Some trends are emerging in reviewing the data assembled for the K-12 Cyber Incident Map. One trend involves how K-12 students caught being involved in and/or instigating school cyber incidents are being punished.
Consider this select sample of stories from 2016 to present:
- “Police charged a Franklin Regional High School senior with launching a series of cyber attacks against more than a dozen local school districts, the Catholic diocese and Westmoreland County government.”
- “Police in Shelton, Connecticut have arrested a teenager for launching DDoS attacks on his/her former high school’s network.”
- “A Skyview High School student has been expelled for hacking into the district’s email system and using it to send more than a quarter of a million messages to district addresses.”
- “Two Midway High School students were charged with distributing a false report or alarm after posting a screen shot of a false administrative document warning families about potential violence at the school.”
- “Authorities in Cary announced that they have arrested a student following a months-long investigation into a hacking incident at Panther Creek High School.”
- “A student, who authorities said, hacked his way into New Dorp High School and city Department of Education computer records to raise his grades, has pleaded guilty to criminal charges of computer tampering.”
- “A local high school student is accused of hacking a school’s computer system and changing grades. The student faces a state jail felony charge for breach of computer security.”
Do these students understand the consequences of their actions? What would motivate them to risk school expulsion or jail time? Some recent research suggests that teen ‘hackers’ are motivated – not by money or criminal intent – but primarily by moral causes, a desire to tackle technical problems, and to prove themselves to friends.
Note that this trend is occurring against a backdrop of dramatic shortages in qualified cybersecurity professionals – shortages that many experts feel can best be solved by teaching more K-12 students how to hack: “Given today’s cyber threats, we need to embrace hacking as an essential skill for kids to learn in order to keep this country safe in the future.”
Are schools and the police over-reacting? Are our current laws and school policies appropriate to respond to cases of student hacking of school IT systems?
It may be time for a hard look at these questions. What do you think?