Cyber Security

I was fortunate to find myself jammed into a room last week for a cyber security event organised by Education Scotland.  This was an excellent couple of hours with some really, really relevant stuff for CS education in schools. In particular:

  • An excellent course for S1(ish) students developed by Scott Hunter (Kyle Academy, Ayrshire)
  • New National Units and an NPA being finalised by the SQA vocational team, headed up by Bobby Elliott.
  • An overview of the Cybercrime scene by DS Steven Wilson, Police Scotland


I first met Steven Wilson – and his interest in cyber security education at last year’s CAS Scotland conference.  If you haven’t seen his talk, it’s well worth a look, and covers much of the ground he touched on today in more detail.

If you are interested, the talk by Mikko Hypponen he references is here:

Bobby Elliott, SQA

Bobby gave an overview of the new NPA Cyber Security being launched by the SQA shortly.  It will be the first qualification of its type in the EU, and is made up of three national units:

  • Data Security
  • Digital Forensics
  • Ethical Hacking

The qualification will be offered at SCQF levels 4,5 and 6.  The units are the same at each level and whilst some content can be differentiated by outcome, there are some performance criteria differences at different levels.  Overall my impression was that a multi-level class would still be straightforward.

Bobby has blogged about the event separately on the SQA Computing blog, and included his presentation slides which give a good overview of the new qualifications.

Scott Hunter

Scott gave an overview of a pilot project he set up at Kyle Academy in partnership with Police Scotland.  He started with the concept of developing an open badge for the award, then talked about the content of the award.

Scott is happy for other centres to use the badge and materials: his materials can be downloaded from here (Glow login required).

One of the big aims of the award is to make pupils more ‘hygienic’ about their cyber security and as a result disperse this knowledge to relatives, many of whom may be grandparents will little access to information about cyber threats.  The hope that Police Scotland have is that this will build up resilience from the ground up, spreading good practice within families and communities.

Another interesting aspect of Scott’s presentation was the fact that there is now a growing progression pathway for cyber security in schools.  He expects all S1 pupils to study the Cyber Security badge he has developed.  Those interested could progress to the (developing) National Unit in Cyber Security fundamentals (level 4) in S3, with senior phase pupils studying the new NPA.  Beyond school a growing number of options are available: Modern apprenticeships in Information Security; NC/HNC/HND Computing; BSc Ethical Hacking etc.

The issue of staff development was also discussed: Education Scotland are promising further development events in Cyber Security in the next term.  The general feeling was that, while delivering level 4 – and perhaps 5 – of the new NPA was well within the grasp of CS teachers, level 6 will involve a ‘step up’ in understanding for most of us.

Steven Wilson

Steven gave the room an overview of cybercrime in Scotland today, similar to the talk at last year’s CAS Conference.  His first point was to remind us that cybercrime has been identified as a tier 1 threat by the UK government to our national security, and that this status is placing an increasing focus on the threat, and a demand on Police to tackle the issues around it.

His talk went on to cover:

  • the differences between new crimes (eg DDOS) vs. old crimes enhanced by technology (fraud).
  • Small business vulneability to ransomware; this is a lucrative area for organised crime!  Imagine you are a small business with a ransomware-infected computer containing all your customer records.  Your backup regime is a bit dodgy due to lack of computer experience, and a criminal will lift the ransomware block for £500.  It’s an easy choice!
  • The growth of child explicit images and ‘sexting’ problems.
  • the Daniel Perry Case in Fife; this is a particularly shocking case that highlights the dangers to young (and older!) people from cyber-blackmail.  It was sobering to hear from one of the Police Officers who was heavily involved in investigating this, and disappointing that we can’t extradite the gang responsible to Scotland where (the crown office confirmed) they would have been charged with culpable homicide.
  • We need to prepare young people for these threats.  we need CS teachers to do this, they are fundamental to the whole process!  Police Scotland are keen to get this message across: whilst guidance teachers and other colleagues can cover issues such as cyber bullying, social issues and sexual exploitation, it is only CS teachers who can give students the technical background and computational thinking skills to really understand and protect themselves against cybercrime

Overall a very good morning indeed: Well done to Kirsty & Jim from ES, and Bobby, Steven and Scott for presenting!