The United States is at war in cyberspace. The scope and complexity of nation-state and criminal cyber intrusions has grown tremendously over the past year, leaving the nation to battle not only cyber warfare, but for talent. The SolarWinds attack revealed in December of 2020 was the most extensive cyberattack leveraged against the federal government to date, according to the FBI. Attacks on U.S. and global industry have reached a fever pitch. The COVID-19 pandemic presented tremendous opportunity for IP theft of vaccine information and distribution plans, while local school districts shifting to online learning faced an onslaught of cybersecurity challenges – from Zoombombed classrooms to cyberattacks on schools’ digital architecture. Concurrently, American cities with aging infrastructure became ideal targets for ransomware attacks that left local governments in financial ruin, while many of these incidents could have been prevented through basic cybersecurity hygiene measures and additional cybersecurity personnel.
At the same time, the significant U.S. cybersecurity workforce shortage has put tremendous strain on industry, government, and the global economy, as companies of all sizes and federal, state and local governments struggle to fill open positions in the face of increased threat. The somber reality is that the U.S. is expected to face a shortage of 1.8 million skilled cybersecurity workers by 2022, making educating and empowering the next generation of cybersecurity professionals imperative to our future national and economic security. A recent report by the International Information System Security Certification Consortium, (ISC)² advised that the U.S. cybersecurity workforce must surge by 62 percent to close the skills gap, while nearly 4 million security professionals would need to be added to close the global skills gap.
Though filling the cybersecurity talent pipeline has often been thought of as a longer-term goal for the United States, there is renewed urgency to address the tremendous workforce shortage – and quickly. Recent cyberattacks on U.S. infrastructure continue to serve as warning signs that the cadence of threats has increased tremendously and requires immediate action by both industry and government partners. Solving the cybersecurity workforce and talent shortage requires taking action, starting with the youngest learners in the K-12 educational system.
K-12 educators are the force multipliers when it comes to cybersecurity, as building up their confidence through professional development and awareness also increases student access to cybersecurity education and careers. Empowered teachers play an essential role in empowering students to learn cybersecurity concepts in the classroom and enter the workforce with the knowledge and training required to succeed in the industry.
Introducing students at a young age to cybersecurity concepts has tremendous potential impact on both their knowledge of cybersecurity principles and ultimately their interest in pursuing cybersecurity careers as adults. Seeding student interest in cybersecurity is one of the most critical ways to ensure that everyone has knowledge and understanding of cybersecurity concepts and exposure to career options and the pathways to those careers. This begins by introducing cybersecurity into the classroom as early as kindergarten and continuing throughout grade 12 of high school. Unfortunately, not all students currently have equal access to K-12 cybersecurity education.
In 2019, a report from ProtectWise and Enterprise Strategy Group revealed that only 9% of millennials stated that they were interested in pursuing a cybersecurity career at some point in their lives. This was attributed to a lack of awareness of the options in the cybersecurity field and limited access to cybersecurity curricula. Only 17% of respondents said a family member had worked in the cybersecurity field, while 69% said they had never taken a class in school focused on cybersecurity and 65% said that their school did not offer cybersecurity courses.
According to a 2020 EdWeek report on the state of K-12 cybersecurity education, student knowledge levels of cybersecurity are lower in public schools, and in cybersecurity deserts (communities that lack cybersecurity companies or universities that study or offer coursework on the subject). Student knowledge levels were also lower in higher-poverty districts, where survey respondents reported larger shares of students from low-income families.
This suggests that increasing K-12 cybersecurity education in all regions means advancing knowledge of cybersecurity is even more essential in high-poverty areas, cybersecurity deserts, public schools and with K-12 teachers. This makes increasing teacher professional development around cybersecurity education essential to increasing student cybersecurity exposure.
The K-12 educational skills gap requires a coordinated effort by government, industry and the educational system. Ensuring that every K-12 student has access to cybersecurity education requires that teachers become educated on the tools and available curricula, while government and industry have a responsibility to develop cybersecurity learning standards that can be applied uniformly across grade levels to ensure that all students are receiving the same quality of education.
Efforts to establish national cybersecurity standards are currently underway with input from government, industry and educators. Once implemented in all 50 states, K-12 students around the nation will be learning cybersecurity education under the same criteria, a tremendous feat that will provide educators with the tools they need to ensure equitable access to cybersecurity education – and ultimately cybersecurity careers.
Educational efforts can only go so far without legislative support and significant funding. While school cybersecurity has become a recent focal point over the past year, it is imperative that K-12 cybersecurity education is prioritized both in the classroom and on Capitol Hill. It is important that we establish policies that better support our nation's K-12 teachers and students to prepare and engage a cyber literate workforce – an effort critical to our national security and prosperity.
Addressing the cybersecurity workforce shortage through K-12 cybersecurity means creating a culture of collaboration between industry, government and education. Effective partnership is critical to ensuring that educators are being trained and well-resourced to teach K-12 cybersecurity, and that industry is lending an expert hand to helping lift up the next generation of cybersecurity professionals through internships and training programs. Through both national and state legislative efforts that support the pursuit and implementation of K-12 cybersecurity curriculum around the country, the cybersecurity skills gap can be better addressed.