Cybersecurity in the Technology Subject from the Swedish Perspective : Investigation, Analysis, and Evaluation Tool

Abstract: This thesis contains pioneer work in Sweden which contributes to the research on cybersecurity teaching within the Technology subject as formulated in the course and subject governing documents.The work goes in line with a bigger strategy of the Swedish Civil Contingencies Agency (MSB) and the European Union (EU). A discourse analysis was performed on the interviews with four Swedish expertsfrom MSB, Internetstiftelsen, and #290CyberSecurity respectively where the interview questions were formulated around three axes; the first axis was the cybersecurity content and knowledge aimed at young individuals, the second axis was the experts’ views on teaching cybersecurity starting from lower secondary schools, and the third axis was regarding platforms or tools that could be used in cybersecurity teaching and what the experts’ perceptions on them are. The analysis resulted in six different codes and formulated the views of the experts. Content analysis was also performed on information from the experts’ organizations which were 14 security documents and reports in total that resulted in a content frame of ten cybersecurity areas. All the ten areas were found to be related to the keywords that appear in the governing documents of the Technology subjects in the course syllabus for grades 7-9 and the subject syllabus for Technology 1. Current cyber attacks and risks threatening young students were further analyzed under each area to narrow down the content frame tailoring it to young students. A new online evaluation tool was then developed to assess the cybersecurity sensibility of the young students. The formulation of the questions was inspired by the SANS cybersecurity awareness survey as well as based on both, the ten cybersecurity areas that are categorized in this thesis and the different scenarios of risks and cybersecurity attacks threatening young students. Domain SamplingTheory (DST) and scenario-based questions were considered to make the tool more fitting for the young and minimize the errors. The tool tested a random group of 250 students from 12 municipalities where110 were in the sixth grade and 140 in the ninth. The tool showed that despite students spending most of their time online using different devices and applications, they are not secure enough which puts them at risk. Moreover, most of the students were interested in getting cybersecurity education and very few received it in schools even though the cybersecurity requirements are stated in the governing documents of the Technology subject.