with Tonya Riley

Less than half of elementary through high school students are getting any cybersecurity education at school, and schools with lower-income students are less likely to be providing that training than schools with higher-income students.  

Those findings, from a survey out this morning, should be worrisome as the United States faces a staggering cybersecurity workforce shortage, which senior government officials have described as a national security weakness. 

We need to invest in K-12 education and introduce students to the knowledge, skills and capabilities around cybersecurity if we want to have a long-term disciplined approach to closing the [cybersecurity workforce] gap,” Kevin Nolten, academic outreach director for the nonprofit organization CYBER.ORG, which commissioned the survey, told me. 

A dearth of cybersecurity workers will make it far harder to protect a wave of new consumer and industrial technology that will be arriving in coming years and could put the United States behind in a generational struggle with China over who will build and secure new technology systems. 

CYBER.ORG, which was previously named the National Integrated Cyber Education Research Center, produces cybersecurity curriculums for elementary through high school students under a Department of Homeland Security grant. It's one of a handful of organizations that produces such curriculums, which includes online student tutorials and teacher guides.  

The survey was conducted by the nonprofit Education Week Research Center and is based on responses from 912 teachers across 50 states and the District of Columbia. 

The survey is awash with disturbing figures for people concerned about the future of the cybersecurity workforce. 

Just 45 percent of teachers said their students were receiving some sort of cybersecurity education, either through stand-alone classes, as part of a broader technology curriculum or through extracurricular activities.

That figure was even lower in low-income school districts. Just 33 percent of students are getting a cybersecurity education in districts where 75 percent or more students come from low-income families, the survey found. That’s compared with 56 percent in districts where 25 percent of students or less came from low-income families. 

About 60 percent of teachers said their students knew just a little or nothing at all about cybersecurity compared with 40 percent who said their students new “some” or “a lot” about the topic, the survey found. 

Within lower-income school districts, 21 percent of teachers said their students didn’t know anything about cybersecurity and 44 percent said they knew just a little. In higher- income districts, 8 percent said their students knew nothing about cybersecurity and 40 percent said they knew just a little.

We're not introducing these communities to the opportunities that cybersecurity presents to their students,” Nolten said. “We need to ensure that the pipeline going into the workforce is economically diverse, racially diverse and gender diverse. We want to ensure that [students] have equal opportunity to jump into a high-demand field.” 

Cybersecurity jobs have surged in recent decades as ever-more industries have become dependent on technology. 

But the pace of new high school and college graduates ready to fill those jobs hasn’t remotely kept up.

Just two years ago there were about 300,000 unfilled cybersecurity jobs in the United States, according to figures maintained by the Commerce Department. Today that number has surged to more than 500,000. 

The global cybersecurity workforce gap is projected to reach about 1.8 million workers by 2022, according to a 2019 study by the Center for Strategic and International Studies think tank. 

Government has been hit particularly hard by the workforce shortage because its top workers often flee for better-paying industry jobs. 

But government efforts to improve the workforce gap have been relatively lackluster. Most of those have focused on recruiting private-sector cybersecurity pros to work in government, including for short tours of just a year or two. 

The federal effort on cybersecurity education has come mostly through a smattering of grants such as the one that funds CYBER.ORG’s operations. A Commerce Department division called the National Institute of Cybersecurity Education also hosts regular conferences for educators including at the pre-college level and has helped develop a series of guides, webinars and challenges for students and educators. 

President Trump also issued an executive order aimed at improving the cybersecurity workforce last year that included a series of rewards for top-performing government cybersecurity pros. 

But the only portions focused on K-12 education were two annual presidential cybersecurity education awards — one for an elementary school teacher and the other for a high school teacher — “who best instill skills, knowledge, and passion with respect to cybersecurity and cybersecurity-related subjects.” 

The keys

A new indictment accuses Julian Assange of far broader computer crimes. 

The indictment accuses the WikiLeaks founder of trying to recruit hackers to access Icelandic government secrets and conspiring with the hacking collective LulzSec to publish American intelligence community documents, Rachel Weiner and Ellen Nakashima report.

The indictment does not include new charges in addition to the 18 Assange already faces. And the statute of limitations for the new allegations has already expired. But prosecutors say it bolsters their case that Assange is a hacker rather than a publisher or journalist. 

Assange’s only previous computer crime charge was for offering to help U.S. Army intelligence analyst Chelsea Manning crack a Defense Department password. Cybersecurity experts criticized those charges, saying officials have misused the Computer Fraud and Abuse Act and violated free-speech protections.

The Trump administration will accuse Huawei of being controlled by the Chinese military.

The administration plans to make similar claims about the video surveillance company Hikvision, China Mobile Communications Group and Telecommunications Corp. and more than a dozen other companies, Alexandra Alper and Idress Ali at Reuters report

The designations would open the door for the president to impose additional sanctions on the companies. The list was included in a document defense officials sent to Congress.

The Commerce Department has already blacklisted Hikvision and Huawei, which U.S. officials have long accused of providing a backdoor for Chinese espionage. Huawei has denies the claims.

The list could escalate tensions between the United States and China, which are already heightened by the coronavirus pandemic. The Commerce Department introduced a rule last month that required foreign companies using U.S. chip-making technology to acquire a license before selling to Huawei.

Democratic lawmakers are investigating ties between location trackers and coronavirus apps. 

House and Senate Democrats are demanding a trove of documents from the company Venntel, particularly about its relationships with federal government agencies. The lawmakers say the investigation could cast light on sensitive location data that Americans may be unknowingly turning over during the coronavirus pandemic.

With Americans installing contact-tracing apps as part of the effort to limit the spread of covid-19, it has become increasingly important to make sure that the American public has a full understanding of who is collecting their location data[and] what the government is doing with it, House Oversight Committee chairwoman Carolyn B. Maloney and other Democrats wrote in a letter.

Government agencies such as Immigration and Customs Enforcement and the FBI can use data brokers such as Venntel to purchase data that would otherwise require a warrant, the lawmakers say. For example, the Internal Revenue Service has used data from Venntel to track potential criminal suspects, the Wall Street Journal recently reported.

Sens. Elizabeth Warren (D-Mass.) and Ron Wyden (D-Ore.) and Rep. Mark DeSaulnier (D-Calif.) also signed the letter.

Chat room

The FBI is being flooded with cybercrime complaints during the pandemic, Deputy assistant Director Tonya Ugoretz said during a virtual cybersecurity conference hosted by Crowdstrike yesterday.

Details from CyberScoop's Shannon Vavra:

The Justice Department's Adam Hickey also warned of a wave of misinformation about the virus from Russia. 

Industry report

Google will now auto-delete search and location history for new users by default after 18 months.  

The new settings are part of a broad series of privacy changes the company rolled out yesterday, The Verge reports. Google began offering the same tools for users to opt-into last year.

Google is under intense scrutiny for its privacy practices both in the United States and in Europe. Last month the state of Arizona sued Google for allegedly tracking users' locations even if they had turned off location tracking.

More industry news:


  • The Senate Homeland Security Committee will hold an oversight hearing to examine Customs and Border Protection at 9:30 a.m.
  • The Senate Judiciary Committee will mark up the EARN IT Act of 2020.
  • Carnegie's Partnership for Countering Influence Operations and Twitter will host an event on influence operations on Twitter on July 9 at 1 p.m.

Secure log off

Stephen Colbert takes on John Bolton: