Written by Corinne Lestch

This is the third of a three-part series on cybersecurity in K-12 education. To read part one, click here. To read the second installment, click here.

Cybersecurity is becoming declassified for K-12 students.

Around the world, from California to Iowa to Qatar, experts and teachers are finding ways to introduce cybersecurity concepts into the classroom as students become more conversant on computers and willing to share their lives on social media.

The complex topic — which is commonly talked about in terms of data breaches in the federal government and beyond — is typically taught in after-school programs and integrated into traditional classes, like math or health.

“It’s a relatively new field, and we’re all figuring out how to educate kids,” said Virginia Lehmkuhl-Dakhwe, director of a STEM education program at San Jose State University. She oversees a program called CyberGirlz to expose female middle school students to cybersecurity.

“We regard it the same as personal hygiene — it’s really important for kids to function online, to understand what the reality is and what the risks are,” she added.

Each day, on laptops in school and desktops at home, kids can encounter cyberbullying and online scams; shop virtually and share email addresses; and build reputations and leave digital footprints on sites like Twitter, Facebook and Instagram.

“Using technology is one of the three ‘Rs’ of the 21st century,” said Michael Kaiser, executive director of the National Cyber Security Alliance, referring to the traditional subjects of reading, writing and arithmetic. “If you don’t graduate from high school knowing how to use technology, it’s going to be a hindrance in the same way if you don’t know how to read.”

Creating a new curriculum

Instructors are capitalizing on this gap in schools’ curricula and have been dreaming up creative ways to get kids — and school officials — interested in lesson plans on digital safety.

Students “need to really consider that what they share online can impact themselves and others,” said Rebecca Randall, vice president of education programs for Common Sense Education, part of a nonprofit group that promotes digital citizenship.

Common Sense bought a curriculum in 2009 called CyberSmart! and updated it to include real-world scenarios and case studies, videos and animation, and distinct lessons for students in kindergarten through 12th grade. It’s now used in 93,000 schools.

“CyberSmart! was the only curriculum we saw at the time that was not fear-based; it was really about empowerment,” Randall said.

In online games, elementary school students spot differences in the digital trails left behind by two animals, while high school students play the role of a TV producer who has to pick a game show host based on the candidates’ social media profiles.

“Ultimately the idea is to scaffold the same concepts over time, but there are opportunities for deeper learning as [the students] get older,” she said.

And kids should leave a digital trail, Randall said, as long as it’s a positive one — like creating online petitions, music, coding or games for others to view.

“Colleges and employers are looking online for information, and I imagine if they found absolutely nothing about a student, they would find that a little unusual,” she said. “You want a positive footprint that captures the great things kids are doing in their lives, not just posting a picture of themselves at a party with a beer in their hands.”

A team at Iowa State University is also trying to build an engaging curriculum for students in middle school, to be rolled out this fall, and high school, which will launch in January.

Concepts include passwords, malware, wireless security, privacy and online threats, said Doug Jacobson, a professor of electrical and computer engineering at Iowa State who is creating the materials along with a high school math teacher. They are basing the curriculum off a college course on security literacy.

“When we look at K-12 education, it’s fairly controlled as far as what courses you take, so we decided to unbundle a lot of what we put together,” Jacobson said in an interview. “And that would allow teachers in a math class to talk about passwords, because they’re nothing more than a complex mathematical concept.”

So far, he said, about a dozen schools have signed up for the middle school workshops, and another dozen or so high schools have expressed interest in adopting the new curriculum.

Cybersecurity as a career

Some say an unintended consequence of heightened cybersecurity awareness may get kids interested in hacking.

Jacobson ruled out the theory, arguing that bad actors would likely find a way to game the system.

“The people intent on being really malicious aren’t going to come to a class to learn how to do it,” he said. “This isn’t about taking someone and converting them to the dark side.”

But, he said he hopes the courses will have a different side effect.

“Our hope is that students will become at least interested in security and maybe look at that as a career path,” he said. “We make no pretense. That’s our goal.”

Added Lehmkuhl-Dakhwe, “When [students] see a doctor or police officer, they are exposed to those kinds of careers and will think about it for themselves. They don’t often meet a chief information security officer in their day-to-day activities, so hopefully this will lead into making that career a possibility.”

Mala Bawer, co-founder of CyberSmart Education, a digital literacy company that offers professional development for teachers, said it’s also important to show teachers how to incorporate security and digital ethics lessons into their classes.

“Schools would have a one-day ‘dangers of the Internet’ course or they pull in a cyberbullying expert,” she said. “Our focus is to get teachers comfortable with 21st century skills so they’ll begin to integrate these skills in the classroom.”

Bawer, who sold the CyberSmart! curriculum to Common Sense after McGraw-Hill Education stopped funding it, said her new venture is expanding to far-flung countries like Qatar — where students are plugged into mobile devices 24/7.

Experts agreed that more schools are realizing that a one-time assembly or guest speaker on cybersecurity won’t be sufficient in today’s fast-paced, technological world.

“More districts are being thoughtful about taking a whole-community approach,” Randall said. “Unfortunately, there are still districts doing the bare minimum, and I believe that may come back to bite them.”

Reach the reporter at corinne.lestch@fedscoop.com or follow her on Twitter @clestch.