PROTECTION
Suzanne Zainea
In February, a United States research group published their statistics on cyber hacking.
Three hacks per minute are astonishing but they also estimated over 30 million hacks per day
personally and to the global economy. Who is being targeted? Hackmageddon reported,
business/industry, The U.S. Government, educational institutions, healthcare databases and the
United States Military are the top targets. The only prevention is cybersecurity.
What is cyber security? The National Initiative for Cybersecurity Education (NICCE)
state whereby information and communications systems and the information contained therein
are protected from and/or defended against damage, unauthorized use or modification, or
Policy Report
Hackers take our information and thus, take our control. They steal our identities, break
into our banking systems, hack medical devices, transportation modes and even threaten our
national security. Are you concerned? If you are not concerned, let us take a look and the link
for the NORSE Attack Map (NORSE Attack). This map illustrates the rank in order of attack
origin, type and target. The filter will also display the IP Addresses of attack and the display of
each country being attacked. Other satellite cybersecurity breach maps include Kaspersky, Check
Point and Fire Eye. Cyber hacks are the most critical threat our nation is facing; the problem
grows each year with more cybersecurity breaches reported continuously. The hackers are
becoming more sophisticated and their reach is covering the globe (CyberHeist, Sjouwerman,
2016).
CYBER SECURITY K-12 EDUCATION
How does this happen? We have many questions surrounding cybersecurity. First, we
must understand code. Computer coding is the language that makes the computer operate. More
or less it is lines of text that perform an operation or a function. When these lines of text or code
are altered, copied or stolen, unknowingly or unwillingly, a cybersecurity hack occurs. If we only
we understood coding then we can prevent hacking. Though acquired knowledge of coding and
hacking we can protect our futures, and ourselves but we must prepare now! Our changing world
Current Policy
Recent Legislation
A bill in 2002 was brought forth for the education of cybersecurity technology under the
directive of the Homeland Security Act, and was approved by the House at that time. The bill
recognized the need for cyber education through the Educational at Workforce Initiative. As
recent as February 7, 2017 an amendment to this bill called forth by Shelia Jackson Lee, of
Texas, which included research of K-12 science and technology education board of Advisors to
make new recommendations regarding a K-12 curriculum to initiate guidelines for future
technology curriculum. The new curriculum is to include K-12 cybersecurity by the 2017-2018
This bill also includes federal funding for guest speakers, curriculum materials and
funding for low income school districts and minorities specifically mentioned primarily;
Implementation has NOT yet been decided. But the issue is current, the issue is now and
a call to action has begun with the new implementation of H.R. 935. The next steps will be to
form an advisory committee for the formation of glicks, duties, tasks and outcomes. Then
formulate K-12 curriculum based on the outcomes of the advisory committee(s). Prepare funding
thought the federal government, as promised in the bill, and though grants. Train administrators
Research
There are currently several grass roots groups, small interest groups of people working in
conjunction for the same outcome. grass roots. I was paying close attention because I was
speaking next, but more importantly, because we grassroots grant makers both ask and are asked
that question regularly, and what we hear varies tremendously. But the best quote from
This is exactly what had happened in K-12 cyber security. Many grass root groups have
formed across the United States to ask for more education to be taught in our schools for
cybersecurity. However, the group NICE has emerged as a leader, bringing this issue before the
courts last year through the Department of Homeland Security and the Department of Defense.
NICE has developed a possible Strategic Plan: for Early STEM Strategies from which a K-12
curriculum could be derived. The diagram found on the following page depicts the arms of
NICE and their primary objective. By involving NICE the policy process for change ran
through the courts at a rapid pace, bypassing many political pathways a mandated curriculum
CYBER SECURITY K-12 EDUCATION
would typically take. It is time for the state and local agencies to catch up and that is now
underway.
NICE Model
Help the cybersecurity workforce to partner with local schools, thus providing content
Officer & Cyber Evangelist at Cyber World Institute, based in Las Vegas, Nevada - Information
Technology and Services and is currently part of Cyber World Institute, with operations in
Nevada and Michigan, and is previously associated with California State University, University
of Nevada-Las Vegas, College of Southern Nevada, Texas A&M, San Bernardino, ISACA, the
United State Department of Homeland Security and the Office of the Director of National
Skill and ability development has been left to the employer causing
2017).
implementation to help solve this current and growing problem. The Federal Government has
already decided to provide funding for awareness and resources regarding cybersecurity
education. We know that this is important because we all want and need to be safe on the Internet
Proposing a K-12 cyber hacking curriculum implementation within the school setting, as
part of computer classes already in place is one solution. We teach children as young as pre-
CYBER SECURITY K-12 EDUCATION
school about stranger danger. Yet, the stranger may be sitting on the other side of his electronic
device. Through curriculum policy changes in the K-12 setting, we could better equip our
students by teaching them safe Internet practices. The Stop-Think-and-Connect program, for
safety on the Internet was used this year, successfully, across the United States for voluntary
participating schools through NICE. The National Cyber Security Alliance Group has provided
through lessons in SCRATCH, https://scratch.mit.edu/, (MIT, Media Lab, n.d.) HTML hyper text
mark up language and simple BASIC Programming. Simple dBase applications could be taught
in the middle school curriculum and the manipulation of dBase would give the student an
understanding of how the dBase operates. Access usually comes with the Microsoft Office
package and is easily available and relatively low in cost. Safety on the Internet would continue
Cyber World Institute has been a forerunner in cyber security education and certification
of the Department of Defense. Although most of their interest lies in the postsecondary level
they did touch upon the idea of a K-12 cybersecurity curriculum. Cyber World does express a
deep interest in a K-12 cybersecurity curriculum and had this to offer during a personal
interview with President, Linda Montgomery. An excellent idea! We should start exposing our
American children to programming as soon as possible. We are so far behind the Chinese and
CYBER SECURITY K-12 EDUCATION
the Russians in this regard. They have cyber schools set up for children who learn to code as
cybersecurity and hacking prevention courses to keep up with the China and Russia. The article
continues that children between the ages of 14-18 will be taught hacking and cybersecurity
(Dearden, 2017).
Can you imagine what they can do by the time they are in high school? It is not only
necessary but also imperative that we catch up. I love the idea of introducing programming
technology through Scratch. The children think that they are playing a game and dont even
realizing that they are learning how to use and manipulate code. They can also learn HTML at
As the students enter high school we would begin to teach higher level programming
languages such as C, Java, Java Script and Python, to name a few. The intrinsic idea is that as the
student learns to code and the process of coding he/she will then be able to understand the
mechanics of the cyber hack and thus, cybersecurity. At the local level we could propose a pilot
district to spearhead the curriculum. This proposed solution might require implementation
mandated at the state level. On a larger scale at the Federal level our nation would benefit by
producing true cybersecurity skills to all cyber users. In the long run we would create the first
High School age curriculum advocates in the political and the educational arena are
interested in cybersecurity. At the October 2015 North American Cyber Security Conference,
Governor John Bel Edwards joking said, Either we are producing a state of fantastic
lower levels are concerned about the responsibility of children that may become cyber hackers
in an unethical manner. That is a possibility, however ethical usage of a computer would be part
IT (Information Technology) curriculum a student could advance toward earning one of the top
5 Information Security Certifications while still a high school student. Included is a list of
certifications below. The first two are feasible, the third would be much too costly for schools
and the third group would require many years of study beyond the scope of high school
A better track for high school would be A+ to Net+ to Sec+ to CEH to a specialty area
such as forensics, incident response, etc. Focus on the beginning/novice certs at the high school
CYBER SECURITY K-12 EDUCATION
Vocational Technical level, as this is applicable to a senior entering IT at the entry level
Vocational Technical Centers provide high school students the opportunity to acquire
skills that will result in their employment. The core purpose of the role of education at the
Vocational Technical Center is job training. What are the projections for the future job market
for cyber security certified student? The (United State Bureau of Labor Statistics, 2015)
estimate and 18% increase in the need for cybersecurity workers. This is one of the fastest
growing technical areas with a much higher than average growth rate.
The annual income for cyber security specialist is also comfortable salary. INFOSEC
Institute reports that the average payout to a Certified Ethical Hacker is $71,000 per year.
Remember, this is the lowest certification offered in cybersecurity. This school also offers
Ethical Boot Camps. The Boot Camps will provide intense training. 40 hours of instruction
concluding with a test for certification (Training Camp CEG v9 Boot Camp, 2017).
This career is in very high demand and the pay would be very enticing for high school
students. This program would fulfill the increase demand for cybersecurity workers in the
workforce, security our cyber user information while training our students at the same time for
gainful employment. In Michigan the programming language can take the place of the
requirement for foreign language. A topic many foreign language advocates do not like.
However, we can easily see that the employability and the need for security argument can be
10
curriculum for a CTE (Career Technical Education) program, The Office of Career and
Technical Education would like to announce the addition of a new CTE program for
Cybersecurity. The new CTE program will operate under the CIP code and title of 11.1003
Computer and Information Systems Security/Information Assurance. (Knight, April 11, 2017).
Little change would be needed to implement this curriculum in the Vocational Technical
arena, since the equipment is already in place. The original implementation would be more
expensive at the planning and development stage than at the maintenance and updating stage.
curriculum taught by business and industry, parent groups and community leaders, such as
police.
This final policy change was disregarded after research and interview were conducted
based on the findings and opinion that when business and industry implement a program within
the school system interest fades and programs do not have a great overall follow through. But
with a strong community commitment and an excellent advisory committee that remains in
contact long term, this problem can be resolved. Several reasons exist for this outcome such as
lack of ongoing interest, changes in business owners, financial cuts and overall changes in values
(Fowler, 2013).
11
We should implement artful planning even though this topic has arisen out of discourse.
Fowler states discourse in education is expressed in a powerful language that links the issue to
deeply held value, hope, fears, and aspirations. Emotional words and expressions, including
assertions that the issue has a bearing of key national priorities such as military security and
economic growth (Fowler, 2013). The fear, hope and aspirations for a safe cyber world for the
United States are certainly the driving force behind the push for cybersecurity K-12 policy.
From my research and interviews, I have concluded that the best avenue for advancing
the K-12 cybersecurity curriculum is twofold. First, we must begin very young and the
elementary level to teach generalized safety on the Internet practices. Therefore K-12 awareness
must be a continual theme though out the curriculum. Second, programming should be
My final and strongest recommendation for policy change, is to expand the current
information technology programming career paths at the vocational technical centers and offer
certifications in CompTIA Security+ and CEH: Certified Ethical Hacker. We will see changes
soon and produce the first globally competitively safe, tech savvy, cyber secure aware United
States citizens.
Reference:
CYBER SECURITY K-12 EDUCATION
12
Department of Homeland Security. (2017). NICCS glossary. National initiative for cybersecurity
cert.gov/glossary
Deardon, L. (2017). British teenagers to be taught 'cyber curriculum' to defend UK against threat.
gb/news/uknews/british-teenagers-to-be-taught-cyber-curriculum-to-defend-uk-against-
threat-of-hacking-attacks/ar-AAmPzZ2?li=BBoPRmx
Deruy, E. (2016). A plan to teach every child computer science. The Atlantic Monthly Group.
every-child-computer-science/504587/
Education and the Workforce; Science, Space, and Technology; Homeland Security, 2017 H.R.,
H.R. 935, 112tg Cong (2002), Amended, Cybersecurity and Infrastructure Protection
(2017)
Fowler, F. (2013). Policy studies for educational leaders (4th ed). (pp. 137-138, 159) New Jersey:
Pearson.
Fung, B. (2013). How many cyber attacks hit the United States last year? NextGov. Retrieved
from http://www.nextgov.com/voices/brian-fung/6868/
MIT Media Lab. (n.d.). Scratch online creativity lab. Lifelong Kindergarten Group. Retrieved
from https://scratch.mit.edu/about
CYBER SECURITY K-12 EDUCATION
13
National cyber security alliance brings new learning resources to K-12 classrooms. (2011).
proquest.com.cmich.idm.oclc.org/docview/898820291?accountid=10181
http://www.hackmageddon.com/category/security/cyber-attacks-statistics/
https://blog.knowbe4.com/ cyber-attack-maps...accurate-or-just-eye-candy
Training Camp CEG v9 Boot Camp. (2017). Knowledge Key Associations. Retrieved from
http://www.trainingcamp.com/global/training/ec-council-courses,aspx.
http://www.bls.gov/oes/current/oes151122.htm