It's a War Out There

In the beginning of July the Communications Security Establishment (CSE-CST) produced two news briefs that many Canadians remain oblivious to. On July 9th a warning was published describing a Russian government backed foreign interference project that uses artificial intelligence to create false social media output from many different countries designed as propaganda for Russian state interests. By using these tools Russia hopes to direct national discourse in democratic countries, including Canada, in its favour.

The day before, on July 8th, CSE posted a warning about Chinese state sponsored cyber intrusions across public and private networks in many countries, including Canada, designed to give the Peoples Republic access to sensitive state and industry data. What is most concerning about these warnings is that they aren’t unique, they aren’t even rare.

We have come to depend on networked digital information in all aspects of our lives. For many this means social media on their phones, but our dependence on networked digital information runs far deeper than that. Essential systems like the power grid and water supply (and regular classroom activities) are managed through networked digital systems, as are our supply chains. This offers us tremendous opportunities for efficiency and oversight, but it also brings with it the danger of cyber-attack, and not by the stereotypical lone hoodied hacker.

Incredibly, in 2024 most Canadian schools do not teach any cybersecurity education at all. With the exception of New Brunswick there is no curriculum in Canada that even mentions cybersecurity. This has put us in a difficult situation as Canada faces a generational shortage of cyber-talent. But the real danger isn’t our failure to get students interested in working in the field, it’s the apathy and  ignorance Canadians seem to revel in.

The vast majority of successful cyber-attacks depend on user ignorance to find a way in. Canadian defensive technologies are world class, but if the people using them are dangerously oblivious, that’s where the opportunity for abuse lies, which is why Russian and Chinese government organizations are focusing their attention there. If you want to destabilize a democracy, you create division in its people, and with most people going online wearing a blind fold of apathetic ignorance, it’s the easiest opportunity.

If you provided your military with state-of-the-art weapons but didn’t train any of them in how to use them, you wouldn’t have a very effective fighting force, yet that is how we approach cyber-readiness in Canada. Connected digital technologies have become central to most aspects of life, yet the vast majority of Canadians take no responsibility for the dangers these digital opportunities present.

Meanwhile, countries with vested interests in Canadian destabilization have created enormous offensive cyber-attack groups. China’s offensive cyber military arm - just their offensive cyber personnel – number more than the entire Canadian Armed Forces. But the threat doesn’t end there. In addition to large cyber-military capabilities, many foreign powers have also hired private companies to conduct foreign cyber-espionage. If you think the threats we face online are lone hackers trying to make a buck or two you’ve failed to grasp how cyber operations have evolved in the past decade.

Allied Western powers have built defensive systems in partnership with industry, but our ability to perform cyber-attacks on the scale that Russia and China do is anything but equal. If this were a ‘hot’ war the map would be dominated by those countries while Western responses are minimal. Unlike a conventional war there would be no lines with safe zones behind them. In cyber-warfare you see malevolent skirmishes happening in every region of Canada; nowhere is safe because connected infrastructure is everywhere.

Around the edges of these state sponsored cyber-attacks partner organizations are leveraging similar tools for cyber-crime, often in an effort to fund the state sponsored attacks. The ransomware attack your company just paid to try and resolve may well be going to fund the next round of state sponsored digital violence.

Thinking that this is all someone else’s problem is one of Canada’s greatest weaknesses. ‘Loose lips sink ships’ was a common reminder during World War Two. It reminded people that you never knew who is listening and that your blabbing may well get people killed. The Twenty-First Century equivalent is ‘careless clicks can hack everything you depend on.’ Not as catchy, but terrifying.

One of the scariest parts of attending a cybersecurity conference is listening to the people trying to hold Canada together talking about how razor thin that line is. I’ve heard people who are defending against these wildly asymmetrical attacks say things like, “I’m amazed the lights are still on”, and “in the next five years we will have a cyber-attack that takes out critical infrastructure for weeks at a time.”  Perhaps when we’re all sitting in the cold and dark wondering what happened we’ll also start to wonder why we didn’t so something about it when we had the opportunity.

Saying it’s a war out there isn’t hyperbole. Thanks to artificial intelligence many cyber attacks have become fully automated. These A.I. automated attacks iterate their approaches allowing even the most digitally illiterate criminals access to leading edge cyber incursion tools, and many foreign powers are more than happy to support that chaos for their own ends.

What’s a democracy to do? Start taking cyber-education and digital citizenship seriously. Instead of graduating students that only add to the cyber skills gap, we should be making all students (and the families they come home to every day) aware of this secret war we’re all on the battlefield of every time we pick up a device and access the interwebs. How many times have you amplified a social media post that may well have been written by a Russian A.I. bot with the intent to damage Canadian interests? Time to stand up to this hidden war.

I presented on using state of the art cloud based cyber simulation to teach essential cyber skills at the Serious Play Conference at UofT Mississauga this month. We have the tools to address the cyber-literacy gap in Canada and make our country cyber-secure, we just have to make using them in classrooms a priority.

You can sign up for CyberTItan now - it's Canada's biggest student cybersecurity competition. There are divisions for middle and high school students and youth groups can all join up. Teams are 4-6 students and you learn real world defensive cyber skills. Support is also provided if you need mentors. www.cybertitan.ca

Want to read more?

Why State-Sponsored Cyber Attacks are a Global Threat

It's not human error if it's wilful ignorance.

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

National Cyber Threat Assessment 2023-2024

Cyber Operations Tracker

The Cost of a Breach: 10 Terrifying Cybersecurity Stats Your MSP’s Customers Need to Know

Hands On Learning: Haliburton School of Art & Design's Blacksmithing Summer Program

 

 I've been wanting to refamiliarize myself with metal work for some time.  I don't like farming out work that I'm capable of doing myself and there was a point early in my working life when I was welding weekly as part of my millwright apprenticeship, but I haven't joined metal in over three decades. It's amazing how the time flies when quantum cyber research gets in the way.

Finding opportunities to develop these DIY technical skills in Canada where people don't like to DIY is a challenge. The only welding courses I could find were full-bore certificate courses for professionals, but then my wife found the Haliburton School of Art & Design. HSAD takes place in Haliburton, which you'll have heard about on TMD before because it's one of my favourite places to go for a ride in Ontario. It's also only about three hours from home.

HSAD offers piles of course options ranging from visual arts to technical crafts. If you're reading this you'll probably be interested in the blacksmithing course, not necessarily for the smithing but because it offers you access to expert metal workers in a fully tooled shop that will make you hands-on familiar with not only the hot forging of metal but also various other related technologies such as welding, grinding, polishing and plasma cutting. The three of us went up for the week with me doing the smithing, my son glass blowing and my wife water colour painting.

We were asked to bring a project, but what you really need to do for this is to start amassing ideas so when you're in the forge you've got a list to go after, that way you're not wasting time in front of a hot forge wondering what to do next. I showed up with my copy of the Rudge Book of the Road and an idea to build a metal sculpture of the line art in the front of the book.

My blacksmithing experience consists of an afternoon, so I thought this would take me the week, but by the end of day one I'd already worked out the rider in hot steel and started worrying that I'd run out of project.

I figured getting handy with welding would take a some time, but I forgot to take into account technological progression. Back in the day (in the late 1980s) when I was learning how to weld it was all stick (and no MIG carrot). It took about 15 minutes for Amie to talk me through the MIG process and ten minutes later I was tacking pieces together to get my layout right. No sparking a rod to see where you are either with modern instantly darkening welding helmets. Early efforts at joining pieces were messy but by Thursday I was knocking together pieces at will with clean welds. It's now just a  matter of practice to get back to a point where my joins are a point of pride.

Monday was a real hot-box with temps in the mid-thirties. In the forge it was well into the forties and I was drenched when I left. I should have shown up with better heat management methods and was very dehydrated when I left. I recovered as best I could overnight. The next morning I was still not feeling well but got myself in, got a handle on welding and put the rest of the design together.

I woke up Wednesday properly sick with the mother of all summer colds, but the only thing I needed to do to finish was the rider's scarf. With a bit more hot forming of steel and welding I had my 1920s art deco styled Rudge metalwork sculpture done.

On a side note - the propane forges aren't very big and don't work for long, complicated pieces, but the shop had dual coal forges with four working sides in the back room that let you heat longer pieces. The only trick with the coal forge is that it can get so hot it'll burn the steel (which looks like sparklers when it goes). The propane forges are set to not get that hot, but the coal forge can, so in addition to feeding the beast you also have to be careful it doesn't burn your steel. I ended up leaving the scarf in too long and it burned through at the back, but that wasn't necessarily a bad thing as I wasn't able to create the creases I was looking for in the ends. After burning it in half I was able to make the creases and weld the two sides back together, making it better than it would have been otherwise.

  

Old school, but it does offer some advantages along with some challenges...

I then got a primer on how the grinding room worked. The temperatures were dropping from Monday but when you're wearing face protection, a leather apron, long trousers, steel toe boots, leather gloves and a respirator, it's hot anyway. Even with all that and feeling right rotten I enjoyed getting a feel for grinding and cleaning up finished pieces. I get the sense that grinding is another one of those hands-on skills that can go surprisingly deep.

The end result was hung outside and I got given a spray on chemical that would prevent it from rusting while showing off the ground metal finish.

The finished piece looked so nice I got a clean image of it and then updated the logo on the motoblog with it...

 

That'd be your metal work being put through a digital forge!

Amie Botelho was our instructor and she is all about hands-on learning. Most mornings we did a 15-20 minute demo of tools and techniques that you could immediately find a use for. Any time you needed other equipment you'd do one on one safety and how-to training and be let at it. On the forge (and everywhere else in the shop)  Amie is incredibly efficient and that teaches you all sorts of lessons if you watch closely.

It isn't about how hard you hit, it's about how efficiently you get get hot steel out of the forge and under the hammer. It's also about turning your project over and looking at it closely as you work it. Smithing isn't about brute force, it's about attention and precision, but watching a master smith do it is infinitely better than reading about it in a book or hearing someone drone on about it in in a lecture.

Every demo was immediately followed by the suggestion to 'just do it', complete with lots of support in a class of 16 from Amie and shop-tech John. But the best part is that most of the 'students' are actually experienced smiths themselves. The ones around me had all done the four month certificate program at Fleming, so you're surrounded with experienced metal workers who are very free with support and advice (if you want it - you're left to your own devices if that's your jam).

If you're looking to hone your metalworking skills, or want to jumpstart them from scratch, this is a great place to start. Just make sure you show up with lots of ideas if you don't want to be cranking out spoons and bottle openers all week (unless that's your jam) - they're totally open to whatever you want to tackle. We had students working on everything from building a barrel forge of their own involving big industrial pieces, to yard art metal work using the small stuff.  Those experienced smiths in many cases were churning out all the smithing they needed for the year. One told me he'd make the $700 fee for attending for the week every day in what he was producing, making it well worth the cost.

Why come at it like this? Canada being Canada makes it very difficult for you to do things like forging or doing metal work on your own property without hanging you out to dry with insurance and infinite municipal, provincial and federal paperwork. Coming at it this way gives you access to a full service metal shop with all the tech and consumables, and with the safety and insurance challenges all taken care of. The bonus is you also get to hang with an interesting group of like-minded DIYers for the week, which is worth the price of admission alone.

The bandsaws looked like they were older than I am, and I'm feeling old this week!

Once I had the Rudge line art metalwork done I had a go at plasma cutting. I was originally thinking of making a variation on the Isle of Man TT trophy, but symmetrical wings are well out of my wheelhouse without more practice, so I turned it into an absurd door stop with a vaguely Honda theme.

 

Not bad for my first go with a plasma cutter!

Spoons are properly hard work. I found the edge of my forging techniques there quickly!

True that.

The forge at work.

He was early for lunch... this takes place in Haliburton, there are (lots of) deer.

Yep, I did a bottle opener too.

The propane forge at work.

Highly recommended: https://flemingcollege.ca/school/haliburton-school-of-art-and-design