Teach cyber security foundations from age five

Cyber security experts have called for online safety and security fundamentals to be taught from early primary school, after a review of the national curriculum revealed key skills gaps.

A report led by Dr Nicola Johnson for the Cyber Security Cooperative Research Centre, has mapped the cyber safety content in the new Australian Curriculum against skills recommended by the Centre, for individuals and families to protect against common cyber security threats.

Johnson, from the School of Education at Edith Cowan University, says “we need to start early with five-year-olds … there is a need to educate people from a young age to protect themselves from common cybersecurity threats.”

The report comes as Optus and Medibank hacks have brought cyber security to the forefront of the national conversation.

“To fight against cybercrime, people require an ever-expanding set of skills, which helps identify nefarious online behaviours, malicious software and traits of cyber attacks,” the report says.

Johnson told Cosmos the addition of privacy and data security content in the new curriculum “is a positive inclusion”.

“It looks at how you been safe online, what risks to avoid, how to keep your password to yourself.”

But she adds, “children need to be not just cyber safe – it’s not enough – they need to be cyber secure”.

While several crucial skills (including strong passwords, safe online browsing, and limiting data shared online) are included in the new curriculum, Johnson says critical gaps remain.

For example, the curriculum does not include content on backing up important information, setting social media accounts to private, using anti-virus software, updating software, communicating concerns and seeking help, the report says.

Johnson makes the case for starting younger – teaching children as young as five – the fundamentals of cybersecurity. She says, this is important given “ownership of devices is increasingly becoming younger and younger”.

Under the new curriculum, Johnson says, some of the most important concepts of cybersecurity are not taught until secondary school, in years nine or ten, and then only if students choose information technology or computer science as an elective.

The report says children are often falsely assumed to be digitally literate, but that “the prevalence of computing devices use does not entail thorough theoretical background and hands-on skills in general information technology, nor in cyber security”.

Johnson calls for greater clarity around specific skills to be taught and support for teachers.

“Exactly what needs to be taught surrounding cybersecurity needs to be very clear within the curriculum. Teachers need professional learning to help them teach cyber secure behaviour effectively and confidently,” Johnson says.

The new Australian Curriculum version 9.0 (released in April 2022) covers Foundation to Year 10. Consultation for the development of the curriculum for years 11 and 12 is ongoing.

Please login to favourite this article.