In a nod to Minecraft’s open-ended gameplay style, training material for the youth workshop is split into several crafting recipes or learning tracks that build on the previous experience.

As you read through this material, keep in mind the youth workshop and course material was intentionally designed to be fully customizable and Minecraft-edition-agnostic. I made it this way to accommodate the largest number classrooms and public computer labs as possible.

If you are a PLP library current scheduled to host a workshop or plan to do so before June 2019, I will work with you individually to determine the best way to implement it at your library in the coming weeks. Stay tuned.

Keep in mind as you read through this background material that the ultimate goal is to changing how students think about protecting their digital identities and demonstrate this understanding through a design process expressed in a video game. Unlike other security 101 courses, this is less focused on learning industry jargon and more about introducing a fundamental skill set practiced by security professionals—threat modeling.

Part A / Wood Axe (~1 Hour)

This learning track is more like a prerequisite—it’s really important that you have live in Minecraft’s survival mode for more than a day, which is ~20 minutes in real world time. Your goal is to understand the “first night” problem.

If you’re already familiar with Minecraft, either as a gamer yourself or having seen other people play, of course feel free to skip this step and move to Part B.

Recall that the demo version of Minecraft is free and has a 2 hour limit, which is more than enough to time get a sense of what students in the workshop will be doing and how it connects to threat modeling.

Below is a video tutorial from a YouTuber that shows the typical “workflow” in a new game and offers some useful tips for new players. Keep in mind the game itself also contains an optional tutorial the first time it is launched.

Part B / Iron Sword (30 Minutes)

Read the Your Security Plan section of the Electronic Frontier Foundation’s Surveillance Self Defense Guide. EFF’s team does a great job explaining threat modeling in a jargon-free tone. This short video is the 90 second elevator pitch version of the same idea.

The student workshop follows this same process of collecting, evaluating, and ranking risks to devise a personalized security plan, but does so in the familiar arena of Minecraft’s survival mode. See if you can answer these five threat modeling steps based on your experience in Part A.

1. What do I want to protect?
2. Who do I want to protect it from?
3. How bad are the consequences if I fail?
4. How likely is it that I will need to protect it?
5. How much trouble am I willing to go through to try to prevent potential consequences?

Finally, review the Building Better Bases Lesson Plan and Handout. This is the workshop lesson plan framework.

Part C / Diamond Pickaxe (30-60 Minutes)

Having completed parts A and B, now it’s time to try it out yourself! Spend 10-15 minutes filling out the handout sample or draw your own threat model for Minecraft. As a stretch goal, try threat modeling a Minecraft server itself. What are some of the issues you might run into? How could they be avoided?

As you do this, consider two simple security facts below:

Security Fact #1 – Because everyone has a different threat model, it’s difficult to prescribe one-size-fits-all security solutions. 

Security Fact #2 – Security happens in layers, and how you layer is just as important as the number of layers.

To illustrate these points further, think of a house. The front door has a lock, but for extra ease of mind you might hide valuables in a safe with a separate lock and key. If the safe is placed outside of the house, the first layer of security (the front door) is less effective. That’s fact #2 in action. If a person is not worried about anyone ever breaking into their house because they’re 100% insured, discussing what makes a good safe versus a bad safe really misses the mark for this person because their threat model is completely different (fact #1).

In the world of Minecraft, one might think building extra walls are always better. More walls = more security? Not necessary—it’s a trade-off. There are compromises along the way. Threat modeling is a way to explore these design decisions before spending a lot of time implementing security ideas that don’t work or are easy to bypass.

Your goal as the instructor is facilitate a discussion around these two simple facts about security, and getting students to practice threat modeling for the first time.

Are you interested in Minecraft Education Edition? Go to Part D below. Otherwise, there are some “extra credit” videos in Part E that talk about threat modeling from a more in-depth, technical perspective, but you’re otherwise done. These are not required viewings by any stretch, but are food for thought if you’d like to learn more about security practices.

Part D / Enchantment Table (2 hours)

Let’s get you signed up! The Minecraft Mentor program has a few extra steps or badges to complete before you’ll have access to the software. Full details are in the link above.

Part E / Extra Credit (2 hours)

I’m linking out to these videos to show some diversity of opinion. These are far more technical than you need to be in an cybersecurity concepts workshop, and come direct from experts talking to experts in security conferences, but browsing these might provide some interesting ideas or talking points for your students.

This was is a guest post by Chris Markman, Senior Librarian at Palo Alto City Library in conjunction with PLP’s 2018-2019 Library Services and Technology Act (LSTA) grant, “Cybersecurity for Youth Using Minecraft”. This project is supported in whole or in part by the U.S. Institute of Museum and Library Services under the provisions of the Library Services and Technology Act, administered in California by the State Librarian. The opinions expressed herein do not necessarily reflect the position or policy of the U.S. Institute of Museum and Library Services or the California State Library, and no official endorsement by the U.S. Institute of Museum and Library Services or the California State Library should be inferred.