CYBERSECURITY, CYBERSAFETY AND THE K-12 COMPUTER SCIENCE NATIONAL STANDARDS INTRODUCTION The invention of the computer in the 20 th century was a once in a millennium event, comparable in importance to the development of writing or the printing press. s have enormous impact on the way we live, think, and act. It is hard to overestimate their importance in the future. In fact, many believe that the true computer revolution will not happen until everyone can understand the technology well enough to use it in truly innovative ways. But as is often the case with new technologies, the increasing ubiquity of computers in our lives and in the systems that support and protect those lives comes with its own set of challenges. Our growing dependence on computing engenders a profound need to ensure that we know how to protect ourselves as users and how to ensure the security of the systems that protect our very lives. For these reasons, both cyber safety and cyber security are deeply embedded in the CSTA K 12 Science Standards. The academic discipline of Science spans a wide range of computing endeavors, from theoretical foundations to robotics, computer vision, intelligent systems, and bioinformatics. The work of computer scientists is concentrated in three areas: designing and implementing secure software, developing effective ways to solve computing problems, and devising new ways to use computers. In schools, computer science learning is a deeply scaffolded experience (as it is in all rigorous academic disciplines) and a great deal of work is required to ensure that, at each step, students learn and master the skills and concepts that form the knowledge foundations for their lives. Like a collage, assembled from a multitude of small, layered pieces, a comprehensive set of standards ensures that foundational knowledge leads to deeper knowledge and deeper knowledge leads to mastery, and all of this learning is ageappropriate and engaging. This document teases out the specific learning standards that address cyber safety and cyber security with the goal of making these standards more obvious for teachers and, at the same time, enabling the education community to create engaging opportunities to specifically address these standards as part of every student s school experience. THE ORGANIZATIONS OF THE CSTA STANDARDS The CSTA K 12 Science Standards are organized into three levels each containing discrete learning expectations. These standards are based on a model where each of the three levels represents a specific set of grades and courses. Level 1 provides the learning standards for students in Grades K 6, Level 2 provides the learning standards for students in Grades 6 9, and Level 3 provides the learning standards for 1
students in each of three discrete courses in grades 9 12. The overall structure of this model is shown in Figure 1. Level 1 Grades K 6 Level 2 Grades 6 9 Level 3 Grades 9 12 Science and Me Science and Community Science in the Modern World Applying Concepts and Creating Real- World Solutions Science Concepts and Practices Topics in Science Within these standards, levels One ( Science and Me) and Two ( Science and Community) contain learning standards focusing primarily on cyber safety while level Three ( Science in the Modern World, Science Concepts and Practices, and Topics in Science) contain the learning standards focusing primarily on cyber security At each level, the standards are further organized by strand. The five complementary and essential strands throughout all three levels are: computational thinking; collaboration; computing practice; computers and communication devices; and community, global, and ethical impacts. These strands not only demonstrate the richness of computer science but also help organize the subject matter for students so that they can begin to perceive computer science as engaging and relevant to all academic field (especially STEM), and as more than a solitary pursuit. Cyber safety and cyber security learning objectives are located primarily in the following two strands: and Communications Devices (with its focus on the practice of good internet citizenship), Community, Global, and Ethical Impacts (with its emphasis on the ethical use of computers and networks and the principles of personal privacy, network security, software licenses, and copyright), and Computing Practice & Programming (with its focus on developing secure systems). 2
CYBER SAFETY AND CYBER SECURITY IN THE CSTA STANDARDS This section points to the specific standards that relate to cyber safety and cyber security at each level and within the relevant strands. The specific standards are listed along with their strand and level codes to make them easier to find within the main standards document and the strand and level charts included at the end of that document. For ease of identification, cyber safety standards appear in purple text and cyber security standards in green text. Level 1: Science and Me s and Communications Devices (CD) Grades 3 6 (L1:6.CD) Understand the pervasiveness of computers and computing in daily life (e.g., voice mail, downloading videos and audio files, microwave ovens, thermostats, wireless Internet, mobile computing devices, GPS systems, etc.). Identify that information is coming to the computer from many sources over a network. Grades K 3 (L1:3.CI) Practice responsible digital citizenship (legal and ethical behaviors) in the use of technology systems and software. Identify positive and negative social and ethical behaviors for using technology. Grades 3 6 (L1:6.CI) Discuss basic issues related to responsible use of technology and information, and the consequences of inappropriate use. Identify the impact of technology (e.g., social networking, cyber-bullying, mobile computing and communication, web technologies, cyber security, and virtualization) on personal life and society. Evaluate the accuracy, relevance, appropriateness, comprehensiveness, and biases that occur in electronic information sources. Understand ethical issues that relate to computers and networks (e.g., equity of access, security, privacy, copyright, and intellectual property). Level Two: Science and Community Computing Practice & Programming (CPP) Demonstrate good practices in personal information security, using passwords, encryption, and secure transactions. 3
Exhibit legal and ethical behaviors when using information and technology and discuss the consequences of misuse. Describe ethical issues that relate to computers and networks (e.g., security, privacy, ownership, and information sharing). Level Three: Science in the Modern World Computing Practice and Programming (CPP) Use various debugging and testing methods to ensure program correctness (e.g., test cases, unit testing, white box, black box, integration testing) Explain the principles of security by examining encryption, cryptography, and authentication techniques. Describe strategies for determining the reliability of information found on the Internet. Describe how different kinds of software licenses can be used to share and protect intellectual property. Discuss the social and economic implications associated with hacking and software piracy. Describe security and privacy issues that relate to computer networks. Level Three: Science Concepts and Practices Computing Practice and Programming (CPP) Explore principles of system design in scaling, efficiency, and security. Deploy principles of security by implementing encryption and authentication strategies. Analyze the beneficial and harmful effects of computing innovations. Identify laws and regulations that impact the development and use of software. Analyze the impact of government regulation on privacy and security. Level Three: Topics in Science This section of the CSTA K 12 Science Standards does not provide specific learning standards, but rather, suggests a number of possible topics courses for students who have completed the Level 1 and Level 2 courses and possibly the Level 3A course as well. These are intended to be project-based courses that can be either a half-year or fullyear courses or courses leading to industry certification (such as Quick Security+). Many teachers are now developing their own experimental cyber security courses. This is both a good thing and a cause for concern. To ensure that student learning is conceptually 4
appropriate, effectively scafolded, and adequately assessed, it is essential that these new courses be grounded in standards. CONCLUSION This document identifies the specific learning outcomes in the CSTA K 12 Science Standards that include specific cyber safety and cyber security learning content. It is hoped that this information will prove useful for educators developing discrete modules that can be inserted into existing courses, developing special topics courses, or simply ensuring that all students are adequately covering these critical concepts. Beyond the standards, the computer science education community must also begin to grapple with the pressing issue of helping students to understand the rich opportunities that the field of cyber security offers. If we are to begin addressing the critical pipeline shortage in this field, we must have homegrown experts, and to achieve this, we must help students understand that a career in cyber security offers an extraordinary opportunity for them to save the world with their minds. To achieve this goal, we must begin in elementary school where students are first beginning to find their explore the world beyond themselves and continue in middle school and high school as they plan their futures. CSTA is committed to working with a the broad community of educators and stakeholders to achieve these goals. CONTACT For more information on our cyber safety and cyber security projects or on CSTA in general, please contact: Chris Stephenson CSTA Executive Director cstephenson@csta.acm.org 5