Cybersecurity

Curriculum

“Cybersecurity is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.” -Wikipedia

Cybersecurity is about protecting both physical things, like computers, iPads, cell phones, and printers, but also about protecting the information stored on those things. Unlike what you see in the movies, cybersecurity isn’t just for military or government secrets like the password codes to a nuclear missile! It’s also for YOU! It protects your bank account information, your (or your parents’) credit card numbers, private medical records, anything that should be kept private but stored electronically.

Purpose

When I've earned this patch:

  • I have learned how cybersecurity affects my everyday life; 
  • I know to choose safe passwords and use the Internet safely; and
  • I can tell my friends and parents about Internet safety! 

Workshop Settings

Grade Level

  • Grade 2 and Up

Workshop Length

  • Two Hours

Technology

  • Depends on activities chosen. See section below

Workshop Guide

Facility

This patch is designed in 4 parts. Each part requires a leader or adult volunteer to lead discussion, but no technical expertise is required to be a discussion leader.

Introductory Video

  • Computer or tablet with ability to play a YouTube video

Activity 1

  • Blank Paper and pencils, at least 5 sheets per scout. 

Activity 2

  • 2 Physical locks, such as locker combination locks or gym lockers locks, that can each be locked and unlocked. You must have at least 2 for the station activity, but more pairs of locks can also be helpful. If no locks are available, different colored key rings, or even printed pictures of locks and keys may also be used as pretend locks and keys.
  • 1 closeable, lockable box, such as a small lunch box, cash boxes, or fishing tackle boxes with a handle. You can make your own by cutting “lock holes” in Tupperware or cardboard boxes as well. 
  • Paper, at least 1 sheet per scout.

Activity 3

  • A Computer with Internet access, and at least one recommend Internet Browser: Chrome, Safari, Firefox
  • A Gmail account. If willing, a group leader can use their personal account as a way to show scouts what to do, or a new, throwaway sample account can be created here: https://accounts.google.com/SignUp?hl=en

Activity Plan

Invited Speaker (0 - 20 minutes)

Invite a local volunteer who works in IT (Internet Technology) as a system administrator, technology operations, or technology manager inspire Girl Scouts by talking about the breadth of possibilities in IT .

Leader tip: If you need to find an IT worker to volunteer, remember that IT is EVERYWHERE. Your office, the local hospital, and possible the nearest high school likely all have an “IT person” whose job it is to secure that particular location.

What is Cybersecurity? (10 - 15 minutes)

Watch this inspirational video to learn about why we need Cybersecurity (90 seconds):
https://www.youtube.com/watch?v=BSCafDlyzbI

Watch this PBS video on Cybersecurity (12 minutes):
https://www.youtube.com/watch?v=bPVaOlJ6ln0

Activity 1: Play Hacker Hangman! (20 minutes)

For this activity, divide up into pairs or small groups of 3 with pencil and paper for 4 different rounds of the game “Hangman”. (If you are unfamiliar with the game, basic rules can be found here: https://www.wikihow.com/Play-Hangman). For Hacker Hangman, scouts should play the game in rounds, and whoever is the secret chooser should rotate through the group members.

  • Round 1 (PIN Number)
    The secret chooser may only choose words with exactly 4 letters.

    Since Hackers learn from their difficulties, stop the game after this round for group discussion. Discuss some strategy with the group: choosing vowels, choosing common letters, words ending in -”ing” or “ed” for English words, etc.

  • Round 2 (Normal password)
    The secret chooser must choose a word that is 8 letters or more. The secret chooser will also NOT write the blank spaces down, so the guesser may not know in advance how long the word is.

  • Round 3 (Secure password)
    The secret chooser must choose a random set of 8 to 20 letters and numbers. (They should probably write it down somewhere so they don’t forget it!). The secret chooser will also NOT write the blank spaces down.

  • Round 4 (Secure and easy to remember password)
    The secret chooser must choose 4 random words in order. The words should not be related to each other. All 4 words together should add up to be 20 letters or longer.

  • Group Discussion Prompt 
    Which strategy works the best to protect secrets from a human? Which strategy do you think is safest against a computer? Which strategy avoids having to leave a copy of your password where a spy could read it? 
Activity 2: Asymmetric Encryption (30 minutes)

For this guided puzzle activity, you will need to divide your group into 2 teams: the Alice team, and the Bob team, who are trying to send a secret message to each other. Each team gets a lock and a key. The group leader will play the role of Eve, the ‘eavesdropper’, who is trying to learn what is in their secret message.  

  • The Group Challenge
    Alice team should write a message for Bob team and put it in the box for sending. But there’s a tricky condition: the only way to send ANYTHING to Bob’s team is via the courier (and known spy) Eavesdropping Eve! If Eve gets ahold of the message or the lock and key, the game is lost. How can they do it? 

Hint 1: If Eve gets a key, she can always make a copy of it. Don’t give Eve any keys!
Hint 2: Encourage the groups to try and use BOTH locks.
Hint 3: The solution can involve more than 1 trip through Eve’s courier service. 

Try as a group for at least 10 minutes before watching the solutionhttps://youtu.be/CR8ZFRVmQLg

Once everyone has watched the solution, have Alice and Bob team’s send a message themselves to make sure they understand the solution. 

  • RSA: The Digital Keys and Locks
    This kind of exchange works physically, but how does it work digitally? Watch this video on the history of cryptography that uses paint colors as ‘locks’ and ‘keys’ for an explanation: https://www.youtube.com/watch?v=YEBfamv-_do

  • Group Discussion Prompt
    This video uses “mod” or “modular arithmetic” as a math example. The “mod” of 2 numbers is the remainder left over when you do long division, like this: 

How is a remainder like the color in the video? Why is it so hard to guess which initial 2 numbers or colors existed at the start of the problem? 

Activity 3: Social Engineering vs Social Media, and taking responsibility for your own privacy (30 minutes)

Leader tip:

- This activity requires computer and internet access.
- This activity can just be a discussion, but could also involve active Internet usage and should be performed supervised by an adult as age-appropriate. Start with the discussion prompt below. 

  • Group Discussion Prompt
    Social Engineering, as you saw in the PBS video, assumes malevolent hackers, thieves, or impersonators tricking you into revealing your password. We don’t want our information in the hands of strangers who want to steal our money or data, but in this day and age, it is important to realize that hacking is not required for malevolent or irresponsible use of our data to happen.

    Social media consists of software from companies that are already storing your data. However, these companies mostly make money by selling that data to others, usually advertising companies who want to show you their next product.

     

    Social media companies use a different, legal form of information gathering from hackers. Social media companies get you to share your data with them by not asking explicit permission first: they collect user data, and they only stop if you specifically ask them not to. 

    By default, privacy settings in most social media apps are set to track us, just like a malevolent hacker or stalker would. Cell phone apps in particular say a LOT about us because they can use the phone’s GPS to track your location. Ask the group if anyone has any of the following accounts on their phone or :     
    - A Google Gmail account    
    - A Facebook Messenger app     
    - A Venmo account

    Questions for discussion:    
    - How could a company trying to sell you something use information about your location, buying habits, or food preferences?     
    - How could a future college admissions officer or employer use or abuse such information for discrimination if it were sold to them? 

  • Activity Options
    A. Read out loud and discuss with this article about how much information from Facebook Messenger is available to your Facebook friends, but also to total strangers:
    https://medium.com/faith-and-future/stalking-your-friends-with-facebook-messenger-9da8820bd27d


    B. With a Facebook account, follow this tutorial for making your Facebook account collect and share less data: 
    https://www.wikihow.com/Manage-Facebook-Privacy-Options

    C. (For older girls who might use Venmo for online payments), you could read this article instead:
    https://medium.com/swlh/have-you-left-a-money-trail-on-venmo-d3676d624310

    D. For a Gmail account, log into your account and then follow the steps in this article for how to turn off Google's default user tracking:
    https://www.wired.co.uk/article/google-history-search-tracking-data-how-to-delete
    Login to your Gmail account and start at this page:
    https://adssettings.google.com/authenticated

Be Inspired By Coding
Celebrate

Celebrate with the Cybersecurity patch you have earned. Way To Go, Girl Coders!

Post-Workshop Suggestions

Are you inspired to dive deeper into coding? Here are more activities you could do after earning the Cybersecurity patch. 

More on Cybersecurity
Beyond Cybersecurity