2020 (see original presentation & discussion)
Grades 6-8
With the rising use of automation and AI, we need to develop a more digitally capable workforce and more cybersecurity professionals. Increasing awareness and interest in cybersecurity and related careers requires providing all students meaningful exposure to cybersecurity concepts and careers during middle school. To do this, teachers need preparation and an interactive, turnkey curriculum that doesn’t require a computer lab, but does include assessments with answer keys. Cybersecurity is still a developing field with curriculum and methods that were not developed for K12 classroom environment or learners.
The CyberMiSTS project team has developed a workshop where educators will learn about cybersecurity and related careers and create a basic curriculum specifically for their classroom, focused on key concepts and big questions with hands on activities like branching web comics. No prior cybersecurity or coding experience, or classroom computer lab is required of educators or students.
Data on participants’ understanding of specific cybersecurity concepts is collected both before and after the workshop. Educators are expected to use their curriculum in their own classroom during the school year and provide data and feedback back to the CyberMiSTS team. This combined data will provide evidence-based insights into what works in cybersecurity education for both middle school students and teachers.
Laurin Buchanan
Principal Investigator
Welcome to CyberMiSTS! We are very excited to be part of the NSF Video Showcase again this year.
CyberMiSTS seeks to identify what works in teaching cybersecurity to middle school teachers and students. It builds on a prior NSF project that used branching web comics to raise awareness in middle school students about cybersecurity concepts and careers. Students enjoyed the comics approach, but the afterschool workshop format was a real challenge, and the adults (teachers, administration, parents) thought that only students that were already “good at STEM” should participate. In fact, the opposite is true: current research shows that we can teach the technology, but we need true diversity of thinking to resolve our significant cybersecurity challenges. Our goal is to create a larger and more diverse pipeline of students that pursue cybersecurity careers by providing middle school teachers with the preparation and curriculum to successfully introduce more students to the field.
We are excited to engage with you this week and answer any questions you may have about our project, but we are also interested in learning from YOU:
The CyberMiSTS workshop will be held online this year! We are seeking applications from any middle school teacher in the US who wants to teach a classroom unit on cybersecurity concepts and careers.
Before you leave the Showcase, be sure to vote for your favorite video - even if it isn’t ours!
Ann-Claire Anderson
I love the low-tech approach to teaching the concepts -- one less barrier for students and teachers.
Laurin Buchanan
Laurin Buchanan
Principal Investigator
FYI - I'm a former cybersecurity practitioner turned researcher who's spent the last decade leading government funded research efforts in new and novel approaches for cybersecurity education. An active member of the National Initiative for Cybersecurity Education (NICE) Working Group, I am currently co-chair of the K12 Subgroup.
DeLene Hoffner
Program Coordinator
Your background is so impressive and I do feel there is a high need for today's students to be aware and understand cybersecurity. Your project is very intriguing. I would love try it and to have my students be part of this!
Laurin Buchanan
Principal Investigator
Applications are being accepted....!
James Brown
5/6 STEM Teacher
I like the idea of using a teacher's current curriculum as the basis for teaching about cyber-security as a often heard concern is "where am I going to fit this into my curriculum?" How are you recruiting teachers to participate in this program?
Laurin Buchanan
Principal Investigator
@James: We started in 2018 with outreach through the local BOCES, as we thought CTE teachers would be interested; NY State requires CTE credits in middle school. We also sent direct emails to regional middle school teachers, professional contacts, Stony Brook University's Teachers program graduates, and promoting the project through twitter, webinars, and conferences.
With our shift this year to an online workshop, we have opened up recruiting efforts to include a broader group of local educators, the NICE Working Group communities, and cybersecurity education programs in other states. I am also reaching out to some of the national middle-school educator networks via Twitter and email.
James Brown
Stacey Forsyth
Director
As a follow-up, can you share a bit more about the curriculum that the teachers design for their classrooms? What types of activities have been most effective in heightening students' interest in cybersecurity? Also, since this builds on a previous project that was delivered in an informal setting, can you share some of the challenges and opportunities you've encountered bringing this program from an informal setting to formal classrooms?
Lori Scarlatos
Associate Professor
The teachers who participated in last summer's workshop developed curricula for a wide range of audiences (grades 6-12) and settings (from a 1-week unit to a full year course). However, they all used their comic at some point to emphasize the potential consequences of cybersecurity ... while either introducing a concept or exploring a topic that was discussed earlier. For the activities, several of them reported that their students loved playing Data Defenders. One teacher had the students use Flipgrid to report on a cybersecurity career of their choice. And in one 6th grade research class, the students actually created their own comics, many of which showed a good understanding of cybersecurity concepts.
Of course, the greatest challenge in bringing this to a formal setting is fitting it within the constraints of the existing curriculum. We originally imagined that this could be taught as a 2-week unit in a Career & Technical Education class, where middle school teachers often have a lot of latitude in what they cover. However, we are finding that it also fits with courses in computer science, business, research, and information literacy. The great thing about having the teachers develop their own curriculum is that they know their students and the opportunities in their schools better than we do.
DeLene Hoffner
Program Coordinator
Congratulations on your work. This sounds like a very timely project with essential concepts for students in this day and age. I am interested to know how many schools/teacher have taught cyber security in their classroom/ schools?
Laurin Buchanan
Principal Investigator
I am assuming you mean teachers who participated in the first CyberMiSTS workshop? A few teachers taught a cybersecurity unit in the fall, each using it in multiple courses. We heard in January that several teachers planned to teach their unit this spring. The shut down of Suffolk County (NY) schools as of 16 March due to the pandemic has meant they are unable to do so. The announcement was made on 15 March, and it has been announced that schools will remain closed for the rest of this school year.
I heard from one teacher -in one of the county's most well-funded, technology centric school districts- his structure for his CyberMists lesson was not logistically possible because they are limited to asynchronous instruction and self-driven lessons rather than teacher-directed lessons. He was looking for additional relevant videos to use with EdPuzzle, which allows him to integrate questions into video content, such as from YouTube.
Devon Russell
Great work! Will you make the curriculum available to anyone in the future. I can also see this as a good tool for ICAC (Internet Crimes Against Children) law enforcement agencies when they give school talks about the potential dangers of the internet.
Laurin Buchanan
Principal Investigator
Thank you! There are many free educational resources for cybersecurity that can be used by organizations such as ICAC, however, CyberMiSTS does not address what is typically covered under the "internet safety" umbrella, e.g. cyberbullying or child exploitation on the internet which I believe is the focus of ICAC?
The curriculum we are developing is for classroom educators, enabling them to develop their own introductory curriculum about broad, foundational cybersecurity concepts and careers that suit their students and classroom. Even in the first workshop, participants taught a wide range of subjects and indicated a wide range of age and abilities in students. As different schools have different classroom infrastructure, the educators were selecting different concepts and curricular components to help their students understand how poor cybersecurity can affect everyone - even middle school kids.
Our goal is to understand how to educate and scaffold teachers to create their curriculum and successfully introduce it to students, and to use that data and feedback from educators to create an online, asynchronous professional development course. Earlier this year, New York's Education Department announced a new K12 standard for computer science and digital fluency, with plans to roll it out to all grade bands by 2024. The CyberMiSTS curriculum aligns well with several of the middle grade band concept areas so there may be some synergy with NY's new standard. Like many such state standards, however, there is no actual curricular content that is part of the standard; curriculum is left to districts to determine. Unfortunately, there are no K12 text books for cybersecurity, and there is almost no evidence based research suggesting what works and what doesn't for cybersecurity education - at any level, K12 or post-secondary (or the workforce, for that matter!). It is that critical gap we are trying to address with CyberMiSTS.
By the way - I think that using Precision Ag -with its use of GPS, GIS and UAS- as a case study for why cybersecurity matters even in areas & industries students may not think of as "cyber" or tech-dependent would be a great idea.
DeLene Hoffner
Program Coordinator
As a classroom teacher, I'm not sure I would know where to start with what I want my students to understand about cyber security. I assume in the training you give teachers that you cover the top aspects students should know. Could you share what the top areas teachers build into their curriculum?
Laurin Buchanan
Principal Investigator
DeLene, we want teachers to be able to introduce cybersecurity concepts and careers to middle school students, so that students gain an understanding of how cybersecurity can impact them - and gain an awareness of potential cybersecurity careers. CyberMiSTS does not attempt to cover everything middle school students should know about cybersecurity; first, no generally-accepted standard exists, and second, teachers have limited time to address cybersecurity in class, unless they are developing a stand-alone cybersecurity class - which is in our experience not yet the norm. Teachers are carving out a week or two from an existing unit in business, math, science, research, etc. Additionally, many schools have not fully implemented their state standard (if it exists) to the extent so that current middle school students have encountered all the materials from the lower grade bands. Most districts are starting to implement their state standards first with high school students and then move to lower grades.
That said, our curriculum for teachers covers two broad topics. The first topic is data protection, e.g., threats [exposure, tampering, Denial of Service, etc.], goals of cyber security [confidentiality, integrity, availability, privacy, anonymity, etc.], vulnerabilities, attacks & methods, threat actor, threat model, malware, types of data & data states, encryption, data backup. The second topic is web security & privacy, e.g., passwords, credential stuffing, password managers, storing passwords on servers, hashing, 2-Factor Authentication, phishing, URLs, domains, HTTP & HTTPS, and digital certificates.
Teachers then select one topic and a few individual concepts that best suit their classroom and students (e.g., a math teacher may select web security & privacy, and a librarian may select data protection) and develop their class curriculum based on those selections. Privacy (encompassing the idea of a "digital footprint"), passwords and encryption were common concepts addressed in the classroom lesson plans of the first CyberMiSTS cohort in July 2019.
DeLene Hoffner
Program Coordinator
What are viewers feeling are the biggest highlight of this project? As presenters, feel free to share what your most important take away is?
Laurin Buchanan
DeLene Hoffner
Program Coordinator
As a viewer, myself, I feel the biggest highlight of this project is the teacher training. I like the way the project builds teacher expertise. When teachers are actively involved in the development of their cyber security curriculum, they not only have ownership but they also created a deeper understanding of the concepts, connected with their curriculum, and can meet more of their standards. What other highlights did others notice in this project?
Laurin Buchanan
Catherine Stimac
Happy to see a project like this available for teachers and students. Thank you!
Laurin Buchanan
Laurin Buchanan
Principal Investigator
Thank you to everyone who dropped by!
Please help us get the word out: this month we're accepting applications for this summer's virtual workshop - middle school educators anywhere in the US are welcome to apply!
Laurin Buchanan
Principal Investigator
We will be hosting another free, informational webinar about CyberMiSTS for educators who'd like to learn more before: join us on May 21st at 5:00 PM EDT - registration will be available at https://www.stonybrook.edu/cybermists.
Further posting is closed as the event has ended.