The NCSA (National Cyber Security Alliance) just released the detail of a survey of educators and technologists concerning both cybersecurity and cyberethics education in the schools. Cyberethics is prevention. It attempts to decrease cybercrime by teaching that it really is still crime and not very nice. Cybersecurity is teaching defense.
If I covered the whole report this blog would be longer than the report itself! This may require a few blogs to discuss the many different aspects of the survey, but I’ll cover a few items today. You can get the report at http://staysafeonline.mediaroom.com/index.php?s=67&item=50.
It is interesting to me that according to the report 100% of Technology coordinators, 97%) of school administrators, and 95% of teachers agree cyberethics, cybersafety, and cybersecurity curriculum should be taught in schools. This should come as no surprise as cybersafety and cyber security have become required life skills in our society. As for cyberethics that opens a whole different can of worms that at times may verge on discussions about teaching religion in schools.
The report states that 72% of teachers, 58% of technology coordinators, and 51% of school administrators are most likely to think parents are primarily responsible for teaching children to use computers safely and securely. Another way to state this is that almost half of the administrators appear to believe it is primarily the school’s job to teach these cyber subjects. There is a very sound argument for the schools being the primary teacher. Many, probably most, parents don’t have the knowledge to teach cybersafety and cybersecurity. Most parents probably can teach cyberethics, but it doesn’t help if their kids see them downloading pirated materials!
So, now that we know that there is overwhelming support for teaching these subjects in school, the true challenge is preparing the teachers to effectively teach the subjects. The survey does address this issue to some extent. The report states “Over three quarters of teachers have spent less than six hours on any type of professional development education related to cyberethics, cybersafety, and cybersecurity within the last 12 months. Comparatively, between 2008 and 2010, more teachers have received training in the 6-15 hours range. However, the “less than six hours” of training group remains the largest.”
I believe it will be several years before we actually have enough teachers with enough training and knowledge to effectively teach cybersecurity and cybersafety, but society needs to start providing such training sooner rather than later. It is very encouraging that the recent cybersecurity bill that was passed in the US House of Representatives does pay attention to the role of education. Now we need to translate that to reaching people with effective education… and the same needs to be done throughout the world. It really isn’t just a US problem and education is a great area for international collaboration.
It’s going to take some time to fully digest the report, but I’ll be back with some more observations and thoughts!
Director of Technical Education
Author ESET Research, We Live Security