For most of our students, their activities online are as important as their activities in the real world. We need to recognize this and help our students to make the most of the opportunities that online technologies and social media offer to help them develop key skills. We need to help our students become reflective and responsible digital citizens.
Teaching cybersecurity is a lot more than teaching hacking. It really focuses on how EACH of us can keep our own data safe. Often, the biggest threat to our own data getting into the wrong hands is us. We give up our data freely and without thinking about it all the time via links, forms, and just clicking around the web. Students need to learn to recognize this and learn ways to better protect their own data.
The CodeHS Introduction to Cybersecurity course includes content that helps students protect their own data and the data of others and much more. Here are some of the topics in the course:
- Recent cyber attacks
- The CIA (confidentiality, availability, and integrity) Triad to help form policies for keeping information secure
- Digital footprint and reputation
- Internet safety
- Data privacy and security
- Information literacy
- Effective internet searches; evaluating online resources
- Creative credit and copyright
- Ethical hacking
- Basic and more advanced cryptography so we can encrypt our data
- Using developer tools
- Basic SQL
- Networking fundamentals
- Basic system admin
- Cybersecurity employment (the outlook is stunning!)
- And more!
Teaching Ethical Hacking
The reason behind learning about how to perform cyber attacks is to build up our offensive skills so that we can “take a good shot at ethically breaking apps for the betterment of society. Whether they’re your own apps that you’ve built or ones you’re testing as part of a dev team doesn’t really matter. It’s the same skills and the same end result – we want to find bad stuff before bad people do.” - Troy Hunt, Cybersecurity Expert
Our students need to know how to hack because whether they have websites or apps for their own use OR if they become security experts, law-abiding citizens look at the code differently than attackers do. Students can’t know the true vulnerabilities of a web site or app until they've tried hacking them themselves.
In the CodeHS Introduction to Cybersecurity course we discuss white, gray, and black hat hackers. Many people don’t even know that white hat hackers (the good guys) even exist. Often, we just hear the word “hacker” and immediately think of a young, white male who wears a gray hoodie and lives in his parents’ basement.
Our goal is to get the students on the good side by giving them a safe environment to discuss and test ideas and skills that they learn. With younger students the idea of a “superhero” can be introduced; older students might buy more into the idea of being a “detective” or “investigator” - all on the hunt for the bad guys.
Discuss real threats of cyber attacks and allow students to be part of the solution
School IT staff can sometimes have concerns when teaching students about ethical hacking.
We can actually encourage promising white hat hackers and potential cybersecurity experts if we allow students to learn, and tinker and talk about hacking in a positive light. The hacker-minded student is going to pursue his or her own studies anyway, so why not provide the framework, oversight, and encouragement to set them on the right path? When you read the article listed below, you’ll see the amazing story of a would-be black hat hacker who eventually turned to a promising career in the IT industry because of something his high school principal did to support his talents and interests. http://www.slate.com/articles/technology/future_tense/2015/05/schools_should_teach_students_to_be_ethical_hackers.html
In the cybersecurity course, students will be testing various kinds of attacks and considering ways to mitigate them, so we need to provide a safe setting for them to do so. It's important to establish appropriate behaviors and clear rules. Violations should be handled the same as in other kinds of hands-on classes. SQL injection attacks, like driving cars, are a privilege, not a right.
It's Ethical Hacking With SQL Injection On Pluralsight! - DZone . (2018). dzone.com. Retrieved 6 June 2018, from https://dzone.com/articles/its-ethical-hacking-sql
Slate’s Use of Your Data. (2018). Slate Magazine. Retrieved 6 June 2018, from http://www.slate.com/articles/technology/future_tense/2015/05/schools_should_teach_students_to_be_ethical_hackers.html