Saturday, 3 December 2022

How Cybersecurity Might Become More Diverse, Equitable and Inclusive

One of the benefits of working in the same home office as one of the top teacher librarians in the country is that we're able to bounce ideas off each other. Making cybersafety awareness a part of every educator's professional standard of practice isn't a nice idea in 2022, it's a necessity, but the industry continues to have trouble attracting talent and many teachers have little or no training in it.  Alanna has listened to me lamenting the lack of diversity and engagement in the field for many years but this week she offered a solution by linking the DEI research she has been doing to develop an inclusive information management system with the lack of diversity and engagement in cyber.

You might not think that creating a digital media cataloguing system would require much in the way of equity awareness, but it does. How we categorize and deliver data requires a working awareness of DEI or it quickly becomes another means of systemic discrimination. Having used it, Alanna suggested Building Movement Project's  Social Change Ecosystem Map as a tool for challenging some of the masculine cultural cues that usually define cybersecurity as a discipline.

Considering diverse talents and motivations could work as a way to bring more diversity into the field of cybersecurity.

Characteristics of the Roles

Weavers: I see the through-lines of connectivity between people, places, organizations, ideas, and movements.
Experimenters: I innovate, pioneer, and invent. I take risks and course-correct as needed.
Frontline Responders: I address community crises by marshaling and organizing resources, networks, and messages.
Visionaries: I imagine and generate our boldest possibilities, hopes and dreams, and remind us of our direction.
Builders: I develop, organize, and implement ideas, practices, people, and resources in service of a collective vision.
Caregivers: I nurture and nourish the people around me by creating and sustaining a community of care, joy, and connection.
Disruptors: I take uncomfortable and risky actions to shake up the status quo, to raise awareness, and to build power.
Healers: I recognize and tend to the generational and current traumas caused by oppressive
systems, institutions, policies, and practices.
Storytellers: I craft and share our community stories, cultures, experiences, histories, and
possibilities through art, music, media, and movement.
Guides: I teach, counsel, and advise, using my gifts of well-earned discernment and wisdom.

Cybersecurity had strong ties to the military early in its development, which attracted the 'frontline responders' already working there. Military roles are traditionally male dominated and so cyber began as a predominantly male field, but applying these other roles would open cybersecurity to a more diverse range of interests, skills and motivations, but it requires a significant rethink of the assumptions that surround the subject. If you consider cybersecurity as a combination of security and computer science, both fields have a history of male dominance, though in the case of computer science the patriarchy was a recent event (it happened just as computer science was becoming profitable because that's how glass ceilings work).

The problem with clinging to this cultural predisposition in cybersecurity is that it continues to create a male focus in hiring. Women may struggle to see how they fit in a field that presents itself with such a masculine bias. Getting away from the military/first responder mindset might be a way to recast cybersecurity in a different light.

Looking at the less represented roles in the social change ecosystem, weavers would bring connectivity and communications to the field - something it currently lacks. Visionaries would bring the perspective and scope needed to move cybersecurity out of its often reactive stance, though that would also mean giving up the unquestioned control that accompanies emergency response; that may be the hardest ask of all.

Recasting cybersecurity in terms of caregiving and healing was where Alanna saw the most gains. Cybersafety is a foundational skill in an increasingly connected world, yet its treated (if it's acted on at all) as an emergency response after the fact, becoming a self fulfilling prophecy for the first-responder mindset. By finding a place for caregivers and healers on cybersecurity teams, the approach to user training and even post-breach response would be significantly different. Can you imagine cyber support that isn't emergency response defined? Neither can many of the people in the industry because they can only conceive of it through their own motivational approach which also happens to align with cyber-culture.

Digital skills remain poor and continue to represent
the most successful opportunity for cyberattackers.
Other atypical motivators also have a role in cybersecurity. Storytellers and guides are motivated by sharing narratives and teaching complexity and empathy rather than fixating on problem solving. The vast majority of cyber-incidents are the result of user ignorance and error. Most malware ends up on a network because a user mistakenly put it there, not because a 'super hacker' got in. If we hope to address this primary form of ingress (atrocious user digital literacy), we need to bring in people who can create meaningful narratives and engage with learning because it's their primary motivation.

Of course these roles aren't absolute, no one is just one of them, but by applying the social change ecosystem we identify biases implicit in cybersecurity culture that disclude anyone but those interested in heroic intervention or technical response. By valuing alternate motivations and the specialized skillsets that accompany them, hiring practices in cybersecurity would become more inclusive and the workforce more diverse. That inclusivity does more than check a DEI box. A diverse workforce offers a richer range of approaches to problem solving and prevents blind spots based on a privileged monocultural beliefs. This diversity would make the critically important discipline of cybersecurity more resilient, accessible and effective.


Resources


We're currently working on CYBERBYTES at ICTC & Knowledgeflow CyberSafety Foundation: www.cyberbytes.ca  We are creating easy to complete micro-credentials that provide educators with a working understanding of the technology that makes our networked world work, the key elements of CyberSafety and online privacy and how you can bring these important skills and understandings to your students so that they and their families can safely and effectively use the networked technology that surrounds us in 2022.

The Building Movement: https://buildingmovement.org/ supports and pushes the nonprofit sector to tackle the most significant social issues of our times by developing research, creating tools and training materials, providing guidance, and facilitating networks for social change.

THE SOCIAL CHANGE ECOSYSTEM MAP (2020)https://buildingmovement.org/wp-content/uploads/2022/04/Ecosystem-Guide-April-2022.pdf

A History of Cybersecurity: https://cyber-security.degree/resources/history-of-cyber-security/

Empowering women can help fix the cybersecurity staff shortage: https://www.weforum.org/agenda/2022/09/cybersecurity-women-stem/

Occupational digitalization trends in Canada, 2006-2021: https://fsc-ccf.ca/research/race-alongside-the-machines/

Global Digital Skills Index, 2022: https://public.tableau.com/app/profile/salesforceresearch/viz/shared/NNRKYDH37

Future Skills: https://temkblog.blogspot.com/2022/10/2022-tmc7-research-symposium-table.html

If we would redefine digital skills through a media literacy lens, we would also open up these pathways to a wider variety of learners. Defining digital skills as 'coding' is reductive, unhelpful and excludes a number of alternate learning motivations.


Saturday, 19 November 2022

Digital Disruption, The Collapsing 4th Estate and Foreign Inference in Canadian Media

Toronto's traffic misery means I don't fight my
way into The Six as often as I might, glad I
did on this occasion though.
We battled our way into The Six last night to attend TVO Today Live's: Can Democracy Survive the Collapse of Media? The documentary is the story of the Toronto Star as it struggles to survive in our diverse mediascape. Digital disruption came to newspapers at the same time the change from broadcast to the individualized, 2-way media access (aka, the internet) unhinged other traditional media giants. Many newspapers are hanging on by their fingernails as they struggle to develop a business model that would allow them to survive in the 21st Century.

The documentary raised difficult questions around the importance of an independent press as a means of holding government and business to account. It follows The Star as reporters exposed the many failures by the Ontario government during the COVID pandemic. By the end of the documentary it was hard to argue against the importance of an independent press as a pillar of democracy, though how they operate can no longer assume that they are the 'information celebrities' they were in the broadcast age.

The premiere took place on the
UofT Campus, just south of
Yorkville, which is surreal at
the best of times.
There was a lot of blame in both the documentary and the round table discussion afterwards aimed at 'tech' companies like Google and Facebook. While those companies depend on new digital media delivery systems, they seldom engineer their own tech. Google and Facebook aren't tech companies, they are advertising companies who have exploited digital disruption in order to eat traditional media company's lunches.

The fall-back position of the Fourth Estate (professional journalism) is that they provide an important balance in any country claiming to adhere to democratic principles. Transparency isn't something that comes easily to people when they gain money and power, which tend to get used to gain more privilege and power. This is a difficult truth to dispute, though how the professional press operated in the time of broadcast media when profit margins were huge and they were the only voice to be heard came with its own problems.

I found the documentary interesting in terms of tracking our dance into the datasphere two decades into our information technology/media revolution. The problems from clinging to an out of date business model (predicated on privilege and a lock on the media people see), were clearly defined, but what prompted me to get up and ask a question in front of Toronto's intelligentsia was the ignoring of foreign influence in this imbalance.

Next week I'm attending KnowledgeFlow & NATO Association of Canada's DEFUSE project focused on how to battle disinformation in Canada's fractured mediascape, and I've spent the last month attending cybersecurity conferences that made Canada lack of cyber-resilience when facing foreign cyber-powers terrifyingly apparent. Listening to reporters blaming advertising companies for how unfair it is that they share their journalism without any economic support pales in comparison to this more clear and present danger. 

We live in an increasingly interconnected world, much of which does not place any value in the balancing act of a functioning democracy. I'd go so far as to say many of these unfriendly governments see Canada's unregulated approach to online media as an opportunity to spread disinformation and fracture political cohesion. These unfriendly powers tend to focus on developing massive military cyber operations, some of which are larger than the entire Canadian military.

What finally got this introvert on his feet was Senator Pamela Wallin's repeated statements that the Canadian government has no place in supporting an independent press. The question that sprang into my head was, why is the Canadian government so worried about staying out of influencing media when so many unfriendly foreign governments are actively engaged in doing just that in Canada?

The Senator's feelings are understandable as she used to work as a professional journalist and deeply believes in keeping government influence out of an independent press, but does that mean ignoring all those other governments who are already manipulating media in our country? Canadian professional journalists have to adhere to legal codes of conduct that anonymous, foreign backed social media 'influencers' and the new-media 'tech' companies who deliver them (while earning advertising revenue) to every Canadian's screen can blithely ignore.

There are a couple of ways the Canadian government could protect professional journalism, assuming the battered fourth estate can get past its own privileged past and focus on journalistic best practices rather than chasing the same advertising that the tech giants are. Funding with no editorial influence for news outlets that are providing fact-based, Canadian information is a good place to start. That funding should come directly from the new-digital advertising delivery services (Google, Facebook and the rest) who distribute professional journalism without supporting it in any way. By requiring the online advertisers to pay Canadian content creators for their journalism, this could be an influence free source of financial stability for the fourth estate.

Bolstering fact-based Canadian journalism means Canadians are more likely to see vetted, locally sourced information rather than foreign backed disinformation, but we also need to aggressively pursue anonymous sources of funding. The fourth estate could help there to. Who better than an investigative journalist to track down how foreign backed disinformation is being distributed? However we approach this, transparency around how online information is being funded must be another priority. By providing data on social media funding, the federal government could publicize data on information transparency that would assist intelligence, academic and journalistic research into foreign interference.

In response to my question, the Senator emphasized the importance of understanding and preventing foreign influence, making specific reference to China's worldwide disinformation campaign. She wrapped it up by noting that education is the key, which makes me happy as a cyber-educator, but it isn't enough. We need intelligence apparatus that is providing much needed transparency into how social media is twisting our national conversation, otherwise we're at the mercy of well funded, unfriendly foreign governments who are already doing exactly that. There is clearly a place for our federal government in Canadian media, especially in 2022.

Steve Paikin looks like he's photoshopped in when you see him live.


https://freedomhouse.org/report/special-report/2020/beijings-global-megaphone
Canada is up against giants, and our unregulated online media makes for easy access to  Canadian politics by governments who happily leverage our lack of awareness for their own ends. Canadian journalists can't get paid for producing fact-checked local content, but the lunatic fringe gets paid by enemy states to flood Canadian screens with disinformation. There is clearly a role for the federal government in Canada's media.

Tax this and then use the funds to support fact-based, Canadian journalism.

Friday, 28 October 2022

2022 TMC7 Research Symposium: Table Talks and Future Skills

We just returned from Treasure Mountain Canada, the 7th iteration of the Canadian School Libraries national research conference.  Like the best professional development, this was self-directed and therefore relevant and meaningful to the people in attendance.  Library learning commons have been under a lot of pressure despite the fact that these centers for information management are key to getting us though the maelstrom that is our information revolution.  Listening to people on the front lines talking about the challenges and opportunities was enlightening.

Round table discussions based on the many papers submitted for the symposium happened throughout the day.  The first I sat in on was by Lila ArmstrongShe talked about the 'hub and spoke model' as a way to standardize digital skills development in the absence of a comprehensive digital literacy curriculum (Ontario isn't the only province who continues to lag behind in this regard).  Lila is a bit of a unicorn because she has recently moved between elementary and secondary panels, something few teachers do in their careers.  Equity and inclusion play a central role in Lila's research and had me thinking (once again) about how fractured Canada's education landscape is in terms of making its students future ready.

The next table talk was with Melanie Mulcaster, who is now seconded to TVO where she is working on digital content development and curation.  The pandemic chaos highlighted for Melanie how behind many LLCs were in terms of curating online content.  Through rolling lockdowns the lack of credible resources that were easy to navigate became a central issue in library management.  Mel's honest assessment  of our slapdash attempts to make digital content work, and then her choice to engage with building these missing tools, was brutally honest and insightful.

Ontario used to have a comprehensive online set of vetted digital tools and resources called OSAPAC, but a lack of foresight in any recent provincial government (not just the current one), has left Ontario scrambling for online resources on a board by board basis.  This is incredibly inefficient as boards repeat the same work instead of working from a centralized resource; it's a massive failure of vision and leadership.  It also speaks back to Lila's paper on equity in terms of access to coherent digital skills development.  Students fortunate enough to be in a school with a well developed digital skills program were at an advantage, those that weren't are even further behind.

I've struggled with the willy-nilly nature of the educational 'maker space' fad since it was all the buzz at the ECOO conference way back in 2015.  I next sat with Marc Compton, who teaches at a private school in B.C. and has successfully implemented maker spaces into his LLC.  Marc also manages a STEM program so has a better understanding of the engineering design process in terms of creating viable engineering opportunities for his students.  Marc's common sense approach to getting tools that work and then using them is contrary to the usual typical maker-space buy in (get whatever kit was hyped up at that conference you went to and then wonder why it's gather dust in your 'maker space').  It's amazing what a bit of common sense can do in terms of providing viable hands-on learning opportunities for your students.

Just when I thought we were wrapping things up, Carol Koechlin noted that the ideas document we were all working on isn't just about catching up to current best practices, but also a pathway to future digital literacies we haven't considered yet.  This got me thinking about all the emerging technologies we ignore because we still haven't caught up with established digital skills in education.  Here's a quick list off the top of my head:


EMERGING DIGITAL LITERACIES THAT WE DON'T TEACH BUT ARE ALREADY HERE:


Understanding 3d Digital Media

If you can't do this & don't know how 3d modelling
and animation work, you probably shouldn't be
teaching media arts in 2022.
I've been banging the drum about 3d media literacy for years.  Our game development program prepares students for an industry significantly larger than the ailing traditional media industries that most high school media arts programs still cling to.

After attending the FITC conference in 2018, I realized that 3d media awareness goes well beyond creation; inability to comprehend what computer generated imaging can do makes you susceptible to misinformation in advertising.  Understanding 3d CGI is a vital media fluency in 2022, yet almost no one is teaching it.



Artificial Intelligence & Machine Learning: human-machine collaboration

We got involved with IBM in 2019 in order to access their IBM Watson AI core.  Watson is the AI learning system that beat the reigning Jeopardy champ, but in our case we got access to a cloud based chatbot program and this gave students their first taste of AI supported coding.  Accessing the Watson core allowed students to create criteria rather than specific values for variables.  Instead of having to list every possible name that a user might enter, using AI, students were able to train the system on the concept of names and then it would automatically assign any name given to that variable.  It's a small step, but understanding how AI and machine learning works allowed students to interact with it more effectively.

At the same time our game development class was getting a handle on more advanced enemy AI in the games we were developing.  The introduction to Watson in the junior classes quickly amped up our game based intelligence development in senior classes.

The as yet untaught emerging skillset here is human-machine collaboration.  After we got going with Watson, one of my seniors co-oped with me in the lab and she went after developing a machine learning algorithm that would learn from its mistakes and draw useful data out of massive datasets.  This past spring, when I became aware of Github's Co-Pilot, rather than banning it as many teachers have, I encouraged using it along with assessing its strengths and problems.  One of our seniors took it on for his grade 12 final project, his conclusion?  It helps but if you don't know how to code it often loses the plot.

Familiarity with machine learning is going to become a vital skillset for our grads, but almost no one is teaching it.  In the meantime it's what many students are using to answer poorly designed lessons that many teachers still haven't bothered to update.  None of these AI generated papers will light up a plagiarism checker because it's all original work.  We're so technology-illiterate in education that we don't even know what we don't know.


CODING is not DIGITAL LITERACY


... any more than grammar is all there is to language literacy.  Of course it's a part of it, but just a small part.  The technology stack we're living in starts with basic electronics and works its way up through information technology and networking through IoT and robotics to cloud computing and emergent artificial intelligence.  In that hardware structure there are numerous software offshoots, all of which are viable and important components of a comprehensive digital literacy strategy.  If you think coding is digital literacy then you're probably looking for an easy way out.  What I've discovered about people looking for an easy way out of difficult work is that they'll usually find one.


Cybersecurity

I've saved the scariest for last.  I've been banging the drum for better (or any) cybersecurity education for years.  When I show up at a conference to present on it, educators can't run away fast enough, yet they depend on it everyday to make their networked educational technology enabled lessons happen, and they expose themselves and their students to potential harm when using this connected tech with such willful ignorance.

It seems pretty obvious to me that, if we're going to use networked educational technology in every classroom, it is incumbent upon us to teach cybersafety and privacy to our students from the moment we make them vulnerable.  The idea that cybersecurity is someone else's problem is both naïve and selfish, yet that has been education's approach.

I first got involved with cybersecurity through CyberTitan, Canada's national student cybersecurity competition, which runs in conjunction with CyberPatriot, run by the U.S. Air Force Association in America.  CyberPatriot is now in its fifteenth season and has tens of thousands of students in many countries all learning hands-on defensive I.T. skills and deep cybersafety awareness that will assist them in any future career.  As you may expect, Canada has far too few teams, and many provinces and major centers have none at all.

There are many industry and government organizations that want to bolster cyber-education.  A more cyber-educated society makes for a more protected Canada in an interconnected global economy that isn't exactly stable, yet the reflex in education is to think of this as someone else's problem, even as we become increasingly dependent on networked ed-tech.  Ontario is now requiring mandatory elearning for high school students, but has nothing in place to teach safe use of that mandatory, network dependent technology; we couldn't put the cart any further ahead of the horse if we tried.

In my new role we just ran National CyberDay, which reached over 2000 students nationally - there are almost seven million students in Canada, meaning less than 0.0003% of students participated (in the middle of cybersecurity awareness month), yet almost all of them will be on networked educational technology every day this week.

Cybersecurity education may be the toughest nut to crack, but my recent experiences at conferences on the subject have only intensified my desire to climb this mountain.  Digitally skilled librarians would be a great place to begin this change towards a more secure and digitally literate Canada.  LLCs running CyberDay activities and engaging reluctant classroom teachers in cybersafety and privacy awareness is a great first step.  As awareness builds, librarians taking on CyberTitan coaching roles could introduce emerging cyber-skills to middle and high school students, opening up pathways into a desperately under-served industry in Canada.



There are so many emerging digital mediums.  I haven't touched on the metaverse and how virtual and augmented reality are going to change human interaction in the next decade, or how wearable technology will revolutionize the smartphone yet again... and most people are blissfully unaware of how machine learning and artificial intelligence are already influencing their lives on a daily basis, but these are all emerging elements of digital literacy that we will need to address.

There is much work to do, but events like Treasure Mountain Canada are exactly how we're going to escape our silos and develop a cohesive national approach that is both equitable and scalable.  Nothing else is going to solve the depth and breadth of the digital challenges that we face.


The hackneyed approach to digital skills development in education in Canada (and elsewhere) has produced a scarcity of much needed digitally literate graduates. Emergent skillsets such as in cybersecurity are particularly absent.  There is much to do.

This isn't the first time this subject has arisen on Dusty World:

The Digital Divide is Deep & Wide (from over 5 years ago).


"Overall, people with strong technology skills make up a 5–8% sliver of their country’s population, and this is true across all wealthy OECD countries.

What’s important to remember is that 95% of the general population in North America cannot make effective use of computers in resolving even simple problems or overcoming unexpected outcomes."




Exceptional Times: Using a Pandemic to Close the Digital Divide  (Except we didn't. As soon as COVID pressures subsided we blamed everything except digital illiteracy, and went back to the status quo).