A research report by the University’s Institute of Cyber Security for Society (iCSS), funded by Global Affairs Canada and commissioned through the Global Forum on Cyber Expertise (GFCE) Research Agenda mechanism, has revealed major insights about cyber security education in pre-university settings and provided recommendations to various stakeholders on how to address some identified concerns.
The research was conducted by a group of researchers at iCSS from two disciplines (Computing and Sociology), including Dr Virginia Franqueira, Professor Shujun Li, Dr Vince Miller and research assistant Krysia Emily Waldock (PhD student). To inform the report, the researchers conducted a systematic review of the research literature, desk research of related policy documents, projects, initiatives and events in 13 countries, and semi-structured interviews with 21 interviewees from 11 countries. The countries are based in five different continents, including both developed and developing countries.
The researchers identified two main approaches to embedding cyber security and online safety content in the curriculum, and noticed a lack of practical cyber security skills, security mindset and enough skill-set coverage in the curriculum, towards a cyber security related career path.
In addition, concerns are flagged in the report around a lack of teacher training in cyber security, insufficient time to cover relevant topics, lack of a direction on what schools and teachers should do in cyber security education, and the pressure to prioritise more survival-focused skills than cyber security due to economic considerations. Such findings call for further reviews and improvement of the national curricula in different countries and more support for teachers and schools, which will require a more coordinated approach involving all countries, multiple relevant communities and stakeholders.
For many of the countries studied, the research revealed that while many stakeholder organisations in different sectors were active in different aspects of pre-university cyber security education, there is often fragmentation and confusion regarding which organisations have responsibilities of which matters. The report therefore recommends that governments in countries and regions managing its own educational affairs should consider setting up a national or regional steering body or working group with overall responsibility for cyber security and online safety education.
The researchers also noticed a perceived general lack of interest and awareness among children in developing cyber skills and cyber security as a potential career path, and a lack of diversity in terms of student enrolment in optional courses and training events. Such findings call for more work to enhance awareness among pupils (and parents) and to address the EDI (equality, diversity and inclusiveness) issues of pre-university cyber security education, especially from less covered and ‘non-traditional’ groups such as girls, ethnic minorities and pupils from low-income backgrounds.
Professor Shujun Li, Director of iCSS, said: ‘Our research demonstrates that there are many gaps in current approaches to cyber security education in pre-university settings. Therefore, there is an urgent need for relevant stakeholders to take actions to improve the situation, including reviewing and refining existing policies and action plans, and supporting more research and innovation activities to support various stakeholders including pupils, parents and teachers. We hope the key findings and our recommendations in the report can help people and organisations across the globe to work together to prepare our children for living a safer life online and for developing themselves to be next-generation cyber security professionals.’
Global Affairs Canada added: ‘Canada believes that democracy in the digital age begins with digital inclusion, whereby an informed and engaged public can participate meaningfully in society, both online and offline. Digital literacy empowers users to make informed decisions, promote their access to information and economic opportunities, and protect their human rights and fundamental freedoms. Digital literacy, particularly from a younger age, also enhances the capacity of States to increase their own cybersecurity posture by improving the cyber security knowledge of all citizens and encouraging younger generations to pursue work in the cyber security industry. As the 2022 Chair of the Freedom Online Coalition, Canada is committed to promoting digital literacy to ensure users are empowered to navigate diverse content online and improve our collective cyber security capacity.’
Further findings and recommendations can be accessed in the report titled ‘Pre-University Cyber Security Education: A report on developing cyber skills amongst children and young people’.
iCSS represents the University as one of only 19 Academic Centres of Excellence in Cyber Security Research (ACEs-CSR) recognised by the UK government, as part of the UK’s National Cyber Security Strategy (2011-16 and 2016-21) and via a scheme jointly run by the National Cyber Security Centre (NCSC, part of GCHQ) and the Engineering and Physical Sciences Research Council (EPSRC, part of the UK Research and Innovation – UKRI). It promotes wide-ranging interdisciplinary research in cyber security and helps enhance cyber security skills and awareness of people and organisations, through a diverse range of cyber security activities, including research, educational activities, professional training, industrial consultancies, expert talks and media communications. iCSS works closely with industries, governmental bodies and non-governmental organisations (NGOs), enabling us to improve cyber security of the whole society with the wider cyber security community in the UK and worldwide.