GenCyber: NSA sets up summer camps to teach kids to hack

An aerial view of the National Security Agency and Central Security Service building in Fort Meade, Maryland from 2007.

An aerial view of the National Security Agency and Central Security Service building in Fort Meade, Maryland from 2007. Brooks Kraft/Getty Images

Steve Kelman finds the normally secretive agency's camps an intriguing way to offer a taste of cybersecurity careers to middle and high school students.

The New York Times recently had an intriguing article with an intriguing title: “N.S.A. Summer Camp: More Hacking Than Hiking.” “This is not your typical summer sleepaway camp,” the article began. 

The article discussed a new effort by the National Security Agency to teach kids – the largest number of them actually in middle school, some in high school – cybersecurity skills at mostly one-week summer camps. The goal of the program is to kindle interest in cybersecurity jobs among kids – hence the GenCyber name. The program uses a teaching approach that NSA originally developed to teach foreign languages such as Persian, Arabic and Chinese. It has expanded from six locations its first year to 43 this year; the intention is to build the program out to camps in all 50 states. Half the participants are girls. 

”Unlike other popular programming and engineering camps,” the article notes, the NSA camps are free. Programs are run by universities that have applied for grants from NSA to run them and are taught by faculty at those universities. 

NSA establishes a set of basic objectives for the courses but leaves to the participating universities most of the details about how the camps will be structured — including which topics to be emphasized — with the idea of creating diversity among the programs. The instruction is fairly basic; most participants have no prior cybersecurity knowledge. A lot of it was described to me as cybersecurity hygiene (“don’t’ click on a bad link”), and the point was made to me that the best time to learn such things is middle school or high school. The materials emphasize some basic concepts such as “think like an adversary” and “keep it simple.” The program emphasizes cyber defense rather than offense, though the kids, an instructor quoted in the article stated, “are most interested in attacking things.”

High school participants interviewed for the article said they were “happy to get to stay on a college campus with other tech-savvy students their own age while learning skills their high schools back home were not ready to teach.” A small number may eventually work for NSA, but most will either work in cybersecurity in other contexts or not work full-time on cyber at all. Participants do not need a security clearance but need to be American citizens.

Studies suggest the need for “hundreds of thousands” of cybersecurity jobs over the next few years. Beyond that, NSA hopes people going into non-cyber digital jobs in for example software design will develop better knowledge of cyber issues. “If they have just a little bit more understanding of security when they’re doing [such jobs], the head of the camp program said, “I think it will make the products that much better.”

The instruction pays a lot of attention to the ethics of hacking. “ ‘Now, I don’t want anybody getting in trouble now that you know how to use this puppy,’ one of the camp’s instructors warned loudly, the Times reported. ‘Right? Right?’ he added with emphasis.”

I was interested in the hacking camp partly as a story in itself, but also partly as a story about organizational innovation in an agency that is secrecy-oriented – an attribute seldom associated with high innovativeness. I’m not sure how many federal agencies would target a training program important for the organization’s future at middle and high school students. I am waiting to hear from some who will see something sinister here, but my reaction is: Good for them.