Here’s How Comics Can Boost Cyber Training

Having trouble getting those abstract cybersecurity concepts across to your students or employees? Try web comics.

During a Homeland Security Department conference Tuesday, the company Secure Decisions presented a new interactive tool it’s developed that allows companies and educators to lay out cybersecurity lessons into interactive web comics without hiring a developer or graphics designer.

The tool, Comic-Based Education and Evaluation, or Comic BEE, was developed with funding from DHS’ Science and Technology division.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Organizations that use the tool can storyboard various cybersecurity challenges, projects and dilemmas using cartoon figures and thought bubbles, Laurin Buchanan, Secure Decisions’ principal investigator for cybersecurity education research, said during a demo at DHS’ Research and Development Showcase.

They can also set up logic chains of correct and incorrect responses and track how well students and trainees perform, Buchanan said.

Buchanan showed a sample page in which a woman names Alice must choose whether to share her password with someone on the phone who claims to be “Bob in IT.” (Hint: Bad idea, Alice.) Other tutorials can tackle more complex cybersecurity topics, Buchanan said.  

The tool has been piloted at Stony Brook University in New York and at cyber-focused summer camps, including GenCyber, sponsored by the National Security Agency and the National Science Foundation, Buchanan said. It’s now available free to government agencies.

Training future generations of cybersecurity workers is one major goal of a cybersecurity executive order President Donald Trump released in May. That order calls on the Commerce Department to assess cyber education, curriculum, apprenticeships and training programs from grade school through universities.

The department’s cyber standards agency, the National Institute of Standards and Technology, plans to release a request for information Wednesday querying the public about the current state of education metrics for cybersecurity and the sort of cyber knowledge and skills employers value most.

The RFI will also ask whether the way educators currently categorize and organize cyber skills is effective and how prepared educators are to deal with cybersecurity concerns stemming from emerging technologies such as artificial intelligence and connected devices.

The RFI does not address general cybersecurity hygiene for non-technologists.

NIST plans to host a workshop on the RFI’s findings in August in Chicago.