NSA從娃娃抓起進行網絡安全教育引發深思
2機翻,不合理之處,請查看文末英文,自行翻譯。
美國國家安全局/中央安全局(NSA/CSS)的國家密碼學校正在擴大其網絡教育計劃的范圍。學校的教育、創新和外展中心有許多與網絡相關的項目,為小學、初中、高中、大學和研究生提供支持。盡管在其既定計劃中取得了巨大進展,但國家安全局仍在努力為美國服務欠缺的地區提供網絡教育。
該機構的網絡安全教育計劃旨在增加未來人員的網絡知識。
“我們國家的某些地區在K-12網絡安全教育方面非常非常好,”K-12網絡教育任務負責人格里利Ashley Greeley說,主導單位有教育、創新和外展中心;國家密碼學學校;國家安全局 (NSA)/中央安全局。“它們通常在軍隊或聯邦政府強大存在的地理區域。但是,在中西部各州、農村地區和城市環境中,我們還有很多工作要做。這些是目前的目標,我們希望確保無論情況如何,學生都可以接受到教育。”
NSA最大的網絡安全教育計劃,即國家網絡安全學術卓越中心(NCAE-C),涉及335所大學、學院和社區學院。據美國國家安全局稱,美國國家安全局將NCAE-C稱號授予那些致力于培養網絡安全專業人員以減少美國國家基礎設施漏洞的學校。該機構在聯邦層面與國土安全部的網絡安全基礎設施安全局以及聯邦調查局合作開展該計劃。
“該計劃在大學層面的目標是通過培養下一代來改善我們國家的網絡安全態勢,”格里利解釋說。“這些學校符合項目辦公室制定的一系列標準。他們被認定他們的課程在嚴格性、廣度和范圍上都適合教育或研究。”
這些學校收到的說明是,它們要么是網絡防御、網絡研究或網絡運營方面的學術卓越中心。這種區別,學校可以追求多個方向,使機構能夠競爭撥款:例如來自國防部網絡安全獎學金計劃(DoD CySP)。這些學校還可以申請成為美國國家科學基金會 (NSF) 服務獎學金計劃的一部分。
作為她努力的一部分,格里利與NCAE-C指定機構合作,這些機構獲得撥款以增加K-12級別的網絡安全教育。“例如,在2020財年,阿拉巴馬大學亨茨維爾分校和伊利諾伊州的夢蓮谷社區學院都獲得了一筆贈款,用于啟動一個名為RING的區域下一代投資項目,”她澄清道。“這兩家機構及其學術合作伙伴為阿拉巴馬州和田納西州的高中生開發了在線網絡安全課程。學生來自家庭學校網絡、農村地區和資源不足的學校。除了課程內容和課程之外,他們還為學生開發了交互式實驗室和虛擬體驗,因為我們知道很多時候,當您開始進行網絡安全時,網絡會更具吸引力。RING項目的最終目標是讓學生了解網絡安全內容和網絡安全職業。”
鑒于RING項目的初步成功,美國國家安全局增加了其計劃撥款,為中學生開發資源。“我們有一些機構正在與他們的州教育部合作,試圖將網絡安全視為學生可以獲得內容的課程,教師可以獲得證書,以便他們可以教授網絡安全,”她指出。“我們還有一些機構正在與初中和高中教師合作,讓他們獲得認可,可以在當地教授網絡安全,能做到這么多事情,我們真的很興奮。”
對于尚未獲準進入NCAE-C的學校,DoD CySP為大學生提供獎學金和實習機會。“國防部機構或組織選擇學生從事全職工作,學生通過他們的大學生涯獲得資助,”格里利說。“而且他們也有機會在該機構實習。“反過來,每一年獲得獎學金的學生需同意在為國防部工作至少一年。”
網絡獎學金工作的另一部分是賦予國防部現有員工權力。她補充說,它支持文職和軍事人員攻讀網絡相關領域的碩士或博士學位,還涉及服務承諾。
美國國家安全局還擴大了其所謂的NCX網絡演習計劃的范圍。它現在包括美國高級軍事學院——城堡、諾里奇大學、德克薩斯農工大學、北喬治亞大學、弗吉尼亞軍事學院和弗吉尼亞理工大學——以及傳統的服務學院。該計劃的特點是在這些學校的整個學年中進行教育、活動和主題專家參與。它以四月份為期三天的黑客馬拉松比賽結束,其中包括展示防御性和進攻性網絡技能。
“去年,他們還將NCX擴展到高級軍事學院,”格里利指出。“這是他們第一次這樣做。高級軍事學院和服務學院在一系列挑戰中競爭,獲勝者獲得獎杯和吹牛的權利。2021年,獲勝者是美國海軍學院。這是一次非常巧妙的聯姻合作。”
美國國家安全局公共事務官員Akhirah Padilla 補充說:“這確實是擁有最好的網絡程序。我們專門為軍隊創建了該計劃,以便我們可以幫助他們成為網絡領域的下一代軍事領導者。在過去幾年中,越來越多的學校不斷與我們聯系并要求我們提供參與機會。”
此外,Greeley還負責監督兩個項目,即GenCyber項目和STARTALK資助項目。
GenCyber計劃向K-12機構提供年度贈款,以提供為期一年的網絡安全教育信息,最終為學生和教師舉辦為期一周的網絡夏令營。NSF是該計劃的資助合作伙伴,以及一些聯邦機構的合作支持。“每年,我們都會發出提案征集通知,學術機構競相主辦GenCyber計劃,”她說。2021年,44個州和波多黎各舉辦了網絡營地。該計劃正致力于在阿拉斯加、特拉華州、愛荷華州、緬因州、北達科他州和俄勒岡州建立GenCyber教育計劃。
同時,類似的STARTALK資助計劃側重于小學、中學、高中和大學水平的學生和教師的外語學習。她說,國家情報總監辦公室為STARTALK提供協作支持。
“STARTALK的使命是增加學習、口語和教授急需外語的美國公民的數量,”格里利分享道。“該計劃為學生和教師提供創造性和引人入勝的暑期體驗,努力體現語言教育和語言教師發展的最佳實踐。”
在印第安納州為高中生教授美國歷史和美國政府15年之后,格里利知道她不想成為學校管理員,而這是課堂教師的常見職業道路。她聽說過 NSA 的網絡教育工作,并看到了將網絡教育帶入她的學校的重要性,這后來發展成為國家層面的承諾。
“在我過去幾年教學的夏季幾個月里,我能夠作為承包商為NSA的GenCyber項目工作,”她解釋說。“我了解了該計劃,但更重要的是,我了解了網絡安全和網絡安全教育。我把夏天學到的很多東西都融入到我自己的課程中。我對將網絡安全融入多個學科產生了熱情。作為一名平民,在我目前的角色中工作讓我能夠滿足我的兩個熱情,即為國家服務,同時也利用我在課堂上發展的技能來幫助推進國家層面的網絡教育計劃。”她的目標以及NSA的廣泛目標——在美國盡可能廣泛地傳播網絡安全教育——并非沒有挑戰。持續的聯邦資助是一個主要問題。“我通常將教育比喻為馬拉松,而不是短跑,”格里利澄清道。“是的,網絡安全教育有迫切的需求,但我們也有長期的需求,K-12就是這些長期需求之一。在我們看到我們的勞動成果進入職業領域之前還需要一點時間,但我們需要持續的資金來讓其中一些項目達到真正成熟的階段,從而產生影響。”
另一個挑戰是,傳統上,教育是一個州問題,每個州的需求可能大不相同。“在一種狀態下可能有效的方法在另一種狀態下可能無效,”她繼續說道。“這就是為什么與這些資助計劃合作的原因,我最喜歡的一個方面是我們允許主辦這些計劃的機構具有這種創造力和獨特性。佐治亞州北部的GenCyber營地與在波多黎各舉辦的GenCyber營地看起來會有很大不同。”
自然,大流行使NSA的網絡教育工作變得復雜,教室不得不轉移到虛擬平臺,但正常運營的中斷使Greeley和該機構能夠全面審視GenCyber計劃的影響。
“COVID-19產生的一個積極因素是,我們能夠讓我們的承包商支持對GenCyber進行為期五年的項目研究,”她解釋說。“我們了解到,在不存在網絡安全教育資源的領域,GenCyber是一股點火力。我們也知道GenCyber可以成為真正催生社區對網絡安全教育的支持的催化劑。因為GenCyber項目是由學術機構主辦的,它確實讓他們能夠在當地與對這項工作感興趣的高中或中學或行業建立關系。這是GenCyber計劃的真正亮點。此外,由于這些項目是由學術界主辦的,他們中的許多人選擇在他們的大學校園內舉辦該項目。以前可能從未見過大學校園的學生可以參加這些課程并想象自己在那里。他們遇到像他們一樣、長得像他們、興趣相同的學生,這對他們來說是一種動力。”
格里利承諾,通過其計劃,國家安全局將繼續為幾代接受網絡教育的學生奠定基礎。“我們的目標是創建真正的大學和職業準備途徑,”她說。“而且我們真的在努力為所有學生增加機會。我們將繼續減少全國沒有網絡安全教育的地區。”
習大說:沒有網絡安全,就沒有國家安全。
小編可能孤陋寡聞,很少有類似的報道出現,小編看到此文非常震撼。本文目的單純分享,作為美國情報老大機構親自下場從娃娃抓起,義務教育全線進行網絡安全教育,足夠引發我們多部門綜合深思。
10年、20年,足以改變一代人甚至改變一個國家,是不是我國也應該抓緊時間跟上步伐?
英文:
The agency’s cybersecurity education programs aim to increase the cyber knowledge of future personnel.
The U.S. National Security Agency/Central Security Service’s National Cryptologic School is expanding its reach of cyber education programs. The school’s Center for Education, Innovation and Outreach has many cyber-related programs supporting elementary, middle school, high school, college and graduate students. Although it has made great headway in its established programs, the National Security Agency is still working to provide cyber education to underserved regions in the United States.
“We have certain parts of the country that are very, very good in K-12 cybersecurity education,” states Ashley Greeley, K-12 cyber education mission lead; Center for Education, Innovation and Outreach; National Cryptologic School; National Security Agency (NSA)/Central Security Service. “They typically are geographical areas in which the military or the federal government has a strong presence. But we still have a lot of work to do in our midwestern states, in our more rural areas and in our urban environments. Those are the target goals right now. We want to make sure that no matter what the situation is, students have access to this.”
The NSA’s largest cybersecurity education program, the National Centers of Academic Excellence in Cybersecurity (NCAE-C), involves 335 universities, colleges and community colleges. The NSA awards NCAE-C designations to schools that commit to producing cybersecurity professionals that will reduce vulnerabilities in U.S. national infrastructure, according to the agency. The agency partners at the federal level with the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency as well as with the FBI to conduct the program.
“The goal of the program at the collegiate level is to improve the cybersecurity posture of our nation by cultivating this next generation,” Greeley explains. “The schools meet a set list of criteria set by the program office. They receive designation that their curriculum is appropriate in rigor, breadth and scope in either education or research.”
The schools receive a specification that they are either a Center of Academic Excellence in Cyber Defense, Cyber Research or Cyber Operations. Such distinctions—schools can pursue more than one—enable the institutions to compete for grants—such as from the Department of Defense Cybersecurity Scholarship Program (DoD CySP). The schools can also apply to be part of the National Science Foundation’s (NSF) Scholarship for Service program.
As part of her efforts, Greeley works with the NCAE-C designated institutions that receive grants to increase cybersecurity education at the K-12 level. “For example, in FY20, the University of Alabama, Huntsville, and Illinois’ Moraine Valley Community College were both awarded a grant to begin a project called RING, Regions Investing in the Next Generation,” she clarifies. “These two institutions and their academic partners developed an online cybersecurity course for high school students in Alabama and Tennessee. The students represent home-school networks, rural areas and under-resourced schools. Along with the course content and the curriculum, they’ve developed interactive labs and virtual experiences for the students because we know that a lot of times cyber is more engaging when you get to do cybersecurity. Ultimately the goal of RING is to make students aware of both cybersecurity content and cybersecurity careers.”
Given the initial success of RING, the NSA has increased its program grants to develop resources for middle school students. “We have institutions that are working with their state Department of Education to try and recognize cybersecurity as courses that students can receive content for and that teachers can receive credentialing on so they can teach cybersecurity,” she notes. “We also have institutions that are working with middle and high school teachers to get them accredited to teach cybersecurity within their local areas. There is a lot going on, and we’re really excited.”
For schools that are not yet approved to be in the NCAE-C, the DoD CySP offers scholarships and internships for collegiate-level students. “A Defense Department agency or organization selects students for full-time employment and the students are sponsored through their collegiate career,” Greeley states. “And they’re also given the opportunity to intern with the agency.
In turn, the student agrees to work for the DoD for a minimum of one year for every year that they get the scholarship.”
The other part of the cyber scholarship effort empowers current Defense Department employees. It supports both civilian and military personnel in pursuing master’s or doctoral degrees in cyber-related fields, and it also involves a service commitment, she adds.
The NSA has also expanded the scope of its so-called NCX cyber exercise program. It now includes the U.S. senior military colleges—The Citadel, Norwich University, Texas A&M, University of North Georgia, Virginia Military Institute and Virginia Tech—as well as the traditional service academies. The program features education, activities and subject matter expert engagement throughout the academic year at these schools. It finishes with a three-day hackathon competition in April that involves demonstrating both defensive and offensive cyber skills.
“Last year, they expanded NCX to the senior military colleges as well,” Greeley notes. “It was the first year they had done that. The senior military colleges and service academies compete in a series of challenges, with the winner receiving a trophy and bragging rights. In 2021, the winner was the U.S. Naval Academy. It’s a really neat engagement.”
Akhirah Padilla, an NSA public affairs officer, adds, “It is really which one has the best cyber program. We created that program specifically for the military so that we can help them to be the next generation of military leaders in cyber. And over the course of the last couple of years, we’ve had more and more schools that keep approaching us and asking us for opportunities to participate.”
In addition, Greeley oversees two programs, the GenCyber program and the STARTALK grant effort.
The GenCyber program provides annual grants to K-12 institutions to provide year-long educational information in cybersecurity, culminating in a week-long cyber camp for students as well as for teachers. The NSF is a funding partner in the program, along with collaboration support from some federal agencies. “Every year, we issue a call for proposals, and academic institutions compete to host a GenCyber program,” she states. In 2021, 44 states and Puerto Rico hosted cyber camps. The program is working to establish GenCyber education programs in Alaska, Delaware, Iowa, Maine, North Dakota and Oregon.
Meanwhile, the similar STARTALK grant program focuses on foreign language attainment for students and teachers at the elementary, middle school, high school and college levels. The Office of the Director of National Intelligence provides collaborative support to STARTALK, she says.
“STARTALK’s mission is to increase the number of U.S. citizens learning, speaking and teaching critical need foreign languages,” Greeley shares. “The program offers students and teachers creative and engaging summer experiences that strive to exemplify best practices in language education and in language teacher development.”
After teaching U.S. history and U.S. government to high schoolers for 15 years in Indiana, Greeley knew she did not want to become a school administrator, a common career path for classroom instructors. She had heard of the NSA’s cyber education efforts and saw the importance of bringing cyber education into her school—which later developed into a commitment at the national level.
“During the summer months in my last few years teaching, I was able to work for the NSA’s GenCyber program as a contractor,” she explains. “I learned about the program, but more importantly, I learned about cybersecurity and cybersecurity education. I took a lot of what I learned in the summer and started to infuse it into my own courses. I developed a passion for infusing cybersecurity into multiple disciplines. And working as a civilian in my current role allows me to fill both of my passions, which is serving the country while also utilizing my skills that I developed in the classroom to help further cyber educational programs at the national level.”
Her goal, and the NSA’s broad goal—to spread cybersecurity education as widely as possible across the United States—is not without challenges. Continued federal funding is a major issue.
“I generally use the analogy that education is a marathon, not a sprint,” Greeley clarifies. “Yes, there are immediate demanding needs in cybersecurity education, but we also have long-term needs, and K-12 is one of those long-term needs. It will be a little bit before we see the fruits of our labor reach the career field, but we need that continual funding to let some of these projects reach a true stage of maturation where they have an impact.”
Another challenge is that, traditionally, education is a state issue, and each state’s needs can differ greatly. “What might work in one state may not work in another,” she continues. “Which is why working with these grant programs, one of my favorite aspects is that we allow for that creativity and that uniqueness for the institutions that are hosting these programs. A GenCyber camp in north Georgia is going to look a lot different than a GenCyber camp being hosted in Puerto Rico.”
Naturally, the pandemic complicated the NSA’s cyber education efforts, with classrooms having to move to virtual platforms, but the break in normal operations allowed Greeley and the agency to take a comprehensive look at the impacts of GenCyber program.
“One of the positives of COVID-19 was that we were able to have our contractor support do a five-year program study of GenCyber,” she explains. “We learned that GenCyber is an ignition force in areas where cybersecurity education resources don’t exist. We also know that GenCyber can be a catalyst to really spawn community support of cybersecurity education. Because GenCyber programs are hosted by academic institutions, it really allows them to develop relationships in their local area with high schools or middle schools or industries that are interested in this work. That has been a real highlight of the GenCyber program. Also, because these programs are hosted by academia, many of them choose to host the program on their college campus. Students who may never have seen a college campus before are able to go to these programs and envision themselves being there. They meet students like them, who look like them and who have the same interests, and it serves as a motivating force for them.”
Through its programs, the NSA will continue to lay the groundwork for generations of cyber-educated students, Greeley promises.
“Our goal is to create true college and career readiness pathways,” she says. “And we are really working to try to increase the opportunity for all students. And we will continue to decrease the areas in the nation that don’t have cybersecurity education.”
