Education 4.0: who is looking at cybersecurity

Event report

With the onset of the Covid-19 pandemic, many of us have been forced to replace traditional, face-to-face, education with online education. This has brought several challenges to privacy and to the safety of children and youth. However, work remains to be done to increase trust in online education and we can learn from mistakes made.

We all have personal, eye-opening stories. For example, Mr Joao Moreno, a cybersecurity professional, faced challenges in getting his 11-year old sister safely online. Many new issues and challenges appeared for children, such as digital harassment; or that children suddenly achieved control of their devices and, due to insufficient digital skills, became vulnerable.

Moreno observed a tendency in Brazil to concentrate all educational resources in a few large companies, and even these companies acknowledged problems. For example, although Zoom had been a meeting platform, it suddenly become an educational tool; but the company was not ready for such growth. Mr Eric Sowah Badger (Penetration Tester at GCB Bank Limited) stressed the transition to online education happen rapidly, and since security was not the first concern, mistakes were made. For example, the public sharing of Zoom links with passwords and IDs made schools an easy target for attacks. Therefore, creating awareness became vital.

Yet not everyone had the same starting position. Mr Samaila Atsen Bako (Director of Cyber Security Experts Association of Nigeria (CSEAN)) shared cases in Nigeria where teachers did not have computers to use in their lessons. How could they be expected to use Zoom to teach? In Africa, in particular, many people did not have basic access to the internet, as costs to connect are very high. For many children, moving education online basically meant they stopped learning.

Violation of privacy was addressed by Ms Nighi Singh (Senior Project Officer at Centre for Communication Governance). She highlighted that technologies employed in online classrooms collect data. A review of privacy policies of various companies who make online educational software reminds us that they all collect data and, hence, the potential for children’s data to be misused is always present.

The situation will remain challenging for educational institutions, as no school can afford a cybersecurity team, said the moderator, Mr Nicolas Fiumarelli (Software and Web Engineer for LACNIC). Yet, it is essential to work on cybersecurity policies for the future, stressed Mr Sávyo Vinícius de Morais (Systems Administrator at Instituto Federal do Rio Grande do Norte), who shared more examples from Brazil. According to Moreno, in the first part of the pandemic, the approach was ‘take whatever you need, but give me a working system’. Now we have to assess how the students were exposed. Schools and colleges should be a safe space to learn. Badger stressed that schools’ IT departments are not cybersecurity departments, and that schools must invest in cybersecurity. Right now, an IT department can fix your system, but, sadly, cybersecurity is a secondary concern.

A controversial point remains whether schools should have control of student devices and protect them. Moreno suggests that schools should do so, but stressed that this is very closely related to basic digital skills. Children need to know the consequences of installing any app. Basic cyber hygiene must be taught, stressed Singh. If you do not have basic digital skills, you are likely to accept the terms and conditions of anything that is available to you. Perhaps workshops at schools should be more frequent and impressive, said Fiumarelli. Bako is convinced the IGF is a good platform in which to discuss these issues.

By Tereza Horejsova

Session in numbers and graphs

Automated summary

Diplo’s AI Lab experiments with automated summaries generated from the IGF sessions. They will complement our traditional reporting. Please let us know if you would like to learn more about this experiment at ai@diplomacy.edu. The automated summary of this session can be found at this link.