Helping Australian school kids and teachers learn cybersecurity

A computer science academic at Sydney University, and associate professor James Curran’s research was in computational linguistics. One of the programs he ran was the 27-year-old National Computer Science School. That was where he came across students and teachers who were enthusiastic about IT but did not have the technical skills they needed to pursue IT positions.

To help address that, in 2012 Curran was one of the authors of the Australian Curriculum for Digital Technologies, which he described as a huge opportunity but also eye-opening. He tells CSO Australia that one of the challenges is that, yes, a new curriculum can be created — but the teachers need to be trained in what they are expected to teach. And when it comes to technology, the training onus is more challenging as the technology is constantly changing.

“It’s very rare that we’d really introduce a whole new subject into schools. Computing has been one of those,” Curran says. “What a mathematics teacher learned at university to teach maths will probably set you up your entire career. [But] if you are one of the few computing teachers who actually had a computing background then you can throw away a chunk of what you’ve learned every few years,” he says.

That is especially true for cybersecurity. Curran says that when he studied there was a unit on the subject, whereas now there are entire degrees on it. This continuous change in technology is a real challenge for the school system.

Addressing that challenge is how he came to create Grok Academy, a not-for profit organisation focused on advancing computer education formed from two other organisations Curran set up: Grok Learning and the Australian Computing Academy at the University of Sydney.

What Grok Academy offers students and teachers

Grok Academy recently launched phase 2 of CyberSteps, a project that aims to facilitate access to cybersecurity learning. It provides a series of free online activities and challenges that help equip teachers to teach cybersecurity knowledge to students but that can also be taken by the students themselves whenever they want.

An earlier version of the program saw 170,000 students taking part of the activities, which start with basic topics such as knowing not to reuse passwords, to use passphrases, and two-factor authentication to more complex knowledge such as introductory cryptography, web application security, and network security.

Grok Academy also runs webinars and offer online resources for teachers to help with their professional development. These include lesson plans, teacher notes, solutions, and other materials teachers need to be able to deliver the content with confidence.

The content is recorded by professionals themselves, which, Curran says, helps school kids across the country associate what they are learning to, very often, well-paid jobs done by people who love what they are doing.

Reaching regional and remote communities

Everything has been designed so schools and students with reasonable internet access can do the challenges, and Curran says there is already many kids in regional and remote Australia doing the activities. “We’ve been careful in the platform as a whole, and in these particular activities to keep the bandwidth under control so that they are suitable for most schools,” he says.

“If you are a kid in a regional area, you may not know someone who’s an IT professional of any kind. We strongly believe the ‘You can’t be what you can’t see’ mantra, and a key part of the challenge is the fact that we’ve got a range of people in a range of cybersecurity roles and backgrounds and demographics — from new grads through to the chief information security officers themselves — presenting this material so that every child can think ‘that could be me in a few years’ time’,” Curran says.

The future of CyberSteps

CyberSteps has entered the second phase of the project, which now includes events called Cyber Live, which are massive infrastructure-attack scenarios. The first one used the V-class destroyer HMAS Vampire, parked in Darling Harbour, in Sydney. A scenario had the kids to free the captain as the Vampire has been taken over by hackers. The captain can’t get off the ship, the weapon systems have been taken over, and this one attack is part of a larger worldwide global infrastructure attack that students are trying to resolve.

Future versions of the curriculum are expected to address increased concerns over cybersecurity and privacy.

CyberSteps is backed by the Department of Industry, Science, Energy, and Resource through the Cyber Security Partnership Fund and by the Australian Signals Directorate. In June 2021, it was awarded $1.8 million from the Cyber Security Skills Partnership Innovation Fund. It also counts on support from the big four banks—ANZ, Commonwealth, Westpac, and NAB—as well as from Amazon Web Services, British Telecom, and Canberra-based Fifth Domain.

This support is not only done financially but also through supporting the platform that teachers and students access free of charge and developing the activities, including the content taught, how it is described to ensure that it’s been done consistently with language used in the industry, and case studies.

The activities start for Years 5 and 6 and up to Years 11 and 12.