I am writing this on Hallowe’en. A day – in modern times, at least – for children to dress up and ask for candy. While a few will dress as princesses, robots (as I did once as a child), pumpkins and politicians, many will dress to represent scary beings. I suppose that is appropriate, then, that this post is a continuation of last week’s discussion about teaching good programming skills to children to avoid many of the scary security issues we see today.
Last Friday – after I’d completed last week’s post – US Department of Homeland Security Secretary Janet Napolitano (a high school classmate of mine, BTW) posted on the homeland security blog, “…we are extending the scope of cyber education beyond the federal workplace through the National Initiative for Cybersecurity Education, involving students from kindergarten through post-graduate school.” I love the acronym: NICE. Here is their draft Strategic plan: http://csrc.nist.gov/nice/documents/nicestratplan/draft_nice-strategic-plan_sep2012.pdf While most of the education component seems to center on awareness and secure use practices I hope there will be a component of teaching children to program securely.
As I mentioned last week, I learned to program in high school. Today many children learn in middle school or even elementary school. Most teachers at that level, though, do not know how to teach them to program securely. I believe that is because they themselves do not know how to do so. Even more of an issue is that the children are learning to program on their own (yes, outside the standard curriculum) and the resources they use often do not stress the issues of secure programming; or they ignore them completely.
I know I did not teach programming with security in mind. The real reason was simple: I did not have the right attitude! We need to have the attitude that security is a critical design factor. We need to think of it when using, designing and programming software. That does not mean we won’t make mistakes. It does not mean someone won’t find ways around the best practices we’ve implemented. But it does mean that we’ll be far better off than if we’d ignored it.
I am reforming my ways. I would like to ask those of you help local schools (and that’s really all of you, right?) to try to help get teachers up to speed on good programming practices. Help the children to learn to program safely. Learning Tree makes it easy for teachers to take classes, and Course 468 is a good place to start.