And a little child shall secure them
And a little child shall secure them

Kids make the best social engineers, says Reuben Paul, with a giggle, as he tries to cajole this writer out of her password.

He knows from whence he speaks – and the giggle is totally, and refreshingly, age-appropriate. Reuben, at 8, is not only well-versed in the wily ways of children, the third-grader is already an information security pro of sorts, developing a pair of security apps aimed at kids, heading up a gaming company and keynoting at IT security conferences like the Houston Security Conference. 

OUR EXPERTS:
Start early

Gene Fredriksen, CISO, PSCU 

Jeff Jacoby, program engineering director of cybersecurity and special missions, Raytheon 

Michael Kaiser, executive director, NCSA 

Reuben Paul, CEO, Prudent Games 

Phyllis Schneck, deputy undersecretary for cybersecurity for the National Protection and Program Directorate (NPPD) at the Department of Homeland Security

In fact, when SC Magazine caught up with him to get his thoughts on how to raise IT security awareness among kids – especially when they're online – and on what the industry and children can do for each other (hint: the industry needs skilled security workers, the cyber generation of children have a facility with technology…you do the math), Reuben was packing his bags to fly to India, where he was slated to keynote at the Ground Zero Summit.

Children, like adults, “need to know that actions in cyberspace have consequences,” he says.

While children, brought up with good security hygiene, represent the industry's next best hope, they're also, unfortunately, an obvious point of vulnerability, easy targets of online predators. They are more trustworthy than adults,” says Reuben, explaining their cunning. “And kids are more trusting than adults.”

They routinely expose they're parents' personal information and sometimes inadvertently run up outrageous credit card charges. For instance, app store owners like Apple and Google have recently drawn the ire of the Federal Trade Commission (FTC) and were ordered to refund millions of dollars to parents whose children were allowed to make online, and costly, purchases without their consent. 

In other cases, the FTC has fined children's app-makers like Path and W3 for violating the Children's Online Privacy Protection Act (COPPA) by collecting and storing personal information about children under 12 years old.


Dual mission

Because children can be both the victim and (often inadvertent) perpetrator, the IT security industry is charged with both protecting the internet from them and protecting them from the internet. The payoff for cybersecurity as a whole: Youngsters can eventually become skilled workers and improve the country's cyberposture.

One of the best ways to create “cyber resilience” is by educating and training the young, says Phyllis Schneck, deputy undersecretary for cybersecurity for the National Protection and Program Directorate (NPPD) at the Department of Homeland Security.