How can current and future generations help to ensure that technologies are created and used ethically? One way is effectively teaching students about cybersecurity and AI ethics. Associate Professor of Information Sciences Yang Wang and colleagues from the University of Illinois and other universities are interested in the topic and have been conducting research into how to improve instruction. Notably, their research team also has two high school students.
In online interviews, 16 U.S. high school teachers and several high school students shared their experiences in teaching and learning cybersecurity and AI ethics.
Findings about what topics high school teachers cover, the strategies and resources they use, and challenges they encounter were released in their paper, "How technical do you get? I’m an English teacher": Teaching and Learning Cybersecurity and AI Ethics in High School.
The research is set for presentation at a premier international conference on computer security in early 2023. [IEEE Symposium on Security and Privacy 2023]
A fundamental goal of cybersecurity ethics education is to prepare future decision-makers in the realm of cybersecurity. "This is an area where multiple ethical frameworks converge on issues including fairness, balancing the ‘good’ versus harm or risk, and the protection of innocent parties," the researchers noted.
Teachers shared their struggles to inspire "an appropriate level of awareness and concern in their students in topics like cyber hygiene, personal autonomy, and data privacy." Many teachers in the study described students’ overconfidence in their own ability to spot threats. Teachers also expressed that their students lacked awareness regarding online information, which can leave a person vulnerable to mis- and disinformation.
Teachers varied in their opinions about the reasons behind their observations. While some pointed to naivety, one teacher said:
"I think that's something that takes a lot of time and understanding to develop, to think about how you participate within systems and how systems influence you [...]. That's a developmental thing. I don't think it's naive."
Wang and colleagues concluded that their initial study demonstrates a need for more and better-quality cybersecurity/AI ethics instruction and that more research is needed to investigate their findings with larger samples and across broader swaths of the U.S. educational system.
Further, they recommend that "it would also be helpful to delve further into how teachers can best introduce AI/CS ethics into already-packed curricula."
Wang and colleagues point to the fact that much current cyber education is grounded in 'don't-do-this-isms'. And that students seem to immediately tune out such messages. Not wanting to be lectured to by adults is one reasonable explanation for a certain level of apathy.
Provide more tools for teachers and make them integratable
Wang explained that from the interviewed teachers' perspective, a common theme was a lack of tools or of support to allow teachers to cover cyber hygiene. While some cybersecurity education resources exist, it takes time to discover them. And then once discovered, it often is not easy for educators to incorporate them into curriculum.
Make it relatable and include students in the teaching
Wang explained that his colleagues are working on the next phase of research, which is helping to create the resources teachers want and students will engage with.
They conducted a workshop at a local high school where they designed a set of hands-on labs to educate students about privacy and security issues. Students were asked to create a public announcement or a short summary of a cybersecurity issue.
"It was fun to see students create different announcements. Evaluations afterwards showed that the students liked that activity. They had to use what they learned and then present it themselves. Only if you can teach something, does it show you understand it. Students know the ways that the content will be engaging for their peers," Wang said.
"Teachable moments" can make a difference
"Our university is doing a great job creating a lot of education materials and short lessons. However, I think a lot of times people brush the ideas away because cybersecurity's not a main concern in their daily life. When you go online your main task might be making a purchase, etc.," Wang said.
Wang explained that there are some very good materials that train college students, yet they are usually for students in the STEM field.
"Arguably each student should have an awareness of these issues. The challenge is how to educate students in disciplines who don’t take computer classes," he noted.
Wang believes what he and his colleagues learned from their work can be applicable to colleges. Teachers like to use recent events to illustrate things. Resources that allow teachers to easily use recent events as a springboard will be a good technique, he noted.
Wang teaches classes in computer security and in user experience and data science, and as he has started to mention current events in his instruction it catches people's attention. "It's a way to bring up these issues in non-CS classes. I use examples from this research [the examples that high schoolers created] in my own teaching. Students then immediately know what I am talking about." he explained.
"Think about teachable moments. When cybersecurity events happen in the world, people are more likely to spend time on them. When you deliver and how you deliver them can build on real world events. That’s a good strategy," he said.