July 18, 2018
At first glance, bright colors and comic book characters don’t always scream cybersecurity. But given the difficulty of navigating the cyber world of viruses, ransomware, and phishing attacks, cartoons may help people learn to keep themselves and their information safe. One tactic many government agencies and companies are using is the creation of cartoons, comic strips, and sketches to simplify complex cybersecurity topics.
Here at New America, many of the Cybersecurity fellows have created web comics on technology and security. For example, Dan Ward, a former New America cybersecurity fellow created a comic that illustrates the tendencies we have to overcomplicate security. He also worked on a comic with New America’s senior policy analyst, Rob Morgus on a guide to international cyber norms. Currently, fellow Robert M. Lee, and illustrator Jeff Haas, publish a weekly comic, Little Bobby, that explains SCADA systems, the cloud, net neutrality, hacking, and big data.
Comics and cartoons use linguistic, visual, and spatial conventions that have the ability to convey meaning and influence the reader. We see this in political cartoons, as they present ideas to readers from different ideologies through visual and textual metaphors. The idea of creating cartoons to communicate complex concepts is well established, but with the evolving cybersecurity threat landscape, is this an effective way to teach this abstract and buzzword-y topic?
Sitting on a Sunday morning with coffee in one hand and the comics page in another doesn’t appear to be most effective way of learning (for most people, at least), but there is science behind using comics to simplify complex ideas. A study conducted by psychologist at Sheffield Hallam University in England examined topics in undergraduate biopsychology and presented the topic in different forms including comics, book pages and text-only format to test which is easier to memorize and comprehend. The results revealed that using comics to learn new information allows for increased memorization and understanding, making learning more fun while enabling increased retention of the material.
In fact, learning theorists have determined that there are variations in learning styles and how people absorb, dismantle, and remember material. According to William Bradford at the Indiana University School of Law, 65% of people are visual learners, and have difficulty following oral lectures, but can readily recall material they have read.
We see that visual learning can be beneficial, but can they be effective in teaching topics in cybersecurity such as privacy, law, ethics, policy, or strategy?
I enlisted the expertise of Laurin Buchanan to explore these ideas. After talking with her, I was convinced. Buchanan is the Principal Investigator for cybersecurity education research at Secure Decisions, which was sponsored by the Department of Homeland Security to create Comic-BEE, a web-based technology that allows educators to create interactive branching comics to explore cyber concepts and ideas, from privacy to identifying phishing emails. Cybersecurity “is a human problem, not a technical one,” she told me, “many technologists don’t understand how people learn or interact with computers and that-ignoring the human factor-is the original sin that got us into many problems on the internet.”
The idea for Comic-BEE came from the need to educate all people about various cybersecurity challenges. As I was speaking with Laurin, she identified the main problem with trying to educate the population on cybersecurity: systems that were not designed for average individuals is difficult. Given the evolving nature of cybersecurity, the potential for accidental misuse and human error is constantly changing. The combination is a recipe for failure. At its core, cybersecurity is not a STEM subject, but a human factors problem because success hinges on educating people of all ages on the importance of keeping themselves and their information safe on the internet.
With the image-based culture that we live in today, visual and interactive learning materials are a fun way to immerse children and adults in topics that can be difficult, abstract, or time-consuming to understand. In cybersecurity, this brings in the human aspect—creating an easier way for the average individual to understand how to keep themselves safe in cyberspace.
There are many people, like Laurin Buchanan and Dan Ward, pioneering cybersecurity-based comics and interactive applications to teach children and adults to be safe in today’s digital world. Part of this proliferation of educational comics is the cost–or relative lack thereof–associated with producing them. Comics are cheaper to create compared to film and animations. They can be read at the reader’s pace. The author can completely customize content using word-image pairing techniques, specifically in interactive web comics. These techniques bring visual culture and interdisciplinary discussions with linking words to respective images that allow for a clearer, visual understanding of the subject. And now there is data to back up their effectiveness.Secure Comics, created out of Carleton University, uses storytelling to educate readers on password-guessing attacks, malware protection, and mobile online privacy. The university conducted a study measuring the effectiveness of these designs and revealed that users who have a poor understanding of security threats experienced a positive behavioral change. These changes addressed behaviors as varied as updating security software settings, the sharing of information online, and cautious downloading behavior.
The human aspect of cybersecurity makes comics an effective tool in teaching these complex and constantly changing topics.
By using stories with real-life characters, bright colors to highlight elements of importance, and mental models, it brings the personalized elements to the cybersecurity field that many don’t associate with human factors.
Let’s face it–the average technology user does not understand the many threats encountered in cyberspace. But with creative ways of teaching, we can start to see progress in informing the public and businesses to create a safer cyberspace.
The piece was originally published under "A Comics Guide to Teaching Cybersecurity" and republished under the current title at 2:23pm on July 18, 2018.