Computer Science Education Is Security Education

This essay argues that teaching computer science at the K-12 level is a matter of national security.

I think the argument is even broader. Computers, networks, and algorithms are at the heart of all of our complex social and political issues. We need broader literacy for all sorts of political and social reasons.

Posted on June 17, 2016 at 6:33 AM • 28 Comments

Comments

Eire Old BoyJune 17, 2016 7:43 AM

Coding is one thing, IP networking is another and being matters of National Security is a whole different kettle of fish.

Do I agree that teaching the math of the Internet is a good thing? Yes, I do.
The only reason I remembered Base 2 numbering because my Pre-Algebra teacher said it was the basis for computers. And that was before the Internet existed. It is really the only math that I use everyday.

Without a good math background, try explaining to an irate mother that her son is not getting "internet" because his device's RFC 1918 DHCP'd IP address is not being NAT'd properly by the wireless router. Or, that the CFO's VPN connection doesn't work because the office and home networks use the same IP block.

So, I'll sign up to teach IP networking for students.

That being said, what rath will IPv6 being down on us IPv4ers?

Kali 101June 17, 2016 8:25 AM

Doubt it would do much for so-called national security, but it would certainly cheer us up to watch 25 million 4chan punks spilling the overclassified beans and taunting government security bureaucrats.

AtkJune 17, 2016 9:02 AM

Everyone needs to become knowledgeable in computing in exactly the same way that everyone needs to know...

- carpentry, because so many houses are built of wood

- electrical engineering, because we use electricity so much in our daily lives

- plumbing, because it is integral to how we manage water, has, and waste, which ate all integral to our daily lives

- mechanical engineering, because exerting we build, use, or buy is engineered

And so on.

Nobody knows everything. People need to know how to use the tools they use. They don't need to know how to create new tools unless they are interested (at which point i agree with having training available).

blakeJune 17, 2016 9:15 AM

@Eire Old Boy

> teach IP networking for students

Really? I think at 17-19, the major lessons should be:
*How to make / manage / not reuse a password
*Don't open email attachments you don't recognise
*Don't plug in the USB stick you found in a carpark
*How to manage your Social Media privacy settings
*How little those settings will actually do for you, even when set
*Don't give your bank details with that kind-seeming Nigerian prince
*The service desk that *called you* asking for your account number and password isn't working for you
*Don't put any photos on the internet that you would be offended to see photoshopped

The internet equivalent of "don't jab at stuck toast with a metal knife while the toaster is on" kind of stuff.

Mark GriepJune 17, 2016 9:48 AM

Imagine if, back in the day, we mandated car education as a matter of [_insert crisis of the day_]. We'd still be operating our cars like this model T. (https://goo.gl/VydiRV) Let engineers do what they do best: obscure the complexity and make life simple.

Who?June 17, 2016 10:02 AM

@ blake

Another major lessons at 17-19:
*Use the right operating systems and tools, do not blindy follow marketing recomendations. Perhaps Microsoft, Apple and Google are not playing on our side.
*Use common sense, ever.

ZorgJune 17, 2016 10:02 AM

Look at all these little things! So busy now! Notice how each one is useful. A lovely ballet ensues, so full of form and color. Now, think about all those people that created them. Technicians, engineers, hundreds of people, who will be able to feed their children tonight, so those children can grow up big and strong and have little teeny children of their own, and so on and so forth. Thus, adding to the great chain of life. You see, father, by causing a little destruction, I am in fact encouraging life. In reality, you and I are in the same business.

TatütataJune 17, 2016 10:05 AM

I see a certain irony to see this piece presented by a broadcaster that plays a non-negligible role in the dumbing down of America... (It's not as if CNN or MSNBC were a whole lot better, but that's another story).

The argument refers to "national security". Is there really no better argument available than invoking America's umpteen perpetual crises and wars, real or manufactured? And how will you foster creative minds in general when the nation's priorities, to put it succinctly and bluntly, are in enriching its plutocracy?

This kind of call isn't without precedent. The Sputnik crisis created a strong push in education, in particular in universities.

Yesterday, while I was busy following links on some content, I came across a "Little Box Challenge". It was a contest organized in 2014 by Google for producing the best possible DC-to-AC converter. To succeed, the contestants must have a deep understanding of engineering, with insights in a lot of areas: thermal management and heat transfer; signal processing; electronics; EMC; semiconductor physics; etc.

The reports were quite interesting to read. Something really struck me: of the top 18 finalists, only three were strictly from the USA. (There was one mixed RO+US entry). The US submissions originated either in universities or Bell Labs, whereas many of the other ones came from private labs, some in "far out" places.

What this suggests to me is that the vaunted US supremacy in technology might be something of the past, and importing talent could become increasingly difficult.

zJune 17, 2016 10:41 AM

I don't know about K-12. Some basic computer knowledge, like Google searching techniques, Ctrl-F, etc is a good idea. They don't need to know how to dissect tcpdump output or manually convert IP addresses to binary.

However, I think universities need to include computer security as part of the curriculum for majors where it is relevant. Business and political science are two fields where having background knowledge of this stuff is highly important. I know of an HR manager who received an email from a job candidate instructing her to right click on his "resume.exe" attachment and run as administrator to view his resume. You can guess what happened next.

BlehJune 17, 2016 11:56 AM

Given that computer programmers can't get security right, I'm not sure I see the logic.

Clive RobinsonJune 17, 2016 1:04 PM

First off I think the "National Security" usage in this article is like that by the media in general and is much like the "domestic terrorism" usage, a sort of Pavlov's bell for the US sheeple to salivate at, and have their chains pulled as though they were faux guard dogs.

A little history might shed some light on this. People around Bruce's age were at a tipping point in their education when they moved from junior school prior to their teens in the mid 1970's. In essence we were the first generation to get access to computers (via dialup) at school.

In the UK this was rapidly followed by an avalanche of "home computers" within five years, the national broadcaster (BBC) had put out requests for tenders for a home and school computer. This was won by a small computer company called Acorn.

The BBC Model B as it became known was a very big success that very nearly did not happen. Acorn had bitten off more than it could chew, the standard hardware available could not be made to work within the constraints of the contract. Acorn had to go to custom silicon.

Various things happened and Acorn as was nolonger exists. However one part of it Acorn Research Machines got spun off.

Most would not know of them but as ARM they are now used world wide in a verlarge share of the microprocessor market in smart and similar devices.

But another side effect of the Home Computer revolution and the BBC pushing it into schools etc was computer games and film animation, which the UK became world leaders. Another spin off was an odd one, the UK is the only nation in the world that having developed satellite launch technology gave it up. However it has become a world leader in space payload development.

It's this sort of economic advantage they are refering to with "National Security".

The world economy is starting to split into two distinct areas, those of tangible goods and intangible information. Talk of the likes of home 3D printers etc is a threat to mass production of tangible goods. The US has found that the only real growth area is in intangibke information it's this that is behind the likes of TTIP and other Obama initiatives to tie the world up in a way that gives an advantage to the US in this area (see US Patent system, and Interstate Dispute Resolution clauses).

Thus following other nations that have pushed forward in ICT education in schools is a logical part of "holding ground" in this arena.

paulJune 17, 2016 1:56 PM

I think, perhaps wrongly, that it's crucial for people to have at least some basic idea of computers and coding and how they work, so that they're not completely at sea. If you just teach them how to do A, B and C they'll have no idea what to do when the underpinnings change and those choices aren't good any more. Like the drivers looking for the tiller or the throttle bar.

People also need education on the social side of computers. Don't believe someone who says they're your new best friend. Check supposed facts that you find.

AlexJune 17, 2016 3:18 PM

Surely advance AI will eventually be doing all logical tasks more effectively than humans, leaving most of us to essentially curate and be creative. Until then I agree in some form of strategy to simplify knowledge deficiency - especially high level concepts (yes it's scary to be aware of insecurity online, but it will at least reduce blind trust. Programs such as Safe and Secure Online by isc2 are a good start for spreading the message of this blog to the wider population.

Ix-QuickJune 17, 2016 3:43 PM

@Tor User - IxQuick Proxy is your friend if you wish to access the Fox propaganda drivel

Talking of which, these paragraphs stood out and deserved some editorial comments:

Cyber warfare against the United States is on the rise (from within) with numerous countries (Homeland Dept. Groupies) attempting (and succeeding) to gain access into our computer networks, government and private (90% related to general data snooping, parallel construction, blackmail,character assassination, setting up the mentally ill for career advancement/budget expansion/terrorist narratives etc).


These (unconstitutional) attacks can (and do) occur countless times every hour from sources worldwide (within; both directed and automated). Clearly, the defenses (of the constitution) required to repel these (illegal, immoral and indefensible) attacks are immense (beyond the plutocrats blowing Wall Street, mega-corporations and the military brass) and constantly evolving (see Rule 41 due for passage in December).

However, recent reports show that the United States is not providing the resources (legal redress, political or organizational reforms) or opportunity for citizens to adequately fill (defend themselves from) the increasing demand for cybersecurity careers (MIC enlargement).

This reality is jeopardizing the cybersecurity of our country, putting our national defense, businesses, and personal information at increased risk.

In the most egregious of many recent examples (general warrants for everything; FBI bio-metric record gathering in the 100s of millions), last year China engaged in a successful cyber attack on the Office of Personnel Management (we are run by f*ckwits who still run Word macros). These attacks are unlikely to subside (the merciless psychopaths are running the asylum).

DFJune 17, 2016 6:54 PM

@Atk

> Nobody knows everything. People need to know how to use the tools they use. They don't > > need to know how to create new tools unless they are interested (at which point i agree > with having training available).

Cynically, these same people will suddenly become experts about this stuff on social media when some major event happens.

Journalists are even worse, and get even basic technical issues completely wrong.

ianfJune 18, 2016 2:51 PM


Stated @ Clive Robinson

[…] “The BBC Model B very nearly did not happen. Acorn had bitten off more than it could chew, the standard hardware available could not be made to work within the constraints of the contract. Acorn had to go to custom silicon.

I used to have a BBC Model B, then the Compact. Both running on the MOS 6502, with the wonderful BBC Basic with inline assembler. Hardly custom HW, and I don't remember there being any huge problems with the supply… in fact, the many electronics shops on Edgware Road, where I bought mine, were full of them. Maybe your "didn't happen" referred to the time before it became a product? As I recall, it was only the later Acorn model, Archimedes, that relied on first-gen RISC (later by ARM) processor of theirs. Did you meant other bits of custom Si besides the CPU?

    I only have good memories of the Beeb Micro, and, had I had anyone around me who grokked any of this, I might have become a real-CS programmer rather than mere autodidact (which was just as well b/c while I deliver pretty bug-free—once code, now only—scripts, I am much too slow to make it in the real world of speedy-time-to-market).

Evans GathakuJune 20, 2016 1:24 AM


Nice comment by DF: " Nobody knows everything. People need to know how to use the tools they use. They don't > > need to know how to create new tools unless they are interested (at which point i agree > with having training available).

Cynically, these same people will suddenly become experts about this stuff on social media when some major event happens.

Journalists are even worse, and get even basic technical issues completely wrong."

marcJune 20, 2016 2:06 AM

Math, coding and everything related to hardware, software, protocols etc. are nothing more than tools. One should rather teach the students how to use their brains. All the knowledge about these topics are useless if the people are not capable to challenge the statements about security and unmask -- as Bruce calls it -- security theater. This will make us all safer because we are able to pick the right legislator at the ballot.

KenJune 20, 2016 10:11 PM

Computer Science and Security are not the same. While formal validation of software is a science, and reduces software bugs that hinder security, it is only one asspect of it. Security at large is a practical discipline in my opinion. There are good numbers of security engineers who possess near-zero computer science backgrounds but with proper certifications, a compliance which applies to both hard-softwares and human resources, and then there are administrators who did not learn computer science. Much of the IT industry is in the app user namespace effectively so and in compliance of standard operating procedures.

KenJune 20, 2016 10:31 PM

@ Clive Robinson, "The world economy is starting to split into two distinct areas, those of tangible goods and intangible information. "

We have been keen to monetize intangible stuff. First, thru the Securitization process (no relation to "security"), we monetized intangible "intrinsic" values and created boom-bust cycles. This money is then used to purchase labor/materials which was used to produce tangible goods. Physical resources are finite (such as gold), so we are on a constant quest to monetize more intangible stuff in an accelerated fashion, so to keep up. This is done thru various metrics. For example, the dot-coms were an opportunity to see this thru as the web is placed into metrics, which was capitalized into securities (no relation to "security"). The capitalization process created vast amount of wealth, which is further utilized to purchase labor/materials and set the direction of capital advancement. However, the intangibles are only as good as the securitization process because without a metric for value they are of no true values.

rJune 21, 2016 12:37 PM

@Clive, Bruce, all

I agree with Bruce completely, literacy and comprehension in all forms is the key to economic security and thus national security... Some of you are gliding right over the pre-keyed phrase "'national' security" why? Because it's been ingrained in your head as a part of the MIC. Thus I posit that if your people don't have education they don't have jobs especially in the global economy... If your people don't have jobs or opportunity they may turn to crime and criminal behavior such as drugs or terrorist ideologies... Maybe rebellion when they find out the people in charge could give a rat's ass...

Clive RobinsonJune 21, 2016 1:11 PM

@ r,

It's quite scary sometimes when you find "National Security" being used to lift sensible safety and environmental regulations for say Fracking or Nuclear Power Plants...

Whilst not quite a "universal get out of jail free card" National Security is getting used more and more for things it realy should not be.

Infact all the EU legislation I've had cause to get to read front to back, all have NatSec exemptions, even safety legislation (which is why tazzers are legal for the police etc who are the state, but not the ordinary citizens of the state ie the voters.

OmerJune 21, 2016 3:09 PM

Quick note from France: the system here is very computer-shy. There is no computer science as such before university. By that, I mean that in primary and secondary schools there are no computer science teachers or courses. The theory is that ALL the teachers of ALL the departements are supposed to teach "computing" whenever the opportunity arises. Will you believe me when I say that we are lagging decades behind ? We deem ourselves lucky when a 12 year old can find the file he/she created the week before in his personnal space. This is all the more saddening since I remember that some 27 years ago, we had computer science classes, we learned Basic on Thompson MO5s and TO7s .... we had the time of our lives ... and suddenly, 25 years ago it stopped ... no reason given. Saddening ...

rJune 21, 2016 4:05 PM

@Clive,

Thank you for correcting my trajectory. I hadn't considered the risks of blanket use the way you point out.

ianfJune 22, 2016 3:32 AM

@ Omer,
              you had the Minitel, too, and what a exciting new world of textual web-like possibilities it showed when it appeared! Ah, well, promises, promises…

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.