|Automating our tech doesn’t reduce our effort. If
anything it amplifies it. The genius of Marc Marquez
can only be really understood in slow motion as he
drifts a 280hp bike at over 100mph. That’s what an
AI arms race in cybersec will look like too – you’ll only
be able to watch it played back in slow motion to
understand what is happening.
Where did the Cybersecurity & Privacy Conference turn next? To privacy! Which is (like most things) more complicated than you think. The experts on stage ranged from legal experts to sociologists and tackled the concept from many sides, with an eye on trying to expose how our digitally networked world is eroding expectations of private information.
I found the discussion fascinating, as did my business colleague, but many of the students were finding this lecture style information delivery to be exhausting. When I asked who wanted to stick around in the afternoon for the industry panel on ‘can we fix the internet’, only a handful had the will and interest. We had an interesting discussion after about whether or not university is a good fit for most students. Based on our time at the conference, I’d say it isn’t – or they just haven’t grown into the brain they need to manage it yet. What’s worrying is that in our increasingly student centred, digital classrooms we’re not graduating students who can handle this kind of information delivery. That kind of metacognitive awareness is gold if you can find it in high school, and field trips like this one are a great way to highlight it.
The conference (for us anyway) wrapped up with an industry panel asking the question, “Can the Internet be saved?” In the course of the discussion big ideas, like public, secure internet for all (ie: treating our critical ICT infrastructure with the same level of intent as we do our water, electrical and gas systems) were bandied about. One of my students pointed out that people don’t pirate software or media for fun, they do it because they can’t afford it, which leads to potential hazards. There was no immediate answer for this, but many of the people up there were frustrated at the digital divide. As William Gibson so eloquently said, “the future is already here – it’s just not evenly distributed.” That lack of equity in entering our shared digital space and the system insecurity this desperation causes was a recurring theme. One speaker pointed out that a company only fixated on number of users has a dangerously single minded obsession that is undermining the digital infrastructure that increasingly manages our critical systems. If society is going to embrace digital, then that future better reach everyone, or there are always going to be people upsetting the boat if they aren’t afforded a seat on it. That’s also assuming the people building the boats are more interested in including everyone rather than chasing next quarter earnings.
This conversation wandered in many directions, yet it always came back to something that should be self-evident to everyone. If we had better users, most of our problems would disappear. I’ve been trying to drive this ‘education is the answer‘ approach for a while now, but interest in picking up this responsibility seems to slip off everyone from students and teachers to administration at all levels. We’re all happy to use digital tools to save money and increase efficiencies, but want to take no individual responsibility for them.
I was surprised to bump into Diana Barbosa, ICTC’s Director of Education and Standards at the conference. She was thrilled to see a troop of CyberTitans walk in and interrupt the opening keynote. The students themselves, including a number of Terabytches from last year’s national finalist team who met Diana in Ottawa, were excited to have a chat and catch up. This kind of networking is yet another advantage of getting out of the classroom on field trips like this. If our pathways lead at the board hadn’t helped us out, all of that would have been lost.
We left the conference early to get everyone back in time for the end of the school day. When I told them we’d been invited back on the bus ride home they all gave out a cheer. Being told you belong in a foreign environment like an industry and academic conference full of expert adults is going to change even more student trajectories. If our goal is to open up new possibilities to students, this opportunity hit the mark.
From a professional point of view, I’m frustrated with the lack of cohesion and will in government and industry to repair the fractured digital infrastructure they’ve made. Lots of people have made a lot of money driving our society onto the internet. The least they could do is ensure that the technology we’re using is as safe as it can be, but there seems to be no short term gain in it.
|The US hacked a drone out of the sky this summer.|
Some governments have militarized their cyber-capabilities and are building weapons grade hacks that will trickle down into civilian and criminal organizations. In this inflationary threat-scape, cybersecurity is gearing up with AI and operational improvements to better face these threats, but it’s still a very asymmetrical situation. The bad actors have a lot more going for them than the too few who stand trying to protect our critical digital infrastructure.
Western governments have stood by and let this happen with little oversight, and the result has been a wild west of fake news, election tampering, destabilizing hacks and hackneyed software. There are organizations in this that are playing a long game. If this digital revolution is to become a permanent part of our social structure, a part that runs our critical infrastructure, then we all need to start taking networked infrastructure as something more than an entertaining diversion.
One of the most poignant moments for me was when one of the speakers asked the audience full of cybersecurity experts who they should call, police wise, if their company has been hacked. There was silence. In a room full of experts no one could answer because there is no answer. That tells you something about just how asymetrical the threat-scape is these days. Criminals and foreign powers can hack at will and know there are no repercussions, because there are none.
Feel safer now? Reading this? Online? I didn’t even tell you about how many exploit kits drop hidden iframe links into web pages without their owners even knowing and then infect any machine that looks at the page anonymously. Or the explosion of tracking cookies designed to sell your browsing habits to any interested party.