the University of Central Florida.
His graduate research was part of an ambitious U.S. Army project to build robots capable of assisting soldiers in tactical situations. “What the Army wants is to move from a paradigm of robots being driven around to a mode of interaction where a soldier will give a robot a high-level task, like, ‘Monitor this floor of the building,’” Schuster says.
At the moment, that goal is more akin to a pipe dream, he acknowledges. His own focus was on situation awareness in the humans-robot interaction —providing a soldier with goal-relevant knowledge to perform a particular task. That entailed asking information might be most relevant to a soldier at any particular point.
“It sounds intuitive,” Schuster says. “It sounds like we need to increase people’s understanding of what they need to know.” What isn’t particularly clear is how to measure or ensure that, he says.
Since arriving at San José State, Schuster has gotten up to speed on cyber security. The Target data debacle “underscores the fact that cyber security is far from a solved problem and really needs to be worked on,” he says. “It really shows the complexity of it as a problem.”
The heart of that complexity lies in the fact that information “is flowing in all different directions at one time,” he says. “You have to look at interactions between individuals and technology systems, and also interactions among individuals.”
Jeremiah Still has also been on a steep learning curve around cyber security since joining the faculty. One thing he’s learned is that computer users should create their strongest password for their email account, because if your email is attacked, hackers can reset the passwords to all of your other online accounts. “Passwords just aren’t working,” he says.
Still, who grew up in a small town on southern Missouri’s Ozark plateau, has been exploring the human-computer interface since he was a teenager, when his parents bought an HP desktop. By the time he was in high school, he was charging $150 an hour to help local businesses setup and maintain networks.
“Somebody would call me up and I knew how to fix the problem,” Still said. “I liked learning it, but once I figure it all out, it was boring.”
He earned a B.S. in psychology from Missouri Southern State University and moved on to Iowa State University for his Ph.D. in Human-Computer Interaction. Then, Still started a new human factors program at Missouri Western State University, where he designed the curriculum and taught all the classes.
Several factors contributed to Still’s decision to relocate to San José. “I had the opportunity to have collaborators,” he said. “I wanted to be somewhere where I was more immersed in technology. This is one of the hotbeds.”
Human factors research can be applied to virtually every form of technology, Still says. “I find stuff in the cognitive science literature that’s been around for 20 or 30 years,” he says. “How do we apply that to the design context?” For example, research that predicts where people’s eyes will land first when they visit a web page could be of great benefit in pricing online advertising.
Still, whose wife Mary is an SJSU lecturer in cognitive psychology and a collaborator in the cyber security effort, has been working with his students to create more intuitive Cyber Security interfaces. “We’re taking this basic technology that’s been around for a few years and understanding what the human needs are,” Still says.
Still and Schuster meanwhile are working with an industry partner to study how people approach computer security ratings. The question, Schuster says, is “How people make use of ratings related to security when they’re provided by other humans, or by some kind of automated method.”
That entails, among other things, an assessment of the accuracy of crowd-sourced ratings, he said. “Fundamentally, people and computers are good at different things,” Schuster says.
“People have different strengths than computers do. One of the strengths of people is that they are resilient, in the sense that they can deal with unique situations—things that are off the map, the unknown unknowns.”