Should cybersecurity be taught in schools?
Experts weigh in on whether schools should teach kids the skills they need to safely reap the benefits of the online world
With education being one of the key factors in everyone’s life, the education system of any country seeks to provide children not only with elementary competencies, but also equip them with at least some of the skills that they’ll need to successfully navigate their daily lives. In our technology-infused era, then, there’s a strong argument for including also basic cybersecurity skills among the kinds of skills that help people thrive in life.
Besides parents, schools too clearly have a role to play here. Hence, this instalment in our series of articles marking this year’s Antimalware Day will attempt to answer several questions that revolve around the importance of cybersecurity education in the classroom. In so doing, we will also rely on input from several organizations, mainly from Latin America, that have an active role in educating future generations.
Do children and young people finish primary or secondary education with sufficient skills to stay safe online?
It is safe to say that young people are too often unaware of the risks that excessive sharing of photos and posting sensitive information on social media involves, nor do they associate such habits with problems that may ensue, such as grooming, sexting, cyberbullying, and phishing. After all, this is confirmed by findings gathered in a project called “Promoting information security in the school environment” (only available in Spanish) and prepared by the National University of Córdoba, Argentina. As the project’s creators explain, the proliferation of such poor cyber-habits has created the need for parents and educational institutions to actively seek information about privacy and security, notably about various aspects of data protection, cryptography, and prevention from identity and information theft and web-based cyberattacks.
Meanwhile, the Computer Emergency Response Team of the National Autonomous University of Mexico (UNAM-CERT) echoes the view in that children and teens don’t have sufficient cybersecurity skills when they complete primary and secondary education. While computing classes do sometimes include aspects of good cyber-hygiene practices, online behavior isn’t thoroughly addressed. “Just as children are taught about earthquake prevention, they should be educated about the responsible use of information technologies," said UNAM-CERT.
According to Argentina Cibersegura, an NGO that carries out security awareness projects in Argentina, the poor cyber-hygiene skills of young people are due to several reasons. They include the fact that every school gets to decide whether or not it will include cybersecurity basics in its curricula and that teachers themselves are often unable to teach digital skills and specifically cybersecurity.
The United Kingdom, for one, has unveiled new statutory guidance that, among other things, imposes the obligation on elementary schools to implement cybersecurity education into their curricula as of 2020. To aid the process, the schools can even rely on detailed guidelines that should help them prepare pupils for the modern challenges of the online world.
That said, many experts note that curricular changes are unlikely to be enough. “[W]hilst the forthcoming changes to the curriculum are to be welcomed – they need to be funded appropriately – with the right level of teacher training. Unless something changes to provide funding and training, perhaps as part of the election campaign, it’s hard to see how these changes on their own will be sufficient,” Claire Levens, Policy Director of the NGO Internet Matters, told WLS.
Is there enough awareness about the importance of cybersecurity education?
It’s common for people to deal with a problem only when it ‘hits close to home’. As a result, according to UNAM-CERT, many people use technology without giving much thought to the risks of having their personal information stolen until they themselves or their relatives become the victims of cybercrime.
“Information security is often seen as merely a cost, rather than an investment. This results in the failure to allocate resources towards cyber-preparedness, even though investing in education, for example, could bring savings thanks to avoiding cyberattacks and their impacts,” said UNAM-CERT.
Additionally, teaching kids about cybersecurity from an early age could actually help many of them discover this dynamic field and ultimately contribute to closing the talent gap that plagues the industry.
Should cybersecurity education be part of formal education?
Spain, for one, has also considered the idea of adopting official guidelines to ensure that children are taught about online risk and safety behaviors from an early age. Beside adapting Spain’s law to the European Union’s General Data Protection Regulation (GDPR), the country’s Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights also contains a section on the need for increasing the role of cybersecurity education in school curricula. By extension, the section stipulates that the education system guarantees the opportunity for all children to learn to use technology in a responsible and respectful way, as well as in a manner that protects their personal data.
Drawing on this example, Argentina Cibersegura believes that cybersecurity education should be a mandatory part of curricula, not least because “the purpose of schools is to educate citizens – and digital technology cannot be left behind”.
UNAM-CERT echoes this view, noting that cybersecurity education must be compulsory in primary- and secondary education because we live in a digital world and it’s important to ensure that pupils and students can protect themselves by understanding how technologies work and what kinds of risks they involve”.
Are teachers prepared?
Although many teachers may be well-versed in modern technology and may have integrated, for example, collaborative and other tools into their classes, this doesn’t mean that they’re prepared to provide guidance on safe cybersecurity habits.
Indeed, when asked about whether teachers are prepared to teach kids about cybersecurity, Levens of Internet Matters had this to say: “Not at all. We should also be mindful that schools are being asked to do so many things and online safety and security will only ever be a low priority.”
There’s not much cause for optimism in Latin American countries, either. A recent study (available in Spanish) by Mexico’s National Association of Universities and Higher Education Institutions (ANUIES) found that only 51% of third-level education institutions provide training on good cyber-hygiene to their personnel.
In Argentina, the sentiments are similar. “We work with teachers on a regular basis, and neither the education system nor teachers themselves are equipped to deal with this challenge,” said Argentina Cibersegura. “While more and more teachers attend talks offered by Argentina Cibersegura to learn about online dangers, they don’t feel comfortable addressing the issues in the classroom. Everybody believes that this should be done by computer science teachers – a role that most schools don’t even have,” said the NGO.
To wrap it up, there are actually examples of initiatives – the Cybersecurity Education Training Assistance Program run by the US Department of Homeland Security – that are aimed at equipping teachers with the skills they’ll need to teach cybersecurity in the classroom. While much remains to be done to deliver enough knowledge to pupils and students about safe online practices, there is indeed a sense that the importance of cybersecurity education is receiving ever more attention.
Teachers, but not only them, may also want to refer to our recent article that summed up free cybersecurity training and awareness programs for educators.