Skip to main content

Earlier this month, CYBER.ORG released the first national K – 12 cybersecurity learning standards for U.S. school children. The goal of these standards is to “help increase student cybersecurity literacy and build a robust pipeline of future cybersecurity talent.” With over 450,000 vacant cybersecurity positions worldwide, that talent pool is desperately needed. 

“The national K – 12 cybersecurity learning standards are critical to providing the next generation of students with the skills and knowledge to pursue cybersecurity careers, ultimately helping solve the cybersecurity workforce gap,” said Kevin Nolten, Director of Academic Outreach at CYBER.ORG. 

The new cybersecurity learning standards also aim to protect overall national security and help the U.S. maintain business competitiveness worldwide. 

This is the first national effort to align cybersecurity curricula across the country. States can begin evaluating the cybersecurity learning standards now and opt in to using them in the 2022 – 2023 school year. 

What is CYBER.ORG?

CYBER.ORG is the academic arm of the Cyber Innovation Center (CIC). The earliest education initiative of the CIC began in 2007 with the recognition of a need for workforce training solutions to drive economic diversity. In 2012, the CIC launched the National Integrated Cyber Education Research Center in partnership with the U.S. Department of Homeland Security. In 2020, NICERC became CYBER.ORG. 

CYBER.ORG is funded by the Department of Homeland Security through a grant from the Cybersecurity Infrastructure and Security Agency (CISA). 

Why Do Kids Need Cybersecurity Education?

The existing shortfall of competent cybersecurity talent is expected to grow to over 1.8 million jobs worldwide in 2022. CYBER.ORG’s research shows that cyber education in high schools correlates to four times as many students going into cyber related college or university degree programs. 

The development of national standards empowers state and local education authorities and individual teachers with the resources needed to deliver cyber content to students. Nolten says, “For the first time, educators have a roadmap for uniformly teaching cybersecurity to students in each grade band across the country.”

What Do the Standards Cover? 

The standards are divided into three core concepts: Computing Systems, Digital Citizenship, and Security. Each theme is broken down into a subconcept and a topic, with standards for each of four grade bands (K – 2; 3 – 5; 6 – 8; and 9 – 12). 

The curriculum was written with usability in mind. Standards are flexible and can be incorporated into many subject areas, not just computer science.

If it’s hard to imagine teaching a sixth grader about threat actors or explaining intellectual property to a Kindergartner, check out the standards. The writers, educators, and industry experts have done excellent work laying a foundation for early grades that builds to more complex concepts for older learners.

To teach K – 2 students about the subconcept of Data Loss, teachers start with the basic idea of saving your work. By grades 3 – 5 students learn about auto-save features in apps and cloud-based services. The 6th, 7th, and 8th graders are introduced to the concept of redundant systems for data loss prevention. And the high school students cap it all off with lessons about auxiliary power sources, along with the use of hot and cold sites to mitigate the risks of an environmental disaster affecting operations. 

How Will the Standards Be Received? 

CYBER.ORG has already trained 12,270 teachers to teach cybersecurity skills. And 18,000 teachers are currently enrolled in CYBER.ORG’s content platform. There is a demonstrated desire among educators for more tools to adequately address cyber issues. 

Janet Hartkopf, Cyber Program Director at Basha High School in the Chandler Unified School District in Arizona says, “Educators now have a clear rubric to guide cybersecurity curriculum and help address the existing gaps in the talent pipeline.”

The standards could hit some roadblocks among parents. Many parents don’t understand the need for such training. Also, a few of the subconcepts address what is and is not appropriate online engagement at particular ages. The K – 2 standard for Threats and Vulnerabilities mentions “grade-appropriate examples of various methods for exchanging information, such as social media feeds (e.g., YouTube) and online game platforms (e.g., Minecraft).”

Parents vary widely in what they consider age-appropriate for their children regarding screen time and online presence. Schools will want to tread carefully when addressing these areas. As with many subjects, parent buy-in is critical to making the standards “stick.” A parent guide would be a useful companion document to the standards. 

Schools Are Online and There’s No Going Back

As classrooms become more and more digital in nature, they face more threats to their cybersecurity. There were over 400 reported cyberattacks in U.S. schools in 2020. Teaching kids (and staff…and, hey, parents too) about cybersecurity is both a good policy for developing talented future security experts and a way to mitigate threats today. 

As American schools evaluate the new standards, they should also take stock of their cybersecurity risks. Like any organization that functions in the digital world, school districts should conduct regular cybersecurity audits. Password safety and phishing drills should be a standard component of professional development for teachers and staff. 

If your school or school system needs security awareness training or a security audit, Asylas can help. Call us at 615-622-4591 or email Or complete our contact form.

Leave a Reply