Saturday, 15 October 2022

Creating A Canadian Cybersecurity Ecosystem

Last week I attended my first conferences in a long time. Someone will have to explain to me why classroom teachers have no access to professional development like this. On Wednesday and Thursday morning I was at SecTor in Toronto, making many new contacts in industry and realizing that the vast majority of companies on the front lines of cyber-defence in Canada are eager to help both the public and public education get a handle on cybersafety and digital hygiene. On Thursday afternoon and Friday I was at the University of Waterloo for their Privacy & Cybersecurity Conference. These were two very different conferences with SecTor clearly focused on industry and sales and Waterloo's CPI on academic research and strategic thinking, but you'd be amazed how well the two fit together. I really wish they'd arrange things so people could do one and then the other instead of overlapping them, but that failure to look after each other symbiotically is emblematic of a larger problem in Canada.


I had a great chat with a colleague at ICTC a few weeks ago where he described his approach as 'serving the ecosystem', which I intend to emulate.  He sees ICTC's role as helping everyone working in Canada's digital skills development space to meet the council's mission, which is to strengthen Canada's digital advantage in an ever more connected and volatile global economy.  This sounds like a big ask but I believe in the goal, and that belief gives me the energy to take on this seemingly insurmountable task.

One of my favourite moments from the Waterloo CPI conference was when one of the audience, after listening to how five universities are connecting to each other, interrupted with a clear and present warning.  He guaranteed that in the next five years Canadians are going to be sitting in the dark after a cyber-attack from a well developed foreign aggressor.  When we're all sitting there in the cold and dark with no electricity, gas or communications, will we think we've done enough?  Intense, right?

Early in the talk that question came up in, the head of TMU's CyberSecure Catalyst was talking about how he headed to Israel to see how they created a world-class cybersecure ecosystem in the most challenging of circumstances.  His takeaway?  The Israeli system is predicated on familiarity, trust and connectivity.  After only a month and a bit observing Canada's approach, it seems we're doing the opposite.  I've stumbled across excellent resources in both government academia and industry, but each one is working from its own funding formula and entirely focused on meeting the targets in that formula.  Even our connectivity is fractured with numerous 'networks' forming independently of each other, all with the idea of uniting us.  It'd be funny if it weren't so absurd.  Here are a few of them:
They're all doing good work, but they're doing it in silos and in many cases repeating material found in other programs.  It's neither efficient nor is it anything like the Israeli approach of centralized trust, familiarity and cooperative development.  I'm not surprised that, after announcing yet another Canadian network that'll cure our cyber-skills shortage (which is so bad that the government says we need to bring in talent to fill the gap), that guy in the audience lost his patience.

"The siloed approach we know doesn't work anymore. We think it should change and this budget didn't give us the warm fuzzies."

Christyn is exactly right, Canada's initial approach of jumpstarting as many programs as it could to try and cover the cybersecurity shortfall doesn't scale well now that cybersafety is a part of everyone's lives from individuals and small businesses all the way along to multi-national corporations and federal governments.  COVID only accelerated our dependence on digital connectivity yet we continue to lag behind in terms of cyber capacity, especially in education.

At the conference, Ontario's Ministry of Economic Development representative kept describing Ontario's many cyber-focused companies and educational organizations as an ecosystem, but a lot of potted plants all sitting in the same area are not an ecosystem, which is exactly Canada's problem.

How Canada is approaching cybersecurity capacity development.

How Israel does it - with trust, interconnectivity and familiarity - no silos, and everyone looking after each other.

Canada needs to work together to create a national focus on cybersecurity skills development starting in elementary school with integrated digital hygiene and cybersafety learning that leads to middle school access to programs like CyberTitan that introduce students to hands on I.T. skills that demystify the subject and open up pathways.  In high school everyone should be learning essential digital skills (which are atrociously poor - more than 80% of successful cyber-attacks are the result of user ignorance) as a mandatory course. Students interested in pursuing cybersecurity should have early access to coop and STEM programs that will set them on the right track for post-secondary - no adult upskilling required.  This is also where we need to address how our high schools genderize pathways, knocking many girls out of these opportunities.

If we can demystify cyber in k-12 we will be able to graduate cyber-safe students who are able to operate in our interconnected digital economy in every pathway.  Digital fluency and access to cyber-opportunities is, of course, also an equity and inclusion issue; these opportunities aren't just for wealthy, urban boys, though they continue to dominate the industry.  Emerging digital careers tend to be more future proof and higher paying, and everyone deserves a crack at them.

Canada is the only major federation and one of few countries in the world without a national education standard, leaving our minors open to wildly differing political influences and support in our schools; there is no such thing as 'Canadian Education'.  Rather than start with central administration, I think Canada should start with a canadian student bill of rights to protect minors from these changeable winds, but I digress.  Canada's fractured approach to education (like its fractured approach to cyber) means that we need to reach a critical mass with government and industry partners in order to break into the siloed world of canadian public education.  But with no central authority to get onside, a win in Ontario does not mean a win in Quebec, or anywhere else in the country.

Canada's patchwork approach to governance along with its challenging geography means we're facing barriers that Israel and other world leaders in cyber have never had to contend with, which is precisely why we need to pool our resources, grow an interconnected ecosystem of pubic and private cyberskills supporters and then take on this seemingly insurmountable task.

Cybersecurity might sound like an esoteric reason for this big of a challenge, but cyber lives at the pointy end of a pyramid of digital infrastructure needs that Canada is still sorely in need of developing.  Focusing on cyber means we're also focusing on equity and inclusion by connecting everyone, including remote northern communities, new Canadians and people who can't afford Canada's monopolistic telecom infrastructure, to the digital economy.  To get to cyber we need to get through device accessibility, network connectivity and digital skills development, which is why it's a worthy strategic goal. 

The trick is going to be getting all these disparate interests to unite in order to tackle Canada's unique and challenging geography and history - otherwise we're all going to be sitting in the cold dark in a few years wondering why we didn't do more when we could have.

***

UPDATE:  News from the frontlines of 21st Century war, which includes cyber:  

"Collaborating, exchanging information, assisting one another — this is the best way to thwart cybercriminals."

"All told, cyber resiliency relies on collaborative efforts from the global community, he said. Addressing the corporate audience, he underscored the importance of investing in and building a cybersecurity system as a strategic method to improve the cyber resilience of the state."


The importance of collaboration in cybersecurity, including in education and user outreach, is more obvious than ever as the Ukraine conflict continues.  One day Canada will be in the crosshairs, will we be ready?  Or will we have dozens of competing interests all producing redundant content?

Thursday, 21 July 2022

Dancing in the Datasphere 2022 Edition: AI Refined User Interfaces!

This quote is 12 years old now, but it's more true than
ever, and our technology is about to take another leap
forward that will make our current passive information
/screen based approach to digital look
as outdated as a fax machine.
Way back in 2011 I made one of my first presentations for a provincial education conference (Dancing in the Datasphere).  Leveraging years in IT prior to teaching, I tried to edge teachers closer to an understanding of how the rest of the world had moved on in terms of their digital engagement.  Stepping out of IT in 2003 to become a teacher felt like time warping back 20 years, so out of date was the use of technology in education.  In 2019 I attended Cisco Live and discovered that the rest of the world has moved on again, leveraging cloud based systems in a way that no one in education is, so the anti-tech habits of education are still there.  The need for online/cloud based systems in education is apparent (especially since the pandemic began), but poor cybersecurity management is often used as an excuse to stay out of it.  We're still the only school in South Western Ontario doing CyberTitan and one of only five in the province with any kind of cyber-focus.

In the past decade education has staggered into the 21st Century, though Ontario has gone out of its way to fear and shun it until all the tech-haters suddenly desperately needed it during the pandemic.  The past two years have forced a recognition of the importance of digital fluency, though there are still no mandatory digital literacy courses in any Ontario high school.


On To The Future, Ready or Not...

With all that in mind, what's coming next offers some exciting possibilities, not that education will leverage them before I retire.  Machine learning and the artificial intelligence growing out of it is already offering students a silent AI partner for coding with Github's Copilot.  The GPT-3 OpenAI system Copilot runs on is already producing original text, and perhaps even some of the original essays that teachers think are written by students.

As systems become smarter information falls to hand more readily and old habits become irrelevant (like memorizing phone numbers).  With all that in mind, I've had grade 10s building IBM Watson AI powered chatbots for several years now, and this past semester several of my seniors used Copilot to make their culminating coding projects.  Being able to communicate effectively with ML & AI is going to become increasingly important in the next decade.

But what really excites me about intelligent machines is how they're able to simulate activities with human users in order to streamline and improve the human-machine interface.  Last week we were watching FITC's Spotlight UX, an online conference about the multidisciplinary field of User Experience (UX) based on digital design, ergonomics and user interfaces.  UX opens things up to consider all aspects of digital design from a user's point of view; it has a lot in common with student centered learning in education.  The opening speaker was formerly an ethnologist before getting into UX and her background allowed her to dismantle many of the assumptions that alienate users, especially in online systems that may be designed in one country and used many others.

At the same time I was reading Guy Huntington's piece on The Coming Classroom Revolution.  One of the things he covers is the concept of a virtual-self personal learning assistant.  Guy is looking at the AssistBot from a legal/privacy perspective in the article, but a complex digital model of a students' learning habits offers some interesting possibilities.  What if the virtual student could be run through simulations using various software?  User interface issues could be recognized even before a student picks up a new device or software for the first time.  Interfaces that have been refined by AI driven user simulations would feel intuitive in a way they never have been before because each user would be interacting with digital information on an interface that was custom designed for them based on thousands of hours of simulation prior to them ever picking it up for the first time.

The learning benefits should also be apparent if everyone is walking around with a digital doppelganger in tow.  A teacher might pitch a lesson into a simulation space and the virtual student-bots would be able to show where it does and doesn't work for them, and the lesson could then be customized for each student as needed prior to them ever seeing it for the first time.  Classrooms would become radically personalized after over a century of factory conformity and low resolution information sharing.

A buzzword flying about at the moment is 'metaverse', especially after Facebook rebranded itself Meta.  In the last post I talked about my long involvement with interactive and immersive virtual reality, and after years of development we are close to finally making it happen on a system-wide scale, but it's going to happen while the systems themselves are becoming intelligent and the web itself is attempting to evolve itself past the attention merchant economy that web2.0 became.


Back in April I watched FITC's big early conference and they had Jared Ficklin keynoting about how web3 (driven by blockchain encryption) might give us back control of our own data and change the paradigm we're stuck in online with multi-nationals selling our data as if they owned it.  It was a thrilling talk and I've since come across similar thinking in WIRED.

Web3's a bit of a dog's breakfast thanks to crypto and the mess it has made, but the possibility of individuals owning their online presence is a thrilling return to what the internet once was and might be again.

Combining all of these converging ideas into a viable technological future is ambitious, but it's something worth pursuing because if you don't push for the best outcome for the most people we end up with what we have now.

Could the internet provide us with secure interaction and storage without abusing our information?  Could we move past the low-resolution two dimensional windows that we all peer into the datasphere with now?  Could we leverage machine intelligence to treat each other in a more human way than our 'superior' one teacher to 30+ student brick-in-the-wall classrooms continue to do even now?


Imagine if you will a future where you are able to move in and out of digital information at will without it ever distracting you from the real world as it does now.  Peripheral user interface ergonomics will drastically improve as we get clear of the smartphone myopia we're currently stuck in.  When deep diving into digital data you'll be able to do it using complex multi-dimensional interfaces that make our current screen fixation look positively archaic.  Haptic IoT devices mean you'll interact with data with more than your fingers, allowing for much more nuanced control of your digital interactions.  Your awareness of that environment will also be dimensionally greater than peering through a 2d screen.  Moving three dimensionally in digital data offers you a much richer connection to your digital self.

A better interface with digital information is already here and will only improve, and though Web3 struggles to make sense at the best of times, the idea that we could bring our shared network back to a user-centric experience where our privacy and personal information is owned and controlled by users points to a possible future beyond the tyranny of the attention economy.  But what's most exciting to me is the idea that we can have virtual versions of our habits that we can run simulations on in order to produce software experiences unlike any we've had before.  The efficiency in that combined with all these other converging technologies points to a digital future much richer than the step we're stuck on now.

Imagine opening up a brand new app to discover that it intuitively makes sense to you because it was designed using thousands of simulated hours with your digital avatar.  This also offers some interesting security opportunities because no two interfaces would be the same since each would be tailored to its user.  Combined with a more privacy friendly web, multi-dimensional user interfaces and machine learning that enables us to refine the human-machine connection even before first use, the cybernaut of the future will be doing things in digital spaces that will challenge what we think is possible, which is vital because we will interacting with more and more complex artificial intelligences when digitally connected and if we don't refine and improve our ability to operate in digital spaces, we'll rapidly lose touch with what these automated intelligences are doing.

Rachel, one of our founding Terabytches who took care of Cisco networking during cybersecurity competitions has moved on to computer science at university.  Back when she was doing coop it she developed a simple machine intelligence to develop an understanding of what was going on in large datasets.  One of the biggest surprises for us both was how much work is involved in the Explore/Transform section of this hierarchy.  ML, AI and deep learning offer us a new way to understand large, complex data-sets, but they also need human oversight to make them work.  The automation possible in modern data science is another one of those 21st Century skills most classrooms don't consider.