Man, 28, and woman, 33, found dead in rural Marshall County; suspect remains at large
TECH

ISU rolls out cybersecurity curriculum for Iowa schools

Matthew Patane
mpatane@dmreg.com

As major data breaches at companies like Target and Anthem take center stage, Iowa State researchers are rolling out lesson plans and materials for Iowa teachers to educate their students about computer security.

While the curriculum is meant to help students and teachers, it has the added benefit of likely preparing some Iowa youth to work in security and cyberdefense, said Doug Jacobson, an electrical and computer engineering professor at Iowa State.

Jacobson and other Iowa State cybersecurity researchers unveiled the curriculum officially during an IT-Olympics event Friday and Saturday in Ames.

"The goal is just to provide the materials and things necessary to allow security to be integrated across the curriculum," Jacobson said. "We believe everybody should have some security knowledge in today's really nasty world."

Beyond awareness

Jacobson said the lesson plans are trying to teach literacy, rather than simply awareness. While awareness can teach people how to deal with today's threats, literacy can train students for the future, he said.

"The awareness slogans of 'passwords need to be long and strong,' well, it's cute but it didn't tell me anything," he said. "... We're trying to provide the students with enough information that they can extrapolate to the next threat, instead of cookie-cutter answers to the current threats."

Iowa already has some programs geared toward teaching students about cyberdefense.

For example, Jacobson is in charge of Iowa State's Information Assurance Center, which teaches multiple levels of cybersecurity, from basic literacy to international warfare. The center also runs cyberdefense competitions, including one this weekend as part of the 2015 IT-Olympics.

RELATED: ISU trains the next white-hat hackers

Hyperstream, a program out of the Technology Association of Iowa to match students with technology projects, also has a cyberdivision.

"What we do with the cyberdefense area, we're not teaching kids how to hack into systems, but really how to secure them and defend them," said HyperStream Program Director Tamara Kenworthy.

Incorporated into classes

The curriculum from Iowa State, however, is meant to teach the basics of computer security.

It is broken into distinct segments, or modules, so teachers can pick and choose what they integrate into the lessons they are teaching. A lesson about cryptography or passwords, Jacobson said, could tie into a math class.

"Given the way K-12 education is organized and all of the things (teachers) have to get done through common core ... it's unrealistic for us to expect that this become a course that every high school student takes," he said.

The curriculum comes with videos students may watch at home and then discuss in class, as well as in-class activities that mirror real-world experiences.

"That's a huge hook for kids to get them doing something that is very real-world, but they're looking at algorithms ... and, oh, by the way, you just learned a math concept," said Michelle Hill, a teacher at the Waukee Center for Advanced Professional Studies. "If you can hook kids in that way, that's amazing."

An 'ulterior motive'

While the curriculum is meant to help students and teachers, Jacobson said he hopes the classroom lessons translate into more jobs.

"This was clearly for the good of the high school students, but a small, ulterior motive in here is also maybe this will excite a few more kids to choose cybersecurity as a career path," he said.

Recent attacks and data breaches at Target, Sony Pictures, Anthem and other companies have put computer security in the spotlight. By 2022, the U.S. Bureau of Labor Statistics expects there to be thousands of job openings related to protecting company computer systems and technology.

For example, the bureau expects more than 100,000 job openings for network and computer systems administrators. Computer and information system manager positions are expected to have 97,000 openings, according to the bureau's job projection numbers.

"Pick any career that a student might be interested in … the more diverse a student is in their learning, the more value they are to themselves and to whatever future profession they go into," Hill said.

Attackers 'know no age'

First, however, educators such as Hill and Jacobson have to get kids interested in computers and security.

"The attackers know no age. They don't wait till you're older to come after you," Jacobson said.

"The younger you introduce somebody to something, the more time they have to do it, the more likely it's going to become an ingrained habit," he added.

That's a challenge, however, because beyond basic literacy, tackling computer security and defense can seem daunting, they said.

Cyberdefense and security is "sort of the upper level of the intramural sport," Jacobson said.

Kenworthy said the cybersection is seeing more interest, but remains the least popular of the four tracks Hyperstream offers, partially because it's more intense. App development, robotics and multimedia are the other sections, she said.

Hyperstream, she said, also is trying to do more to attract more girls into the program, an ongoing problem for the tech industry.

"It's a continual hurdle that we have to overcome," Kenworthy said.