Teach Cyber 2020 logo
March 29, 2021

The Teach Cyber Megabyte

Happy Almost End of the School Year!

Thanks for being part of the Teach Cyber mailing list! We're excited to share relevant and useful information about Teach Cyber and other resources, events, and news in cybersecurity education. Feel free to forward and share! (Please note: if you forward this to someone else and they click "unsubscribe", you may be unsubscribed from the mailing list.)

In this month's Megabyte: Teach Cyber Summer PD; 2020 Cybersecurity Pathways Awards Winners; Feature Article - The Future of Passwords

Teach Cyber

Summer Professional Development

Learn Cybersecurity Workshop Series

Are you looking to expand your cybersecurity knowledge and skills this summer? Then you might be interested in signing up for one or more of the virtual workshops Teach Cyber is offering in the Learn Cybersecurity workshops series.
  • July 6, 10:00 am - 5:30 pm ET - Why Cybersecurity Matters
  • July 7, 10:00 am - 5:30 pm ET - Data Security
  • July 8, 10:00 am - 5:30 pm ET - System Security
  • July 9, 10:00 am - 5:30 pm ET - Security and Ubiquitous Connectivity
Each workshop in the "Learn Series" is geared to build teachers' knowledge about cybersecurity. You will learn about and do cybersecurity - hands on labs in the US Cyber Range will help you build your cybersecurity acumen!
Teach Cybersecurity Workshop

Are you wanting to prepare to teach cybersecurity next school year? Then you might be interested in signing up for the virtual week-long Teach Cybersecurity workshop. This workshop will help you get ready to teach cybersecurity using the Teach Cyber courseware.
  • July 26-30, 10:00 - 5:30 pm ET
You will get the opportunity to work through labs that you can use with your students in the US Cyber Range. Join us for an action packed week to launch a successful cybersecurity course next year.
Registration

Registration is now open.

To Register for the Summer PD, go to our homepage and find the workshops at the bottom of the page!

Scholarships Available - April 30 DEADLINE

Thanks to our partner, the National Cryptologic Foundation, we have 40 scholarships for the Learn Cybersecurity Workshops and 10 Scholarships for the Teach Cybersecurity Workshop. Click here to get information on how to apply!
NCF Logo
We expect to announce a few additional scholarships in the near future - so keep your eye out!
smK12CyberTalkLogo
Hey teachers.......here is a fun resource you can check out. K12 Cybertalk produces exciting and engaging webcasts and resources so that you and your students can learn more about cybersecurity and explore its many different career options and opportunities.

Check out this great resource produced by cybersecurity students and educators for cybersecurity students and educators!
2020 CYBERSECURITY TEACHERS OF THE YEAR

Platform for Cybersecurity Award Winners

We have been sharing the Teach Cyber Award Winners in our 2021 newsletter. This month we are featuring the two teachers who were presented with the "Platform for Cybersecurity" award. This award recognizes teachers who are supporting systemic change in cybersecurity education in their communities. These awardees mentor other teachers and craft curriculum or policies to be adopted by other cybersecurity teachers.
Teach of the year
PlatformforCybersecurity

Kristi Rice

Spotsylvania High School
Spotsylvania, VA

Three years of cybersecurity teaching experience
Kristi Rice
Way To Go
Why is teaching cybersecurity important to you?
Teaching cybersecurity is important to me because with the advancement of technology our children need to be aware of how to protect themselves. It is also important because there are so many vacant jobs in the cyber industry that need to be filled. My school is in a rural area and I let my students know that cybersecurity is involved in every aspect of life and industry these days. Whether it is in the medical field, protecting health data of patients or protecting data sent from automated farm equipment that is linked to IoT devices used in agriculture.

Accomplishments in advancing cybersecurity education:
  • Kristi advises the Spotsylvania High School’s Cyber Knights team. The Cyber Knights provide students interested in cybersecurity the technical resources needed to engage and advance their computer security knowledge and skills. Their monthly meetings offer discussions and hands-on practice of cybersecurity concepts that include network security, digital forensics, penetration testing, secure coding, cryptography, and reverse engineering. The club members also participate in Capture the Flag competitions and Hackathons. Kristi understands the importance of bringing women into cybersecurity. Her Cyber Knights team placed second in Virginia in the SANS Girls Go CyberStart National Championships in 2019 and 2020.
  • Kristi has also been recognized for her hard work in receiving the Virginia Business Educators Association's New Outstanding Teacher of the Year for 2017, the Virginia ACTE New Teacher of the Year 2020, and a Presidential Cybersecurity Education Award Nominee 2019-20.
  • Kristi is an active member of the Virginia Cyber Range K-12 Advisory Board, serving as Vice Chair of the board as well as representing cybersecurity educators from the Northern Neck region of Virginia. Kristi utilizes the Virginia Cyber Range platform to host her cybersecurity courses, access classroom exercises, and connect with other cybersecurity educators to exchange ideas.
Do you have any advice for new cybersecurity teachers?
My advice to a new teacher would be to please reach out to myself or any other cybersecurity educator, as I know they would be happy to help get you started. Attend workshops such as GenCyber camps and also cybersecurity education conferences like, Virginia Cybersecurity Education Conference and also the NICE K12 Cybersecurity Education Conference. I have worked with numerous school districts to start their cybersecurity programs and assisted their teachers in finding resources to get started. I am currently working with Louisa County Public Schools who were just awarded the Rural Tech Project grant by the Dept of Education. I am assisting them on curriculum development and setting up classrooms. I am so passionate about cybersecurity education and happy to assist anyone with starting their program.
Robin Burns

Robin Burns

North Point High School
Waldorf, MD

Three years of cybersecurity teaching experience
Bravo
Why is teaching cybersecurity important to you?
Teaching cybersecurity is important to me because there is such a great need for future professionals. According to Cyberseek.org, there are over 500,000 jobs openings in the cybersecurity field, and that number is only going to continue to grow. Our technology has grown so fast and afforded us so many conveniences but we need a workforce that can protect our devices, data, and information. I love teaching high schoolers and watching them discover an interest in cybersecurity. This allows me to share my passion with them.

Accomplishments in advancing cybersecurity education:
  • Robin is a teacher that all other teachers look up to for her hard work and dedication and her students adore.
  • First and foremost, she works hard daily coming up with creative and innovative ways to cover material that keep her students engaged, challenged, and constantly learning. Ms. Burns is implementing a new curriculum and utilizing the US Cyber Range with High School Students.
  • Second, all teachers know what a challenge virtual year this has been, Robin has really stepped up and become the school “tech guru”, many early mornings, late nights, lunches, planning periods and even weekends she has been available to help troubleshoot, answer questions and help in any way she can with all zoom and synergy problems.
  • And third, even while teaching a full schedule of classes, dealing with her own health issues (including surgical medical procedures), and helping staff countywide with technology she also managed to earn her graduate certificate in cyber security from UMGC in 2020.
  • I personally know several new teachers she has taken under her wing and mentored allowing them to be successful in an overwhelming time. Our school would not be anywhere near as successful in virtual teaching if it was not for Ms. Robin Burns and her commitment. I cannot imagine a harder working or more dedicated teacher.
Do you have any advice for new cybersecurity teachers?
My advice for novice teachers is to never stop learning and growing. I was teaching computer science and my Principal gave me the opportunity to start teaching in our CTE Cybersecurity Program. Several of my CTE colleagues were industry professionals before becoming teachers. As a career educator, I wanted make sure I was the best teacher and that required me to seek out additional experiences. My journey started by attending a GenCyber Teacher Camp. This led me to earn a Graduate Certificate from the University of Maryland Global Campus, all expenses paid by a grant from the NSA. I presented at the NICE K-12 Conference in December of 2019 and have continued to explore professional development opportunities from leading Cybersecurity Curriculum developers such as Teach Cyber. As the technology continues to develop and change, I cannot stay stagnant. These opportunities have helped me professionally as well as my students, but they have also helped me develop relationships with fellow professionals that have helped me grow as a whole person.

FEATURE ARTICLE

"The Future of Passwords"

Robot
How do you prove you are who you are? This might seem to be an existential question but in cybersecurity, authentication is crucial. Authentication is a process by which a user is verified that they are who they claim to be. This process requires a user to provide some information (often a password) that is compared to information stored on a server. If those pieces of information match, there is some confidence that the person is who they say they are.
AAA
Authentication is one piece of the AAA Framework used for effective network management and security.
  • Authentication verifies the identity of a user to prevent unauthorized access to the network.
  • Authorization processes determine which resources users can access, along with the operations that users can perform.
  • Accounting keeps track of what users do such as the amount of system time or the amount of a data a user has sent and/or received during a session.
Let's focus on the first A: Authentication.
Authentication is the process of verifying the identity of a person or device. Companies establish an authentication process for when a person requests access to a system resource. Every time a person requests access to a resource, the access controls determine whether to grant or deny access to the object.

Passwords are the most frequent form of authentication. The modern computer password was introduced to computer science in 1960 by Fernando Corbató at MIT. The university had developed a Compatible Time-Sharing System that all researchers could access. Corbató developed the concept of a password so the researchers could keep individual files private. Although the computer password is relatively recent, the notion of using a password to grant access has been around for centuries. The Roman military reportedly used passwords as a way to distinguish between allies and enemies.[1]

Why are passwords still one of the most common forms of authentication?
Passwords are easy to use and can be easily changed if compromised. For companies, they are cost effective and do not require extra hardware nor have compatibility issues.

What are some problems with using passwords for authentication?
Forgetting passwords is one issue. People often use passwords they can remember which often do not follow guidelines for strong passwords such as long, complex passwords that use a combination of upper case and lower case, numbers, and special characters. The image below shows the most used passwords from analysis of breached accounts worldwide.

What patterns do you see?
patterns
Password policies also often require users to change their passwords after a designated period of time. Thus, many people rotate their passwords using the same set of passwords across several accounts. LastPass (a password management company) and Lab42 conducted a “Psychology of Passwords” survey of 3,250 people in 2020, finding that 66% of respondents use the same password or a variation across multiple accounts. And 25% said they have to reset passwords once a month because they keep forgetting them.[2]

Perhaps the biggest problem is that weak password security is argued to be the cause of many cyberattacks and data breaches. According to a 2020 study by Verizon, 80% of hacking-related security breaches were the result of weak or compromised credentials.[3]

What is the future of passwords?
Currently it is estimated that there are some 300 billion active passwords so passwords are most likely not going away anytime soon as an authentication factor. Although some argue that more and more companies will move to a password-free approach to authentication.[4]

Already an attempt to sure up the use of passwords is to combine them with other authentication factors, otherwise known as multi-factor authentication (MFA). This layered approach to cybersecurity uses more than one type of authentication credential to verify the user; like using both a PIN number and your bank card at the ATM. Many companies have moved to using both a password and an SMS text message with a code for example. Gmail, Dropbox, and Paypal are just a few companies that have all moved to an MFA approach.
MFA2
Types of Authentication Credentials
Authentication Factors:
Examples:
Something you have
Smart card, SMS text message with a code, smart card
Something you know
Password, PIN, Answer to a security question
Something you do
The way you walk, keystroke dynamics, user motion
Something you are
Fingerprint, handprint, eye scan
Somewhere you are
Geolocation
So, what is the future of multi-factor authentication?
One issue of multi-factor authentication is creating a system that is simple/easy to use and allows for users to choose the modality. There is hesitancy from some users of using biometrics for example, which are not themselves completely secure. Companies do not want to chase users away from using their sites or apps. Many companies will probably invest in educating users on the strengths of an MFA system over just using a password.

With advances in other authentication factors, will the password eventually go away? Only time will tell.

[1] https://www.welivesecurity.com/2017/05/04/short-history-computer-password/
[2] https://www.fastcompany.com/90500670/we-still-stink-at-passwords-and-theres-really-no-excuse
[3] https://enterprise.verizon.com/resources/reports/dbir/2020/introduction/
[4] https://www.raconteur.net/technology/cybersecurity/passwords-authentication/

MFA in the Teach Cyber Courseware:

Unit 2, Lesson 1 – Students distinguish between identification, authentication, and authorization. They review two data breaches that exposed passwords and then look into poor and often used passwords.
Unit 5, Lesson 1- Students refine their understanding of authentication, authorization, identification, and access control. They also identify various factors of authentication and their pros and cons.
Teach Cyber 2020 logo