Cybersecurity: A call to international educational leadersPosted on 14th May 2019 in International Schools, International Education Tweet
Jane Blanken-Webb, of Wilkes University in Pennsylvania, US, looks at the implications for schools of new digital technology and how leaders can nurture a workforce of cybersecurity professionals.
Today, digital technologies have dramatically shifted the ways we manage everything from our finances to our friendships, touching into the daily operations of virtually every sector – including education. This is evident through schools’ increasing reliance upon internet connected technologies to manage everything from learning outcomes and student data, to human resource functions involving hiring, payroll, and managing employee benefits. Even school telephone systems, HVAC, and lighting controls are increasingly migrating over to Internet Protocol (IP) networks (Levin, 2019). As schools open up more and more of their vital operations to internet connected digital technologies, they are at the same time becoming ever more vulnerable to the threats of cyber-attacks. Today, the reality we now face is that “every internet user is at serious risk of identity fraud, data theft, and invasion of digital privacy” (Morgan, 2019).
In light of this rapidly shifting cyber landscape, educational leaders will increasingly be positioned to guide the use of digital technologies both in and out of schools. Accordingly, there are three overlapping areas related to cybersecurity that educational leaders need to be cognizant of in order to lead proactively and responsively in the digital age.
Managing school networks and sensitive data
Managing the technical side of cybersecurity in schools is critical. Threats ranging from student hackers breaking into school networks and changing grades to ransomware attacks that render vital data inaccessible unless a ransom is paid are now a reality that schools need to be prepared to contend with (see for example: CBS News, 2018a and 2018b). However, beyond threats involving intruders scheming to hack into a school’s network, school districts are also shockingly experiencing data breaches involving sensitive data due to internal mishandling information. This was the case in a 2018 massive data breach that took place in Pennsylvania, which left every teacher in the state at risk of having their personal information stolen (Murphy, 2018). Cases like this bring to light a significant insight in cybersecurity: the biggest cybersecurity threats are not those posed directly by malicious hackers, but rather end users who unknowingly or carelessly leave cyber doors wide open.
To combat the “wicked problem” of keeping schools cybersecure, Doug Levin from the K-12 Cybersecurity Resource Center offers the following suggestions (adapted from Levin, 2017):
- Establishing minimum standards of security practices for schools and school vendors;
- Public accountability as well as legal liability for lax security practices and data breaches;
- Cybersecurity capacity building among school IT staff;
- Education pertaining to basic IT privacy and security practices for all administrators, teachers, and students;
- Establishing centralized mechanisms for information sharing and guidance to schools pertaining to cybersecurity issues.
Levine (2019) urges that addressing this challenge will involve systemic, meaningful, and evolving long-term efforts. “It won’t be solved by an infusion of money, new technologies, new policies and regulations, or a cybersecurity awareness campaign; all are likely necessary, but how they are implemented and evolve over time to meet the specific and idiosyncratic needs and constraints facing public K-12 schools will matter most of all” (p. 13-14).
Schools around the globe have an important role to play in educating digital citizens. This includes imparting knowledge of best practices related to cyber safety, but also empowering students to make good use of their online interactions. Along with the immense capacity to touch a world of information with a tap of the finger, comes risks of misuse, manipulation, and outright abuse. Today’s students need to be prepared to effectively manage digitally connected environments in ways that are developmentally appropriate. In this, educational leaders will be called upon to guide how much and what kinds of access students should be allowed at various stages of their development. This becomes ever-more complex in light of debates from all angles including the adverse effects of screen time on children and adolescents (Hale & Guan, 2015), mounting concerns of internet addictions (Mihajlov & Vejmelka, 2017), all the while riding the tides of one-to-one laptop initiatives that generally yield positive findings (Zheng, Warschauer, Lin, & Chang, 2016).
Adding to the complexity, are concerns of disinformation and the difficulty of discerning what is real from what is fake. A ground-breaking study from Stanford University in 2016 revealed that less than 20% of middle school students could distinguish an advertisement from a real news story. As stated by the authors, “Our first round of piloting shocked us into reality. Many assume that because young people are fluent in social media they are equally savvy about what they find there. Our work shows the opposite” (Wineburg, McGrew, Breakstone, & Ortega, 2016, p. 7). Schools have a critical role to play in managing these challenges and we need educational leaders who will be central in guiding a new generation of digital citizens.
Globally, we face an immense shortage of cybersecurity professionals. According to Steve Morgan of Cybersecurity Ventures (2019), “There will be 3.5 million unfilled cybersecurity jobs globally by 2021.” Primary and secondary schools all around the world need to become an integral part of building this urgently needed cybersecurity workforce. While this may involve teaching students to write computer code and offering summer camps geared toward cybersecurity awareness and education, one critical step forward in resolving this impasse is for educational leaders to be aware of this global crisis and the vital career opportunity it presents for students. Moreover, there are particularly urgent calls for women and other underrepresented groups to join this workforce, as a diverse perspective will be critical in resolving complex and multifaceted cybersecurity challenges.
In offering this call to international educational leaders, I recognize that a first crucial step forward is to become aware of the realities surrounding today’s cybersecurity threats. I also know as a relative newcomer to the realm of cybersecurity education that taking this initial step forward can be daunting. I still recall the visceral mixture of wonder and unease that loomed so large when I first encountered the field of cybersecurity. To call it eye-opening would be an understatement as I began to recognize just how vulnerable and exposed we are to the many different forms of potential cyber-attacks. I offer this call not only to be alarmist, but also to empower educational leaders to come together and take proactive steps forward in meeting this global demand. I hope you will join me in this urgent endeavor.
CBS News (2018a). “K-9 officer helps California police nab student accused of changing grades.” WDBJ7.com. Available at: https://www.wdbj7.com/content/news/K-9-officer-hel...
CBS News (2018b). “School district pays $10,000 bitcoin ransom after cyberattack.” CBS News. Available at: https://www.cbsnews.com/news/school-district-pays-...
Hale, L., & Guan, S. (2015). Screen time and sleep among school-aged children and adolescents: a systematic literature review. Sleep medicine reviews, 21, 50-58.
Levin, D. (2017). “How should we address the cybersecurity threats facing K-12 schools?” The K-12 Cybersecurity Resource Center. Available at: https://k12cybersecure.com/blog/how-should-we-addr...
Levin, D. (2019). “The State of K-12 Cybersecurity: 2018 Year in Review.” Arlington, VA: Ed Tech Strategies, LLC/The K-12 Cybersecurity Resource Center. Available at: https://k12cybersecure.com/year-in-review/
Mihajlov, M., & Vejmelka, L. (2017). Internet addiction: A review of the first twenty years. Psychiatria Danubina, 29(3), 260-272.
Morgan, S. (2019). “2019 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics.” Cybersecurity Ventures. Available at: https://cybersecurityventures.com/cybersecurity-al...
Murphy, J. (2018). “Data breach puts 360,000 Pa. teachers, education department staffers’ personal information at risk.” PA Penn Live. Available at: https://www.pennlive.com/nation-world/2019/04/oliv...
Wineburg, S., McGrew, S., Breakstone, J., & Ortega, T. (2016). Evaluating information: The cornerstone of civic online reasoning. Stanford Digital Repository. Retrieved January, 8, 2018.
Zheng, B., Warschauer, M., Lin, C. H., & Chang, C. (2016). Learning in one-to-one laptop environments: A meta-analysis and research synthesis. Review of Educational Research, 86(4), 1052-1084.