By Joseph Marks
Less than half of elementary through high school students are getting any cybersecurity education at school, and schools with lower-income students are less likely to be providing that training than schools with higher-income students.
Those findings, from a survey out this morning, should be worrisome as the United States faces a staggering cybersecurity workforce shortage, which senior government officials have described as a national security weakness.
“We need to invest in K-12 education and introduce students to the knowledge, skills and capabilities around cybersecurity if we want to have a long-term disciplined approach to closing the [cybersecurity workforce] gap,” Kevin Nolten, academic outreach director for the nonprofit organization CYBER.ORG, which commissioned the survey, told me.
A dearth of cybersecurity workers will make it far harder to protect a wave of new consumer and industrial technology that will be arriving in coming years and could put the United States behind in a generational struggle with China over who will build and secure new technology systems.
CYBER.ORG, which was previously named the National Integrated Cyber Education Research Center, produces cybersecurity curriculums for elementary through high school students under a Department of Homeland Security grant. It's one of a handful of organizations that produces such curriculums, which includes online student tutorials and teacher guides.
The survey was conducted by the nonprofit Education Week Research Center and is based on responses from 912 teachers across 50 states and the District of Columbia.
Teacher Sarah Hartzell uses her laptop to monitor the classwork of students at Washington Leadership Academy. (Astrid Riecken for The Washington Post)
The survey is awash with disturbing figures for people concerned about the future of the cybersecurity workforce.Just 45 percent of teachers said their students were receiving some sort of cybersecurity education, either through stand-alone classes, as part of a broader technology curriculum or through extracurricular activities.
That figure was even lower in low-income school districts. Just 33 percent of students are getting a cybersecurity education in districts where 75 percent or more students come from low-income families, the survey found. That’s compared with 56 percent in districts where 25 percent of students or less came from low-income families.
About 60 percent of teachers said their students knew just a little or nothing at all about cybersecurity compared with 40 percent who said their students new “some” or “a lot” about the topic, the survey found.
Within lower-income school districts, 21 percent of teachers said their students didn’t know anything about cybersecurity and 44 percent said they knew just a little. In higher- income districts, 8 percent said their students knew nothing about cybersecurity and 40 percent said they knew just a little.
“We're not introducing these communities to the opportunities that cybersecurity presents to their students,” Nolten said. “We need to ensure that the pipeline going into the workforce is economically diverse, racially diverse and gender diverse. We want to ensure that [students] have equal opportunity to jump into a high-demand field.”
Fourth-grader Sammiayah Thompson, left, and her brother Nehemiah Thompson work outside in their yard on laptops provided by their school system. (Jessica Hill/AP)
Cybersecurity jobs have surged in recent decades as ever-more industries have become dependent on technology.But the pace of new high school and college graduates ready to fill those jobs hasn’t remotely kept up.
Just two years ago there were about 300,000 unfilled cybersecurity jobs in the United States, according to figures maintained by the Commerce Department. Today that number has surged to more than 500,000.
The global cybersecurity workforce gap is projected to reach about 1.8 million workers by 2022, according to a 2019 study by the Center for Strategic and International Studies think tank.
Government has been hit particularly hard by the workforce shortage because its top workers often flee for better-paying industry jobs.But government efforts to improve the workforce gap have been relatively lackluster. Most of those have focused on recruiting private-sector cybersecurity pros to work in government, including for short tours of just a year or two.
The federal effort on cybersecurity education has come mostly through a smattering of grants such as the one that funds CYBER.ORG’s operations. A Commerce Department division called the National Institute of Cybersecurity Education also hosts regular conferences for educators including at the pre-college level and has helped develop a series of guides, webinars and challenges for students and educators.
President Trump also issued an executive order aimed at improving the cybersecurity workforce last year that included a series of rewards for top-performing government cybersecurity pros.
But the only portions focused on K-12 education were two annual presidential cybersecurity education awards — one for an elementary school teacher and the other for a high school teacher — “who best instill skills, knowledge, and passion with respect to cybersecurity and cybersecurity-related subjects.”
A new indictment accuses Julian Assange of far broader computer crimes.
WikiLeaks founder Julian Assange is taken from court, (Matt Dunham/AP)
The indictment does not include new charges in addition to the 18 Assange already faces. And the statute of limitations for the new allegations has already expired. But prosecutors say it bolsters their case that Assange is a hacker rather than a publisher or journalist.
Assange’s only previous computer crime charge was for offering to help U.S. Army intelligence analyst Chelsea Manning crack a Defense Department password. Cybersecurity experts criticized those charges, saying officials have misused the Computer Fraud and Abuse Act and violated free-speech protections.
The Trump administration will accuse Huawei of being controlled by the Chinese military.
Public surveillance cameras are mounted to a pole in front of Huawei Technologies Co.'s new flagship store in Shanghai.
The designations would open the door for the president to impose additional sanctions on the companies. The list was included in a document defense officials sent to Congress.
The Commerce Department has already blacklisted Hikvision and Huawei, which U.S. officials have long accused of providing a backdoor for Chinese espionage. Huawei has denies the claims.
The list could escalate tensions between the United States and China, which are already heightened by the coronavirus pandemic. The Commerce Department introduced a rule last month that required foreign companies using U.S. chip-making technology to acquire a license before selling to Huawei.
Democratic lawmakers are investigating ties between location trackers and coronavirus apps.
The Care19 app is seen on a cellphone screen. (Stephen Groves/AP)
“With Americans installing contact-tracing apps as part of the effort to limit the spread of covid-19, it has become increasingly important to make sure that the American public has a full understanding of who is collecting their location data …[and] what the government is doing with it,” House Oversight Committee chairwoman Carolyn B. Maloney and other Democrats wrote in a letter.
Government agencies such as Immigration and Customs Enforcement and the FBI can use data brokers such as Venntel to purchase data that would otherwise require a warrant, the lawmakers say. For example, the Internal Revenue Service has used data from Venntel to track potential criminal suspects, the Wall Street Journal recently reported.
Sens. Elizabeth Warren (D-Mass.) and Ron Wyden (D-Ore.) and Rep. Mark DeSaulnier (D-Calif.) also signed the letter.
Chat roomThe FBI is being flooded with cybercrime complaints during the pandemic, Deputy assistant Director Tonya Ugoretz said during a virtual cybersecurity conference hosted by Crowdstrike yesterday.
Details from CyberScoop's Shannon Vavra:
.@FBI's Tonya Ugoretz says just now the Internet Crime Complaint Center already in ~the 1st/2nd week of June had as may complaints as they did in all of 2019. For coronavirus-related internet crime the FBI has received/reviewed at least 20,000 complaints, she says. https://t.co/ujWnugzRnC— Shannon Vavra (@shanvav) June 24, 2020
Adam Hickey of @TheJusticeDept says stories being published by Russian-state media undermine basic science, including safety of vaccines, and has pushed false narrative that US has bought up all the PPE— Eric Tucker (@etuckerAP) June 24, 2020
Google will now auto-delete search and location history for new users by default after 18 months.
Google's exhibition stand at the Noah Technology Conference in Berlin. (Krisztian Bocsi/Bloomberg News)
Google is under intense scrutiny for its privacy practices both in the United States and in Europe. Last month the state of Arizona sued Google for allegedly tracking users' locations even if they had turned off location tracking.
More industry news:
- The Senate Homeland Security Committee will hold an oversight hearing to examine Customs and Border Protection at 9:30 a.m.
- The Senate Judiciary Committee will mark up the EARN IT Act of 2020.
- Carnegie's Partnership for Countering Influence Operations and Twitter will host an event on influence operations on Twitter on July 9 at 1 p.m.