The internet has become the Wild West of our time – except that the scope for crime or making a double-quick fortune is far beyond anything seen at the American frontier. Hackers are at the vanguard of this online world that is changing at breakneck pace, where a product launched last year is old hat and a business started a decade ago is an elder statesman.
Prodigious teenage hackers have a choice between being an international criminal pursued by the FBI or a lauded billionaire tech guru. This is what teenagers heard at a series of events on cybersecurity for schools around Scotland last month. The exponential pace at which technology is advancing will open up untold opportunities to do both good and bad – and those on either side of the virtual fence are pitching for more young people to join their workforce.
But who in schools is helping them with the skills and know-how to navigate this daunting, shape-shifting world? Computing should be the obvious subject to take up the reins, but it has been dogged in recent years by declining numbers of teachers – a 14 per cent drop over two years, TESS revealed in November 2014 – along with a variety of concerns over the relevance of qualifications.
Negotiating the pitfalls of an all-encompassing digital world is surely the responsibility of every teacher, but can any formal education system truly keep pace?
Schools must take the lead
Change in Scottish education is glacial by comparison with technological advances; after all, Curriculum for Excellence is still slowly taking shape more than a decade after its conception in a bygone time when pillars of the online world such as YouTube, Twitter and Facebook did not even exist.
The lectures, attended by 2,000 teenagers across five Scottish universities – and by TESS in Glasgow – provided a starter guide to what schools should be covering and how to do it (bit.ly/CyberLectures).
The speakers acknowledged that the image of hackers – once a pejorative term, now more ambiguous – has changed, citing World Wide Web inventor Sir Tim Berners-Lee: he defines a hacker as “someone creative who does wonderful things”.
They did not steer clear of the edgy glamour of hacking, with pupils agog at video footage showing how drones could be used to harvest data from unsuspecting millionaire guests at an exclusive hotel in South Africa.
“We break stuff and target people,” was the definition of hacking from Matt Summers, managing consultant at NCC Group, a company whose business it is to make the internet safer for organisations around the world by keeping out the more nefarious hackers.
Daniel Cuthbert, chief operating officer of cybersecurity company Sensepost, recalled how easy it was for 20,000 delegates at a Las Vegas hacking conference to work out what phone users in the area were buying from Amazon or whether they were watching pornography: “Your phone leaks information about you constantly.”
These skills could be put to lucrative use, too: hackers are in high demand to track down modern-day “bounty” – more prosaically known as software bugs – for huge global brands, such as Facebook and Starbucks, the teenage audience heard.
Summers recalled that one hacker earned £1 million for hacking into an iPhone.
The average age of a hacker is just 17, but while teens may be clued-up about how to exploit sophisticated software, they are often naïve about the potential pitfalls of furrowing around the internet.
“The consequences can be life-changing,” said Andrew Davis, representing Police Scotland’s cyber-crime unit; if other speakers were like hip older brothers, he played the concerned parent.
The huge amount of information being transmitted digitally these days means that people are “more likely to be a victim of crime online than in ‘real life’”; and whatever the moral panics about sexting and paedophiles masquerading as teenagers, these are real and potentially devastating dangers.
“Be careful what you put online because you never know who you’re talking to,” said Davis, citing the case of Dunfermline 17-year-old Daniel Perry, who took his own life in 2013 after being blackmailed by fraudsters in the Philippines pretending to be a girl his own age.
And he advised schools to impress upon pupils that online content is not as ephemeral as it seems: that naked picture or questionable joke thrown online could rattle around in the ether for years, before producing a devastating backlash if found later by the wrong person. “Your future careers will be determined by what you post online…everything is traceable,” warned Davis.
But the lectures also sought to entice pupils into the cybersecurity industry and the message was crystal clear: there are huge numbers of jobs waiting to be filled.
“We are desperate for more people to come to work with us,” said Brian Higgins, who is project manager for the Cyber Security Challenge UK education programme.
He highlighted European Commission figures predicting that 750,000 new cybersecurity jobs will be created in the UK by 2017, as well as an average salary in the sector of £55,000 outside London, where wages are even higher (see box, previous page). He made a particular appeal to female pupils, as women currently make up only 6 per cent of the cybersecurity sector’s workforce.
The huge demand for young people with expertise in the Stem subjects (science, technology, engineering and maths) was epitomised for Mr Higgins by CyberFirst, a trial programme, which will eventually have 300 places. It will provide work placements in MI5, MI6 or GCHQ and, upon completion, a guaranteed job in one of those agencies for three years. The scheme also throws in £4,000 a year to help each successful participant make their way through their undergraduate degree.
One quip from Mr Higgins about the freedom for students to spend this financial incentive as they like, just as long as they join the programme, laid bare just how huge the demand is for young hackers’ skills: “You can spend it on Pop-Tarts and tequila – we don’t give a monkey’s.”
Future digital skills
Educational consultant Laurie O’Donnell, who specialises in digital technologies, told TESS that graduates with an ethical hacking degree at Dundee’s Abertay University “walk into jobs”. However, he added that education more generally is still too focused on “yesterday’s low-level digital skills”, which do not extend far beyond the ability to operate rudimentary technology in offices of factories.
“Important as these skills are, the jobs they relate to are the most likely to be automated over time as a result of the forward march of technology and especially of AI [artificial intelligence],” he said.
“Education – and it starts with schools – has to be more about designing the technology, not just using technology that has been created by other people.”
Mr O’Donnell praised initiatives such as the Plan C project (Professional Learning and Networking for Computing), which was funded by the Scottish government as a way of boosting computing teachers’ skills.
But – and this is key – he said that “there’s still a lot to be done if Scottish schools are to properly prepare our young people for this rapidly changing world”.
Guardians needed to watch over our online world
17: the average age of a hacker.
750,000: the number of extra cybersecurity jobs the UK will create by 2017, according to the European Commission.
11,000: the number of new professionals Scotland’s tech sector may need each year.
£55,000: the average UK salary in the cybersecurity industry, not including London.
£38,000: the average salary in Scotland’s technology sector
1,800 per cent: the increase in malware – software to disrupt or damage a computer system – affecting the Android operating system in the two years to 2014.