A new tiered digital cyber security licence – akin to swimming certificates – will progress in-school cyber security training that is still in its “infancy” in Western Australia, an Edith Cowan University (ECU) professor has predicted, as ECU researchers gear up to eventually trial the program with WA students.

Currently under development by researchers at ECU and its Security Research Institute (SRI), the licence will guide primary and secondary years students through a cyber security curriculum designed to teach them how to “be their own first line of defence against cyber crime,” Associate Professor Nicola Johnson of ECU’s School of Education explained.

“Teaching our young primary students the basics of cyber hygiene and cyber awareness is crucial,” she said, noting that the current WA curriculum only includes around two hours of technology education per week.

“Just like ocean swimming safety, we must teach our children about the lurking sharks,” she said. “We can get it right for WA students, teachers, and schools to better prepare and equip society to reduce cyber-crime and increase resilience to illicit cyber behaviours.”

Developed after a series of workshops held in Perth late last year, the new digital curriculum will also provide guidelines for teachers and schools themselves to obtain digital cyber security licences as attestation of their success in implementing “cyber secure and cyber hygienic best practices from a basic to an advanced stage,” Johnson said.

“The shorter-term threat of cyber attacks grows exponentially upon us,” she added, “and whilst cyber security is being addressed at the national level, it is still in its infancy within school settings.”

That lack of cyber security sophistication has taken its toll, with the Australian Cyber Security Centre (ACSC) recently reporting that the education and training sector rose from suffering the fourth-highest percentage of ransomware attacks in 2020-2021, to being the most frequently hit sector in 2021-2022.

Such exposure has created major headaches for schools like Loreto Mandeville Hall Toorak – whose alumni include federal Minister for Cyber Security Clare O’Neil – which detected a cyber breach in late May and this month emailed breach victims to explain what personally identifiable information (PII) forensic investigations had found to have been compromised.

Licence to skill

The program is far from the first effort to apply the long-held idea of a pen licence – which is awarded to students in late primary years to demonstrate that their handwriting has progressed enough to use pens – to begin building lifelong cyber security skills.

During its campaign for the 2022 election, the Albanese Government promised $6 million for a nationwide rollout of the eSmart Digital Licence – which has been adopted by schools, libraries, and other institutions and was delivered to NSW students as early as 2015 thanks to support from Google.

Providing just $6m in funding is “inadequate” for a rollout of the program to meet its objectives, Charles Sturt University (CSU) adjunct professor Tanveer Zia warned after the proposed funding was announced last year.

“The 10- to 14-year old age group is at a delicate stage when children expand their social circles,” he explained, “and keeping them safe in the anonymous world of the Internet becomes more of a challenge.”

Given the need to teach a range of cyber security concepts – including identifying phishing websites and emails, teaching content filtering techniques, and balancing learning with socialising – a more effective long-term solution, he said, would unite the eSafety Commissioner, Department of Education, and universities to develop a “structured curriculum to launch this program across the country.”

Whether the ECU digital cyber security licence offers a more complete curriculum remains to be seen – but its inclusion of teacher training and school benchmarking could expand the value of the digital cyber security licence beyond simply being a goal for students.

Researchers will consult with WA school principals to “identify the professional learning needs of their staff so we can best support teachers,” Johnson said.

“Teachers need professional learning to develop their knowledge and cyber hygiene practices so they can confidently teach relevant aspects of cyber security as they go about their everyday teaching.”