Incorporating Cyber Principles into Middle and High School Curriculum

Although many practicing teachers have not experienced teacher preparation programs that teach cyber security (Pusely & Sadera, 2011) or are familiar with cyber principles (Authors), embedding these ideas into instruction in a variety of content areas is essential for promoting cyber literacy and citizenship. This study explores a professional development program that provided middle and high school teachers across disciplines with opportunities to explore, first as learners and then as educators, cyber citizenship and programming concepts with explicit connections to the cybersecurity principles and concepts. Participating teachers experienced inquiry-based learning, focused classroom discourse, and collaborative learning that centered on GenCyber Cybersecurity First Principles and GenCyber Cybersecurity Concepts (GenCyber, 2019). Results indicated the professional development enabled teachers to iteratively reflect on best practices in cyber education while learning and applying the content of GenCyber Principles within the context of their own field of study.


Background
GenCyber teacher camps are designed to work with the participating teachers to build their technology literacy in the area of GenCyber Principles and cyber security. Two frameworks are most relevant to implementing effective instruction in this context: the Davies (2011) framework for developing technology skills and expertise and the TPACK framework developed by Koehler and Mishra (2006). The Davies framework "involves three levels: awareness, praxis, and phronesis" (p. 48). The awareness stage requires teachers to become aware of the basic technologies available to them and "the basic purposes and functions involved" (p. 48). At the praxis level, teachers are increasing their expertise in using the technology and are able to complete simple tasks. This level often involves expert models and practice "involving simulated problem-solving activities" (p. 49). Finally, at the phronesis level, teachers become adept at using the technology and can answer the question, "Why do I use or not use this technology in this specific situation?" (p. 49). In the context of GenCyber education, teachers are introduced to each technology and GenCyber Principle by experienced models and provided opportunities to interact with the technology, both of which help to build participants' self-efficacy (Somekh, 2008;Ertmer, 2005). Finally, teachers would develop a content-based lesson plan implementing the GenCyber Principles and one or more of the technologies.
The TPACK framework, maintains that in order to effectively integrate technology into instruction, teachers need to have a deep understanding of how each of the components (e.g., technology, pedagogy, and content knowledge) "interact, constrain, and afford each other" (Koehler, Mishra, Kereluik, Tae, and Graham, 2014). The TPACK framework depends on "a consideration of the interactions among technology, content, and pedagogy" (Ertmer & Ottenbriet-Leftwich, 2010, p. 259). Like the Davies framework, in order to accomplish this, teachers must understand "(a) the technology tools themselves, combined with (b) the specific affordances of each tool that, when used to teach content, enable difficult concepts to be learned more readily, thus resulting in the achievement of meaningful student outcomes" (Angeli & Valanides, 2009, cited in Ertmer & Ottenbriet-Leftwich, p. 259). Prior research on GenCyber professional development activities have demonstrated a positive impact on teachers' understanding and application of TPACK. A 2016 GenCyber workshop (Ivy, Lee, Fanz, & Crumpton, 2019) showed significant growth in participating teachers' TPACK.

Program Design
The professional development program was designed through collaboration between three Education faculty, one Computer Science faculty, and two STEM high school teachers. Designed as an opportunity to serve in-service middle and high school teachers across content areas in cyber-focused fields, this program aimed to expand teachers' understanding of and ability to create high quality cyber-focused curricula relevant to their field.
The program was a five-day, non-residential summer camp for teachers from a variety of disciplines. The camp was offered to forty practicing teachers ranging from novice teachers (less than 3 years in the field) to veteran teachers (over 15 years of experience). The camp was designed to provide teachers across all disciplines the opportunities to explore cyber citizenship concepts, programming concepts, and cybersecurity concepts with explicit connections to GenCyber Principles as both learners and educators. Teachers were introduced to ten cybersecurity First Principles but dove deeper into the six Cybersecurity Concepts (GenCyber, 2019) throughout the week. The instruction during the professional development was designed to promote inquiry-based learning, focused classroom discourse, and collaborative learning to learn and apply cyber principles. Following the methods and practices of scientists (Keselman, 2003), inquiry-based learning is an effective instructional approach that improves student learning (Alfieri, Brooks, Aldrich, and Tenenbaum (2011). Throughout the week-long experience, teachers were also provided with structured time to design and refine cyber and/or programming lessons to integrate meaningfully and purposefully in their classrooms. Table 1 describes the daily activities of the professional development experience.

Activity Description
Sign-In /Daily Warm-Up Participants sign-in and participate in warm-up exercise in which the instructors present a cybersecurity scenario to consider and discuss.

Topic Presentations
Camp instructors or guest speaker present material to the participants.

Exploration Activity
Participants engage in a hands-on activity designed to introduce or reinforce GenCyber Principles and Concepts Daily Reflection Participants completed a Daily Reflection sheet designed to elicit what they have learned so far.

LUNCH Break
Exploration Activity / Guest Speaker Participants engage in a hands-on activity designed to introduce or reinforce GenCyber Principles and Concepts or a guest speaker presents material to them.

Break
Lesson Planning Participants explored, created, and shared lessons which connected cybersecurity and cyber citizenship concepts to their discipline.

Exit Ticket
Camp instructors used formative assessment to gauge participants understanding of daily material/activities.
The GenCyber Knights teacher camp curriculum centered on the unifying concept of dilemma. Throughout the week, participants grappled with a series of ethical and moral dilemmas related to cyber citizenship and technology. One example was the exploration of bioprinting: Is it ethical to create "replacement parts" for living organisms? What are the potential benefits and consequences? While teachers were learning and applying information about GenCyber Principles, they were also be learning how to effectively engage students in argumentation and inquiry-based learning. Participants explored their own cyber vulnerabilities and those of their students, worked to understand the associated challenges, and developed plans to troubleshoot areas of vulnerabilities. More detailed sampling of lessons is provided in Appendix A.
Participants were provided with a variety of tools and technology to use both as learners and teachers in order to support GenCyber implementation beyond the camp experience: • Micro:bit and Scratch. During the first afternoon, participants explored Scratch programming with Micro:bits. Each teacher received five Micro:bit bundles to use in their classroom. • Sphero SPRK+ and SpheroEDU. The SPRK+ robots and SpheroEDU app were integrated into the camp experiences. At the conclusion of the camps, each teacher received four Sphero SPRK+ devices to support classroom implementation. • Tableau Public. During a session on Thursday, teachers explored Tableau Public as a data visualization tool. Participants discussed how this can be integrated into their classes. • Flash Forge CreatorPro, Flash Print, and Tinkercad. Teachers explored the function of the 3D printer and its capabilities in relation to their content areas. They printed wheel cyphers for participants to use to encode and decode messages during the workshop.

Confidentiality
The learning environment of the camp allowed for the facilitation of cooperative groups and collaboration for task completion. As shown in Table 1, there were situations presented in which teachers were introduced to terminology or conventions requiring direct instruction; however, most lessons across the week began with a problem and were followed by teachers' collaborating on solutions through the problem-solving process (Pólya, 1945). Teachers worked in teams to first understand the problem, devise a strategy, carry out the strategy, then reflect on their strategy and solution, devising a different strategy, when necessary. Small groups were usually self-selected, work was recorded and shared with the whole group. At times, groups were formed purposefully by grouping together similar subject areas/same schools and other times groups were assigned randomly to create diversity across disciplines and cohesiveness among the camp participants. Active exploration time was built into Sphero lessons. There were several hands-on activities, such as creating a prosthetic fingerprint, exploring and defining encryption, and history of and examples various cyphers. Guest speakers, which included an FBI agent in cybersecurity, an attorney in cyber law, and Chief Information Security Officer for a bank shared real-life cyber issues and solutions to further inspire and inform the participants. Low-tech and high-tech materials and group assignments changed throughout the day, allowing diverse experiences across disciplines.

Teachers were presented with examples of lesson plans which connected GenCyber Cybersecurity First
Principles and Concepts to subject area content, including English Language Arts, Mathematics, Science, and Foreign Language. Teachers had the opportunity to create lesson plans for their curricular area and classrooms. Teachers worked on two mini lesson plans at the beginning of the week, which helped them gain confidence and capacity to create a larger lesson plan later in the week. On day two, an hour was scheduled to link GenCyber concepts and principles to content standards and brainstorm ideas for lesson plans. Templates and expectations were also explained at this time (see Appendix B). On the last day of camp, final lesson plans were shared with the class for peer feedback and uploaded to the shared Google Drive.

Research Design
Guided by the recommendations of Creswell (2013), we used the survey approach to investigate the impact of the weeklong GenCyber camp on inservice teachers' Technology, Pedagogy, and Content Knowledge (TPACK). Survey research was the preferred method of data collection because of its economy, rapid turnaround time, and the standardization of the data (Babbie, 2012). Participating teachers completed a pre and post assessment. The survey is discussed in the Data Source section.

Participant Description
There were 37 teacher participants, representing 11 different school systems and districts. Of the participants, 75% were female and 25% were male. Teachers taught a variety of grade levels, but 50% taught in grades 6-8 and 50% taught in grades 9-12. Regarding the length of time in the classroom, 25% of teacher had served for 1-5 years, 20% for 6-10 years, 35% for 11-15 years, 5% for 16-20 years, and 15% for over 20 years. Figure 2 shows the specific content areas taught by the participants.

Figure 2. Content areas taught by participants
Participating teachers indicated their prior involvement with and interest in cybersecurity principles in the following ways: • I do not know much about cybersecurity and am curious about it. (30%) • I already teach some cybersecurity and want to learn more. (20%) • Have you done other things to learn about cybersecurity, e.g., workshops, classes, etc? (75% said no) • I will be integrating cybersecurity into the subjects/classes I teach in the future. (70%) • I am formulating plans for how I will integrate cybersecurity in my class or as an extracurricular. (79%) • I am already taking concrete actions to integrate cybersecurity into my teaching/coaching. (21%) When asked for more information about why they chose to come to the summer program, one teacher stated, "I currently teach a technology class and am always looking for/gathering resources and 'topics' that I can embed with instruction for that class in order to make sure my students are confident in their world." Another teacher replied, "Our district is looking into revamping digital citizenship and cyber security is one aspect that has been overlooked in the big scheme of things. I wanted to get more information so that I was prepared and could get my school on board as well."

Data Sources
Data sources included: participant reflections, pre-post surveys, and written lessons developed by teachers. The TPACK Developmental Model Self-Assessment Survey was co-developed and adapted by the authors and based on the themes and subthemes of the TPACK Standards and Development Model (Niess, et al., 2009). The TPACK Self-Assessment survey included 11 categories, adapted from the themes and subthemes of the TPACK development model. For each category, five levels of descriptors provided insight into the TPACK levels for participants. The five levels were Recognizing, Accepting, Adapting, Exploring, and Advancing. Each level was correlated with a numerical value from one to five, and the sum of the criteria provided an indexed TPACK rating for each iteration of the TPACK Self-Assessment survey.

Data Collection and Analysis
Data collection centered on three main sources: participant reflections, pre-post surveys, and written lessons developed by teachers. First, participating teachers were asked to reflect both individually and in group settings at the end of each day as well as overall after the program. Second, the GenCyber Knights project team surveyed participants to determine the impact of the camp. Initial teacher applications assessed their current levels of support and involvement in programming or cyber programs. At the conclusion of the camp, a survey including open-ended reflection questions on cybersecurity concepts was administered. In both instances, participants accessed the online Google Forms survey. No login was required, and participants completed the survey in one sitting. The approximate time for completion was 10-15 minutes, depending on the individual. Data was exported from Google Forms as an Excel spreadsheet. Finally, the lessons teachers developed were assessed using the EQUIP Quality Review Protocol (Marshall, Smart, & Horton, 2010), which was made available to teachers to ensure key components of exploration, implementation, and discussion were present throughout the lessons. Data analysis of the multiple data sources included using the constant comparative methodology until researcher consensus was attained. Once complete, codes were examined for overlap and redundancy and collapsed into broad themes (Creswell, 2012). Emerging themes were triangulated within and across data sources, with careful attention to maintaining an audit trail back to original data.

Results
Results indicated the professional development program enabled teachers to iteratively reflect on best practices in cyber education while learning and applying the content of GenCyber Principles within the context of their own field of study. The GenCyber Knights professional development program resulted in the following outcomes:

In what ways did participating in the GenCyber Knights experience effect teachers' knowledge of GenCyber Concepts?
During each week, participants explored each of the concepts daily and contributed connections, which were both concrete and abstract. Teachers collaborated to identify content connections for their discipline related to each of the six GenCyber Concepts. GenCyber First Principles and Cybersecurity Concepts were emphasized multiple times per day throughout the camp. It was expected that different teachers would approach the application of these ideas in different ways. For example, an English teacher may plan a small unit focusing on cyberbullying and teach it through a unit culminating in a hearty debate on what defines a "responsible cybercitizen;" whereas an engineering teacher may design a unit on reverse engineering where students are challenged to solve a mock crisis using programming and problem-solving skills.
The implementation of the GenCyber principle, Layering, was our most successful. We theorize this is because of the straightforward nature of the concept, which involves using multiple levels of protection, similar to having several locks or layers of fencing to protect your personal property. Although we felt that the GenCyber concepts were so much easier for our attendees to grasp, that after a brief introduction to the principles, we concentrated primarily on the concepts. Our implementation of the "Think like an Adversary" concept cut across multiple topics and appeared to be very clearly understood by all participants by the end of the session. This success was likely due to the sleuth-like nature of exploring cases in which the motives of the adversary were discussed and debated. The most challenging concept to communicate was, ironically, "Keep it Simple". The participants understood the concept well enough, but we had difficulty coming up with good cybersecurity-related examples. This is possibly due to the high depth of technical knowledge needed in order to analyze and determine the most efficient (and simple) strategy or configuration. Figure 3 below shows what teachers considered the most important takeaways from the professional development, indicating the gains in their content, curricular, and pedagogical knowledge along with their motivation to incorporate these concepts into their teaching. These aforementioned types of knowledge are necessary for teachers to transition learning to teaching practice: 1) content knowledge (what to teach), 2) pedagogical content knowledge (how to teach it), and 3) curricular knowledge (when to teach it). Participants reported relatively high expectations they would be integrating cybersecurity into their lessons at 85.09% of the possible total. This suggested the teachers believed that cybersecurity is important and relevant to their students. The lowest score for this camp is on motivation (52.86%). Motivation is reflective of the individual and is a difficult construct to directly affect within a camp. The lower score reflects concern among the camp attendees about finding the time and resources to meaningfully integrate cybersecurity into their respective curriculum/school. The scores on content knowledge (75.00%), pedagogical content knowledge (69.01%), and curricular knowledge (68.25%) also show possible room for growth.

In what ways did participating in the GenCyber Knights experience foster teachers' connection of the GenCyber Concepts to their classroom?
The GenCyber Lesson Plan template was shared with participating teachers. Teachers collaborated to prepare lesson plans to be used in their classrooms which connected to GenCyber concepts and their content area standards. Teachers developed a variety of lesson plans to include the cybersecurity ideas they learned in the professional development program. The lessons were shared in Google Drive folders, which allows teachers to continue to collaborate.
This content-diverse group does not typically have an opportunity to collaborate on lessons, and the results were incredible. Teachers experienced camp content as learners first, then built connections to their classrooms. One Spanish Teacher, for example, changed the language on the device and students used simple block programming to program the robot. She also engaged students in discussing cyber concepts in Spanish. Social studies teachers explored the history of cybersecurity and built a timeline of societal vulnerabilities over decades to correspond to U.S. History. Table 3 below captures their ideas: Students use their knowledge of Geometry shapes (2 and 3 dimensional) to discover simple shapes in the real world. Using photography, students take photos of architecture or organic objects that represent basic geometrical shapes. The teachers who attended the GenCyber Knights teacher camp planned interactive lessons to integrate into their classrooms. Over time the lessons could improve to be more transdisciplinary; however, the strategies used for planned delivery were interactive and promoted collaboration and problem solving. Lesson plans were analyzed using the EQUIP Rubric for Lessons and Rubrics, with a focus on the Instructional Supports category. Common strengths of lessons included thoughtful integration of technology and media, encouraging the use of academic language and terminology, engaging students in productive struggle through thought-provoking and relevant problems, and providing scaffolding, differentiation, intervention and supports for learners (Marshall, Smart, and Horton, 2010).

How did the unifying concept of dilemma support participants' engagement in cyber security and cyber citizenship?
Participants began their GenCyber Knights experience by exploring the Case of Terry Childs. As the week progressed, teachers were provided with tools (such as vocabulary, skills, and understanding of concepts) for preventing and navigating ethical dilemma. Three cyber security professionals, including a cyber law attorney, a cyber security bank executive, and an F.B.I. Special Agent specializing in cybercrimes, shared insights and engaged in dialogue with teachers. Participants mentioned many times in their reflections on how important it was to hear from experts in the field. One participant stated, "Guest speakers who are currently working in the field can share examples of threats as well as reinforce the need for cybersecurity professionals." Another teacher noted, "It gave me lots of knowledge and stories to tell my students, while also trying to give me concrete ideas of how to talk and work with my students about them." Understanding real-life cyber-related issues and solutions helped teachers consider how they could use dialogue and argumentation to engage students in relevant discussions.

How did the GenCyber Knights experience foster growth in participants' programming and technical skills which are transferrable to their classrooms?
Beginning with a discussion of different modalities, participants explored the functions of Spheros through programming in SpheroEDU during the second day of the workshop. After grappling with basic functions, teachers engaged in a series of Sphero challenges including a MazeChallenge, Jump the Shark Challenge, and a Shuffle Sphero Challenge. After persevering through these tasks as learners, participants linked the Spheros to their content standards and began brainstorming for their lesson plan. Reflections from the participants and the project team revealed they had learned a great deal about their own cyber vulnerabilities. Collectively, reflections centered on understanding that the most valuable qualification to becoming a cyber security professional is to be a great problem solver. They also reflected that cybersecurity and cyber vulnerabilities are not always high-tech (such as is the case with social engineering), and teachers also reported that students need to know cyber security careers exist in private and public career sectors and the demand is very high. Table 4 below captures teachers' perspectives about why GenCyber Principles and Concepts are important to teach students. Results indicate the top reasons are because it is an emerging field, students need to understand for their own safety. Table 4. Teachers' level of agreement with statements on importance of GenCyber Despite teachers grasping the importance of GenCyber ideas, they did have concerns about classroom implementation. Table 5 details their perspectives on classroom implementation. While weighted averages overall indicated concerns were minimized, teachers still acknowledge teaching GenCyber concepts would demand time and effort and require a plethora of resources. Table 5. Teachers' level of agreement with concerns of GenCyber classroom implementation

Discussion
We sought to support teachers across disciplines regarding cyberliteracy skills. Schools and districts around the nation are offering STEM programs to enhance the mathematics and science standards by providing educational opportunities for students through the use of hands-on activities and projects. Computer Education Support programs for schools and districts are building and supporting professional development focused on project and problem-based learning, STEM programming, and robotics. Rigorous and high-quality STEM magnet programs attract many middle and high school students. With the multitude of programming options available in STEM, supporting teachers in their development and implementation of cyber-based across the curricula is paramount. It is not simply the job of STEM educators to incorporate these principles into classrooms. Because cyberliteracy pervades all classrooms, not only those focused around STEM, we assert involving teachers from across disciplines strengthens the efforts of schools and STEM-based programming to ensure students are equipped with GenCyber Principles that will help them navigate life.
Modeling and hand-on application of skills is valued across disciplines and is an ever-present aspect of the GenCyber Knights Teacher Camps. Further, these skills are grounded in ISTE Educator Standards as teachers engage as Learners, Leaders, Citizens, Collaborators, Designers, Facilitators, and Analysists (ISTE, 2000).
As technology has become a more prominent part of our everyday lives in, and outside of, schools, cybersecurity knowledge and skills have become increasingly important. Konak (2018) points out that cybersecurity is "projected to grow to a 170 billion global market by 2020 from $75 billion in 2015 (Morgan, 2015). On the opposite end of the equation a global shortage of 1.5 million cybersecurity professionals is predicted by 2019 (Morgan, 2019)." The move to online instruction as a result of the pandemic has also increased cyberattacks. Lily Hay Neman (2020) reported that in a 30-day period during the pandemic, 60 percent of worldwide corporate and institutional malware incidents were in the education industry. In the U. S., the fourth largest district in the country, Miami-Dade in Florida's suffered malware attacks that interrupted online instruction for several days (Wright, 2020). The growth in technology, especially as a result of recent shifts to remote learning brought about due to the pandemic, have increasedly demanded for teachers to become more technologically savvy and model the GenCyber Cybersecurity First Principles and Concepts. Professional growth opportunities like this can prepare teachers with the necessary knowledge and skills to effectively integrate these principles into their curriculums to ensure students learn and practice the skills.

Conclusion
There is a dearth of research on pre-and in-service teachers' knowledge and skills regarding cybersecurity (Pusey andSadera, 2011-2012) and GenCyber principles as well as how these teachers should go about teaching students the knowledge and skills they will need to meet the demands of private industry for cybersecurity professionals (Thompson et al., 2018). The 2019 GenCyber Knights Teacher Camp provided our team with the opportunity to develop an inquiry-based and collaborative learning experience for middle and high school teachers to learn about the GenCyber Principles and Cybersecurity concepts and strategies for integrating them into their curriculum. The results of our study after the conclusion of the program indicated that it enabled teachers to iteratively reflect on best practices in cyber education while learning and applying the content of GenCyber Principles within the context of their own field of study. Moreover, a high percentage of the participants indicated in follow up surveys that they would integrate cybersecurity education in their curriculum in some fashion using techniques and ideas they acquired from the camp. Our group intends to continue implementing the GenCyber Knights program to train additional pre-service and in-service teachers in the region in the critical area of cybersecurity.