Wednesday 23 May 2018

Next Steps after Attending the CyberTitan Nationals

I just got back from the Canadian National cyber-security finals in Fredericton, NB. This was the first national championships in cybersec and it piggy backs on the the US/worldwide cyber-security contest called Cyberpatriot. Canada, and especially Ontario, is late to this party, but there is still time to catch up.

What got me thinking about cyber-security was an article WIRED did last year on the Russian attack on the Ukraine. Countries are now attacking each other using information technology infrastructure, yet we seem happily oblivious to this in Ontario. New Brunswick entered 10x more schools into this competition than Ontario did - New Brunswick has seven hundred and fifty thousand people in it. NB is also launching a number of provincial initiatives to place them at the front of a rapidly expanding and very under-served industry:
Homepage - CyberNB
Welcome - NBIF - FINB


1st time on a plane, 1st time out of the province for half
our team - they'll never forget this trip.
I'm going to be presenting on our participation in the Canadian CyberTitan arm of the US based Cyberpatriot competition at the OTF PB4Technology conference in August, and again at ECOO in November. If you're curious about how to get into CyberTitan, it runs as separate contests for middle schools and high schools. You do three 6 hour rounds during the school year, and depending on where you finish, you might find yourself on a fully funded trip to New Brunswick for the national finals in 2019.  What you're doing in the competition is searching for malware and exploits and removing them from the systems.  It's ICT technical work crossed with investigation.

You don't need to be techie or have previous experience to get into the competition. It's a small entry price ($200 last year) and you get 10x back in access to Cisco, Microsoft and other content. You also get a really nice set of team shirts, pins and challenge coins (Americans know how to do swag). Your students also get to brag about working off US government servers, because that's where the contest takes place virtually.

Cyber-sec is a field that is in high demand, it's exciting, ever changing and the requirements and pathways to get to it are rapidly evolving and improving. The Canadian Forces are launching a cyber-command that will offer high school graduates equivalent college level training in cyber-ops.

From military to government to industry, this is a rapidly expanding and diversifying field of study that isn't just about comp-sci degrees any more. Considering the fragility of our ICT infrastructure and the number of state and individual threats to it, I'm astonished that we haven't worked towards integrating cyber-security into our curriculum sooner. The US Department of Homeland Security has a great resource on cyber-sec education called NICE: National Initiative for Cybersecurity Education (NICE) | NIST

Hours in and hours to go - engagement was 100% through the whole thing even with technical failures and other frustrations.

Some links:

Links to next year's CyberTitan competition:
Register – CyberTitan – ICTC Canadian Youth Cyber Education Initiative

If you're curious about who the Information and Communication Technology Council of Canada (ICTC) are, you can learn more about them here: https://www.ictc-ctic.ca/about/

From Public Safety Canada: Critical Infrastructure... Critical Infrastructure 

A recent blog post on the competition and our lack of focus on vital, 21st Century infrastructure: Dusty World: Cyber Security and Critical Infrastructure Ignorance

Not covering the skills and knowledge needed to maintain our critical infrastructure in Ontario Classrooms is a glaring oversight (IMO)...


Monday 14 May 2018

Cyber Security and Critical Infrastructure Ignorance

It's been a crazy week.  It started with Skills Ontario provincial finals in Toronto where we won gold in IT & Networking for the second time in three years, then I attended my first ever Ontario Council of Technology Educators conference on the Friday.  I write this the next Monday evening from a hotel room in beautiful Fredericton, New Brunswick where we're set to compete in the CyberTitan cyber-security National Championships.

With all these powerful events pulling me out of the classroom, I'm enjoying a strategic perspective that I'm usually too busy teaching to consider.  These events are also forcing me to explain to people what information technology, networking and cyber-security are, which is odd, because they all live their lives every day within this information  infrastructure.  How can people be so unaware of something that affects their lives every day?


Canadian Nuclear Labs are
one of the most advanced
research facilities on the
planet - these are their main
priorities...
A strange thing happened at the OCTE tech teacher conference I attended last Friday.  I finally got to meet other computer technology teachers in the province only to learn that many of them appear to be looking to hand off their classrooms to pre-set curriculum like First Robotics.  I can't speak to the effectiveness of First Robotics myself, but the evangelism of the people in it makes me suspicious.  That evangelism was set to such a high volume in this meeting that one teacher declared that IT & Networking is, "a waste of time now...it's so simple that an idiot can do it..."  If that's the case, why is our information technology infrastructure so fragile, and intermittent?  The general public is oblivious to this infrastructure and many teachers of computer technology appear to be grossly ignorant of its complexities and importance.  We're ignoring vital technology infrastructure in the classes we're supposed to be teaching it in!  It has taken me a few days during this wacky week to formulate a response to his comments, but here it is:

There is a lot more to computer technology than plugging your students into a robotics competition, no matter how well intentioned it might be.  What should be at the core of computer technology education (IMHO) is an understanding of how technology empowers and influences our society in the Twenty-First Century.  Nowhere is our ignorance of critical information technology infrastructure more pronounced than it is in cyber-security.

Last year I read WIRED's shocking article on Russia's attack on the Ukraine.  Like much else in cyber-security, most people are oblivious to the fact that nation states are currently attacking each other through information technology infrastructure.  Russia and China both have sizable military organizations dedicated to attacking IT infrastructure.  The Israeli and US cyber militaries have remotely dismantled Iranian nuclear research through digital attacks.  We're living in a brave new world most people have no idea about.

You might think that all this tech is just for entertainment such as social media, but you'd be wrong.  IT has worked its way into everything from our utilities and financial systems to food production and healthcare.  How we secure our information technology isn't just about looking after your personal information while you're wasting time on your phone.  IT is now a vital and targetable infrastructure asset.  Other stories on how social media became weaponized in order to influence elections also highlights our ignorance around how fragile our IT infrastructure is.  I was talking to an elderly relative about our upcoming cyber-security competition on Mother's Day and described it this way:


Ten critical infrastructures that people depend on daily.  See
robots on there anywhere?  CompTech should be about
showing students the vital roles technology plays in our
lives, not just a singular focus on robotics or anything else.
If you want to build a house you would have to go through many safety regulations to build it.  All subsystems in your house would have to conform to standards designed to make them as safe and resilient as possible.  We put these rules in place because we recognize how potentially dangerous just slapping things together in the cheapest way possible by people not professionally qualified to do the work would be.  Having your house plumbed by your cousin's kid who likes playing with water or getting the wiring done by your brother-in-law because he likes wires seems insane, but that's the relationship too many people have with our information technology infrastructure.

Even where professional standards exist, they are often ignored and undervalued (evidently by Ontario computer technology teachers as well as everyone else).  This happens because we don't recognize the dangers of an under-engineered, cobbled together information technology infrastructure.  We're then amazed to learn that Russia can turn off the lights in another country prior to annexing parts of it, or that social media can be engineered to break a democracy.  These things are already happening all around us.


So here I am at the first Canadian Cyber-Security National finals trying to overturn decades of willful ignorance.  New Brunswick seems aware of the urgency of this situation in a way that Ontario does not.  In spite of being a fraction of the size of Ontario's education system, many more NB schools participated in the CyberTitan contest this year, and awareness of the problem seems much stronger here.  

CyberNB does not appear to have an equivalent agency in Ontario that recognizes the urgency and fragility of the situation we've made for ourselves.  Our apathy has resulted in frail information infrastructures that are not up to the task of maintaining our critical social systems, let alone defending us from cyber-attacks by malicious states and individuals.

If I can help ICTC and the other organizers of CyberTitan and the CyberSmarts 2018 conference shed light on this neglected yet increasingly important Twenty-First Century fluency, then this process will have all been worth it; we need to build our ICT house to withstand the storms that are coming.  When we're done here we'll head out to Edmonton in a couple of weeks and go for a National Skills Canada medal in IT & Networking.  Perhaps in the process we can talk about how security should be implicit in that effort.  If this starts to gain traction, could we see a cyber-security Skills Canada competition sooner than later?


Team Falcontech from Centre Wellington District High School at the first annual Canadian Cyber-security national finals in Fredericton.  Two of them hadn't been out of the province or flown before!


Related Links:

https://www.itworldcanada.com/article/ictc-to-spend-3-m-of-cancode-funding-to-bring-business-challenges-into-the-classroom/401092

"Saric is confident that students from a range of backgrounds and of different ages will be able to rise to the challenge of tackling real-world business problems. She points to ICTC’s CyberTitan competitions as proof. These six-hour competitions that take place online, scoring students in real time as they work to secure systems. “They have so many of the tools and many of the skills in their repertoire,” she says. “I’d never underestimate the skills and brilliance of youth.”

https://twitter.com/ICTC_CTIC/status/995007883329921025


https://innotechtoday.com/developing-cyber-future-workforce/


http://www.cbc.ca/news/canada/new-brunswick/cybertitans-nb-1.3934224


Ontario's neglected computer technology curriculum continues to miss the mark:  http://temkblog.blogspot.ca/2018/04/ontario-educations-neglected-computer.html

All we need to do to resolve this is address it!

TWITTER NOTES FROM #CYBERSMART2018:












Saturday 5 May 2018

wind storms and sci-fi reflections

I'm watching the new season of my current favourite sci-fi show, The Expanse.  It's about the next couple of centuries where Terrans develop the technology to move out into the solar system, but rather than the Star Trek angle that completely ignores the nastiest aspects of human nature, The Expanse imagines a near future with technology advances but none of the social evolution of the Trek universe - it's a politically messy, self-serving future, much like our present.  It's something I'm starting to think we'll never get to.


I'm also spending the day today putting our yard and house back together after a wind storm swept through here, and that got me thinking about all this technology we're so proud off.  If it gets a bit windy, it all goes away.  After a couple of big gusts yesterday there was no internet and no power.  I was unable to deliver attendance data for my classes at the end of the day, let alone get information on what was happening.

At
We ignore data and facts.
the height of the wind the local cell tower was down, meaning no information or electricity at all.  In the meantime (and when it works), I'm watching the news closely as the competition we're supposed to be travelling to in a couple of weeks in Fredericton is in peril because the city is under water.  We're ever so proud of our vaunted technology, but if it gets windy, or if waters run high, everything stops.  The real irony in this is that our fossil fuel powered society is what's prompting all this extreme weather.  Even our supposedly green tech is manufactured using fossil fuel based manufacturing.  Our technology doesn't allow us to control our environment, it provokes it to attack us.


There is this thing called the Kardashev Scale.  If you're ever wondering about how smart the bi-pedal apes are on the third rock from the sun, this scale will give you some perspective.  A level one society is one that harnesses the resources of an entire planet.  We're not even close to that.  Carl Sagan suggested human society is at about a 0.7 on the way to being able to harness planetary power, but I think that's wildly optimistic.  Our technology isn't on its way to managing planetary processes, in many cases it's prompting the planetary environment to violence - it's the opposite of control.  There are some cases of sustainable (ie: non-aggravating) human technology, but since we base most of what we produce on fossil fuels and unsustainable manufacturing, it's hard to say much of any of our technology is actually on its way to sustainable global resource management.  Our stubborn unwillingness to orientate ourselves in that direction is the problem, not our intelligence or technical capability.


When you get up into level 2 your society can manage the energy of an entire solar system.  We're millennia away from that even assuming we pivoted today and actually worked toward sustainable global management that would allow us to thrive as a civilization long enough to develop it.  The way we're currently going, we'll probably cause global environmental upheaval before we're likely to establish a foothold in space (by that I mean permanent human habitation off-world, we haven't even done that yet).  The environmental problems we cause now will eventually produce resource depletion that will result in war.  We love a good war to cap off our own bad habits.  Level 3 (effective galactic resource management and level 4 (universal/pan dimensional resource management) are so far beyond our short sighted, barely evolved minds that they beggar belief.

Meanwhile, here I am about to nail unsustainably manufactured aluminum siding back on to my wood framed house that was built with unsustainable lumber.  We have more in common with squirrels building nests than we do with even a level one civilization, except what the squirrels build isn't burning a hole in the world.  They're closer to a level one civilization than we are.  All the other unsustainably built, fossil fuel powered houses in my neighborhood are also missing bits and pieces.  Shortly crews of people will arrive in gas powered trucks to fix these problems.  That very process will further heat up the only world we're capable of living on at the moment, making future weather violence even more inevitable.  We'll be lucky to get out into the expanse at all.


Wind storm freak you out?  Don't worry, it'll be back to business as usual on Monday...