Are we raising a generation of cyber crooks?

cyberpatriot2013banquetIn March 2013, two groups of U.S. high school age kids with prodigious cyber skills visited the Washington, D.C. area. On March 2nd, George Mason University hosted the annual Virginia Governor’s Cup CyberChallenge with 40 of the state’s brightest and smartest ‘geeks’. On March 15th, 156 high school cyber experts from across the country were treated like rock stars at the Gaylord hotel in National Harbor competing at CyberPatriot V – the National High School Cyber Defense Competition. In both of these events, the students used their hacking skills for good – to find and deal with computer and network vulnerabilities and to defend systems against hacker attacks. With just these two events, our nation’s capital saw nearly 200 of the country’s top future talent in cybersecurity. These young men and women came here to compete for scholarships and prizes – by computer hacking. What’s great about this story is that a large part of their training for these events focused on the ethics of hacking.

What’s not so great is that most of them probably learned their hacking skills years earlier. By middle school, they’d already learned much of what they needed to be top competitors today. What did they not get back then? Ethics.

It’s unfortunate that about the only way kids younger than 14 can learn cyber skills is by flirting with or outright breaking the law. There are no legal ‘targets’ for them to practice on and hone their hacking skills. Those targets are only available to some high school and college students and professionals in the cybersecurity community; and these targets are way too expensive for casual use.

shutterstock_132998150_resultParents complain that their kids spend way too much time on the computer, playing video games and doing who knows what. We’ve all seen our kids change their screens when we happen to come near. Why? Because in addition to doing homework, they are also doing things that we say they shouldn’t do. And for some of the brightest of these kids, that activity isn’t just playing video games, it’s learning how to hack computers and networked systems -which is very much a game as far as they’re concerned.

Advertisement

The only way they can learn these skills is by researching hacking methods on the internet and trying those methods out on targets. With no legal targets, they make do with what is available – their parents’ computers, company networks on the internet, our national cyber infrastructure. Our cyber kids have at their fingertips a vast network of forums and message boards that they use to share information and tools – often the same places that true cyber crooks use. But with no safe place to ‘play’ and practice – and get any sense of the value of ethical hacking, they learn to hide their activity from us. Because frankly, what they are doing is often illegal.

By the time they get to high school or college and hook up with cyber clubs or classes, much of their values and ethics have already been set. For every one of these stars who made it to state and national competitions, there are many thousands more who do their hacking off the grid; for every cyber kid who grows up to help defend our nation and industry there may be dozens who’ve turned to a life of crime. Without exposure to the ethics of hacking, they see little or no difference between hacking for good and hacking for self-interest; it’s all just gaming to them. And we teach them this!

We need to change our thinking on cyber education, and we need to start that today. We need to push down cyber education to the age level where interested kids start experimenting with cyber. For most, that age is 10-14 – so say by the 5th grade. We need to put cyber education resources and ethical hacking values into the hands of these children. They need safe places and targets they can use to learn and practice. Ask any parent, this age is when they are more likely to accept ethics learning – not high school.

While we applaud the cyber stars who showed off their skills and the organizations that provided the opportunities, we also need to consider the untold thousands who didn’t come, who also learned these cyber skills, and who didn’t get any sense of the ethics of their cyber activities. We have a choice. We can bring ‘cyber on the sly’ into the light of education and include ethics when it will do the most good. Or, we can continue to let our cyber kids be tempted by the dark side, and risk raising a generation of potential cyber crooks.

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.