UK police are looking to cybersecurity firms to help implement a strategy of steering youngsters away from a life in online crime.
The National Crime Agency's Prevent campaign sits within the wider five-year UK National Cyber Security Strategy of 2016-2021. The NCA's scheme aims to point teenagers towards careers in cyber security rather than following a path that may lead them towards more serious offending.
Cyber Security Challenge is running the programme in partnership with the UK's National Crime Agency.
"The Prevent strategy is new," Jez Rogers, a police cyber prevention officer from the South East Regional Organised Crime Unit told El Reg. "As a team we are only about six months old. We and the national network are still finding our feet. Our primary audience is 13 to 19 years old as the average age of arrest for cybercrime is 17 (one in four teenagers have committed some form of cybercrime)."
One key aspect of the scheme is organising "cybercrime intervention workshops", a day-long event for young hackers who are straying into criminality. The focus is on showing youngsters that there's a lucrative legitimate career for their interests and skills if they change tack.
A spokeswoman for Cyber Security Challenge said that so far three workshops each with about a dozen youngsters have been run nationally (two in Bristol and one in Newcastle). Only one girl has featured among the groups so far. Most of the youngsters have strayed into criminality after getting involved in the shadier aspects of gaming, some have committed hacks against their school's systems and others have engaged in lower-level forms of other online criminality or hacktivism. Attendees under 18 are accompanied on the day by a parent or guardian.
The common thread is youngsters who have shown technical talent and interest in computers but poor judgment. It hasn't reached this stage as yet but Cyber Security Challenge wants the scheme to be regarded as an alternative to a police caution for minor offending and comparable to workshops for adult drivers who commit speeding offences.
"The numbers of young people 'on our books', as in managed offenders, is low, however through referrals our interventions are gathering pace," Rogers told us.
"In essence we will identify, intervene, divert, and if necessary manage, those with cyber talent. We are aiming to educate young people, even those that are on the cusp, or committing lower-level offences against the Computer Misuse Act, to turn them away from the 'dark side' and illuminate the positive opportunities that exist for their talents as long as they wear a 'white hat'."
He added: "We preach the expected global shortfall figures for cyber security professionals by 2022 as a potential motivator."
The shortfall in skilled infosec professionals is expected to reach 1.8 million worldwide by 2022, or 350,000 in Europe, according to infosec training and professional certification org (ISC)2.
Rogers wants to draw attention to the scheme as well as canvass for assistance from private sector firms.
"We are a little 'chicken and egg' but we do need industry to step up to provide mentorships/apprenticeships/work experience and the like to show positive diversions and pathways for those young people we deal with." ®