When Should Cybersecurity Education Start? Some Say Elementary School
As reports of cyberattacks multiply—from national election-related hacking to school-level phishing scams—the need for trained high school and postsecondary graduates in the field is growing.
And increasingly, industry, governments, and educators are looking to introduce students to online security earlier in their K-12 careers, in the hope of encouraging their continued academic study of the topic and their awareness of careers in the field.
Creating curricular opportunities for younger students to learn the basics of networks, cryptography, and cyberethics is a topic in focus at the event taking place this week in Nashville, Tennessee. The conference is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce.
The elementary and secondary curriculum developed by the National Integrated Cyber Education Research Center weaves cybersecurity principles into core academic subjects, said Kevin Nolten, the organization's director of academic outreach, during a presentation at the conference. Funded through the Department of Homeland Security, all NICERC curricula and professional development are free for districts and schools.
Nolten pointed to a lesson on series and parallel circuits as an example of this integrated approach.
Instead of teaching the properties of electricity and ending the lesson there, NICERC asks students to imagine there's been a cyberattack on the nation's power grid, and that it's their responsibility to get the system back up and running.
Students learn how to rewire the lights, but they also get experience managing a cyberattack in real time.
"We want to change the context of the [cybersecurity] content to something that's engaging to the student," said Nolten.
'On-Ramps' for Young Students
Some lessons are designed to incorporate robotics and programming tools, like the micro:bit, Raspbery Pi, Boe-Bot, and Arduino robot. Others reach beyond technical skills, tackling cyber ethics issues like the U.S. Patriot Act and the tension between privacy and security.
With lessons spanning multiple grade levels, NICERC hopes to create a cybersecurity "interstate," said Nolten, with "on-ramps" in elementary school and "off-ramps" that include many different postsecondary education and career paths, from certification programs to bachelor's degrees.
"The number one reason that students do not major in STEM is that they do not know what these careers are," said Boyington.
Learning Blade, a career explorer tool designed by her company Thinking Media, offers virtual STEM-related "missions" that introduce middle school students to potential careers in these fields. The tool is available for free to all teachers in Tennessee and Arkansas through state partnerships.
One mission, supported by IT company Tata Consulting, asks students to imagine they're conducting damage control after a hack to their school's network. The mission teaches how to secure social media accounts, websites, and apps.
The activity and similar lessons can demonstrate to young students how cybersecurity skills can help solve real-world problems—and that these skill sets can "actually help society," said Boyington. Part of the focus on building STEM skills needs to include demonstrating this relevancy to students, she said.
"We don't always take them to the finish line and show them that."