A joint consortium spearheaded by the Department for Digital, Culture, Media and Sport is seeking to entice school pupils into cyber security with a new programme that will test their potential for white-hat hacking, teach them about ethics, and eventually run special camps for nurturing cyber talent in the UK.

Looking for a new job? Check out Techworld Jobs.

Image credit: iStock
Image credit: iStock

Speaking with Techworld, Jason Stanton, schools programme manager for consortium member Cyber Security Challenge, explained how the ultimate goal is to address the cyber security skills gap.

The consortium launched a website this week that invites pupils to register for the programme. Following that, they’ll be pushed towards a cyber assessment through a series of challenges that get progressively more difficult, with the aim of testing a variety of underlying skills.

"We’re hoping for thousands and thousands of students across England in the first year to go through the assessment portal, and then from that we will invite X number of students through to the larger platform that sits behind it," Stanton says. "Here there are hundreds and hundreds of hours of challenges, which is all aesthetically pleasing and works really smoothly, all in a browser, which I think is really important."

Read next: The gamification of cyber security: how a UK competition is using video games to plug the skills gap

Britain may well be replete with cyber security talent but there are barriers to entry for learning about it, especially considering the possible complexities in running infosec testing environments combined with under-resourced and cash-strapped schools. To address this, the programme will be entirely browser based, so the learning environment won’t require alterations to network settings or fiddling about with virtual machines.

"The fact that it runs on a browser solves a lot of problems," says Stanton. "If you look at the Cyber First girl’s programme the NSCC runs, that was very successful for a good reason – they could do it during school time, run it in a browser, they just removed all the barriers that were previously in place and made cyber security a difficult thing to teach: downloading complicated files that require network changes and all this technical stuff schools just don’t have the time for."

Later, the group hopes to expand to running live, face-to-face events where pupils are introduced to experts, as well as camps that could be divided up along different lines – the top 10 percent of achievers, for example, or perhaps a place that specifically caters to pupils who are on the autistic spectrum.

The direction this heads in will be governed by DCMS, and the second year of the programme onwards will hopefully roll out regionally to Wales, Scotland and Northern Ireland, but that will depend in part on those devolved governments.

Although this particular venture has only been running for about a week, feedback from students at a pilot in Manchester, as well as the launch day in London, was positive. Stanton says that students attending these events had opted into the programme, and once they started, were keen to progress on to the next stages.

"It’s been designed that way, really to grab attention, so we are really pleased with the feedback we’ve got so far," he says. "I’ve been following some comments on the Computing At School forum and that’s been overwhelmingly positive as well."

Stanton was previously a teacher for seven years, working at both the high school and sixth form levels. At Cyber Security Challenge, he has been responsible for expanding that organisation’s Cyber Games Schools competition across the UK, plus creating lesson plans and resources for teachers around infosec.

Having worked in schools, he’s familiar with the difficulties in attracting computer science talent into the teaching profession. One clear driver for creating programmes like this is to address the ever-widening skills gap – and it’s this skills gap that makes it tough to attract and maintain talent in the public sector when they could be paid much more handsomely in the private sector.

Hiring in cybersecurity is fraught with difficulties and even the most well-known and resource-rich businesses are in pursuit of talent. Last year, a Parliamentary commission found that a digital skills gap in the UK could be costing the country dearly.

So the news in this week's budget to treble the number of computer science teachers to 12,000 will be a welcome one.

Clearly communicating to pupils that there is a lucrative career to be had in cyber security might play a crucial role in addressing this.

"For a lot of students they don’t know that it’s actually a career they can do, they think it’s something fun they can try at home," Stanton explains. "They don’t realise that there’s a very well-paid, exciting career out there."

And what about pupils who may find the destructive potential for learning cyber security more alluring than a school programme?

"There’s always a risk, but it’s about how we minimise that risk," Stanton says. "The UK is quite fortunate to have the structure it’s got and all these organisations that are doing what they’re doing. We had a meeting at the National Crime Agency... One of the lead guys on that was saying that over in the US, during a meeting with their US counterparts, they don’t have a prevent strategythey just try to arrest as many people as possible and it’s just not working.

"In the UK we have a very good carrot and a very good stick, and we always try to push young people towards: here’s the carrot, here’s the stick. Why wouldn’t you enjoy the carrot?"

But the kind of curiosity around breaking systems isn’t something that should be necessarily discouraged – rather, fostered and contained.

"When we do notice [unethical] behaviour, often through the National Crime Agency, we intervene, we do NCA intervention days, we have programmes where we bring forth ethics to people who have strayed to the edge.

"With Cyber Discovery what we want to do is encourage the curiosity: it’s not a problem if kids want to break stuff. That’s how you work out how things work, how they’re built, and that’s what you need in cyber security.

"So we want to have that sense of curiosity and trying things out, but what we need to do is make sure they’re aware of where the lines are, and where they can and can’t cross. It’s providing a nice sandbox for them to play in."