Showing posts sorted by relevance for query skills canada. Sort by date Show all posts
Showing posts sorted by relevance for query skills canada. Sort by date Show all posts

Sunday 1 April 2012

Lessons From Skills Canada

Friday I chaired the video creation Skills Canada regional competition in Guelph.  Ours was a competitive division with five teams who had to film, edit and post-produce a preplanned thirty second ad in four hours.  Only three teams could place and only the top team could move on to the provincial competition.

Some observations stood out:

  • The hard deadlines came as a shock to many of the students, who aren't used to them any more (we don't really require hard deadlines in class any more)
  • The competitive nature of the competition concerned a number of the teams, who couldn't comprehend being allowed to lose in school (we don't really integrate competitive winning and losing in class any more)
  • The sense of satisfaction that resulted from getting a quality piece of work done in the time given surprised many of the students (we don't really allow students to develop a sense of satisfaction from completing work on time - on the contrary, a number of students recently told me at parent teacher interviews that they are sick and tired of knocking themselves out to complete work by deadlines only to see slack and idle students hand in the same thing whenever they get around to it).
  • At the rewards ceremony many of the students were at a loss as to how to act when they'd won (stony faced and blankly indifferent were the norm, broken up by the odd grin).  They were also unable to recognize what losing gracefully looked like.
  • In the automotive technology section the announcer said, "congratulations gentlemen" only to realize that one of the gold medalist was female (from our school!) and back pedal.   If we're going to break the gender assumptions around skilled trades, it starts here (and is).
  • Skills Canada has reinforced for me (yet again) that media arts isn't an arts course so much as it's a technical skills course that includes artistic input (like carpentry).  We just got rather brutally cut for new students while being administered by the fine arts department, I think in great part because what we're teaching is being administered by a department that doesn't know how to present us or what to do with us.
Skills Canada is a wonderful program that empowers students to embrace their passions in the skilled trades.  Often looked down upon by the academically prejudiced teachers (all university grads deeply ingrained in academia), many of these students with smart hands and kinesthetically focused minds look like failures to the pen & paper classroom teacher.

Our school is fortunate to have a busy and wide ranging technology department with many course options.  Those hands-smart, kinesthetic thinkers must suffer in smaller schools full of class rooms and little else.

Having participated in Skills Canada for two years now, I'm a fan.  I plan to encourage our computer engineering students to put their names in for the IT competition, and our media arts students to jump into the crucible, they come out tempered by the experience.

As one of the grade 12s said at the end of the day, "I was put off by the competition and now I'm sorry I never tried this before.  It was a great experience, and a great challenge.  I wish I had a chance to do it again, now that I've tried it, I want to do it again better."  That is the greatest lesson of competition, it clarifies how you can improve in no uncertain terms, and then offers you another chance to show what you know.  Of course, as a senior he won't be here next year.

I've got to find ways to get younger students involved in taking this risk, the rewards are great, and by grade 12 they'll be weathered veterans who can take a competitive run at the medal stand.  Nothing they do in class helps prepare them for the world they are about to walk out into more.

Monday 13 February 2023

Why Canadian Education is so Reluctant to Move on Digital Literacy

 I had a talk the other evening with a Vancouver educator teaching cybersecurity curriculum at his local school board. Like me, Todd has been working alone, offering the local students he has access to the opportunity to learn cyber-skills that would benefit them in any field of study. And, like me, he has helped to launch a few students into careers in this radically underserved career pathway.

Despite being 3 time zones away, Todd is running into the same difficulties I am in Canada's regionally siloed education systems. When he reached out to other districts in British Columbia they didn't engage, and so his work remains isolated to his district. Cyber-attacks on education fill the news, yet the vast majority of students have no access to learning this emerging (and essential) digital media literacy.

In 2017/18 we got involved in CyberTitan, the Canadian centre of excellence for the international CyberPatriot competition (the world's largest student cybersecurity competition). From there we developed a thriving cybersecurity extracurricular program that has since influenced our in-class curriculum in timely and diverse ways., but when I asked a system 'lead' if we could help other schools to engage in the same competition I was told, "it's already running at your school." Leaving us in the same place that Todd finds himself.

With headlines like these (an extensive list of Canadian education hacks can be found at the bottom of the post) wouldn't cybersafety training in every school be a good idea?

Ontario school board trying to recover from cyber incident

Personal data of 70,000 students accessed in school board cyberattack

Cyber-education is just the most obvious part of a much bigger digital skills iceberg.

Yet we barely cover coding in public schools, let alone the rest - even though we depend on it in every subject. Digital technology has become integral to learning in 2023, yet no one has a dedicated curriculum to teach the cybersafety and the technical skills needed to use it safely and effectively. It's why remote learning during the pandemic became an abject failure.


Cyber-Education: an Educational Failure in Education

You have to ask yourself why schools aren't engaging in the cyber-education they should have started when eLearning and other online education technology placed student data and attention in potentially hackable online locations. The answer to this question has eluded me for years, but I'm starting to formulate a theory. It began with seeing yet another example of the rhetoric that public education likes to lean on:

"The lack of robust cybersecurity measures stems from underfunding within schools and #educational groups. Often, they don’t have enough resources or budget to invest in #cybersecurity or train staff and students to practice good cyber habits."

Why are Canadian schools so vulnerable to cyberattacks?


ICTC-CTIC has been offering free cyber-learning opportunities for years in addition to running CyberTitan since 2017 with the support of the Communication's Security Establishment (Canada's cryptography agency charged with securing government communications). It doesn't get more credible than that this, yet we struggle to engage individual teachers let alone school system 'leaders' with these FREE programs. The reticence isn't about cost, it's an unwillingness to make time and take responsibility for our rampant use of education technology. The vast majority of cyberattacks depend upon user digital illiteracy to succeed and we face a global digital skills crisis, yet education seems determined to do as little as possible to address any of it. The question is why.

No where did our failure to address
digital literacy appear more apparent than
during the remote learning emergency.
Perhaps picking up the baton now would highlight a failure that has been decades in the making. By doing nothing, public education remains the victim of cybercriminals and technology disruption, just like the rest of us.

We should have begun developing this technology media fluency the moment we placed student learning in hackable online spaces. It's not a flattering analysis, yet moving past this head-in-the-sand approach is essential if we're going to keep putting student (and staff) information where criminals can exploit it. Our collective ignorance is the cause of the current cybersecurity crisis and the global digital skills shortage; it's a failure of education... by education!


Our Failure to Systematically Teach Digital Literacy Even As It Becomes an Expectation in All Subjects

Poor user digital fluency is the result of our failure to teach it in any kind of systemic manner. The cunning plan so far has been to hope parents are doing it at home* (*this link shows that they might be, if they can afford it). Meanwhile parents are assuming a comprehensive digital skills curriculum is happening in schools, and by comprehensive I mean year on year skills development in dedicated subject time using curriculum that results in functional and safe technology users. We obviously don't have those.

The students I see arriving in grade 9 suggest that this is not systemically happening, and where it does happen it is because a single teacher is trying to bridge this gap themselves. The assumption many parents labour under is that teachers are digitally literate, but they are much like the general population. Worse actually, because the education itself has dragged its feet engaging with digital transformation resulting in the people in it being less digitally savvy than the general population.

If we taught digital skills like we taught other foundational skills that are required across all subject areas (literacy, numeracy, etc), we would have periods focused on developing those skills and integrated subject specific digital fluency across all disciplines, but we don't even cover digital literacy development as comprehensively as we do geography (mandatory k-8 dedicated subject time and a mandatory grade 9 course). There are no mandatory digital literacy courses in any Ontario high school and in K-8 curriculum, where it happens at all, it's usually fixated on coding which does little to teach cybersafety. The ongoing digital skills shortage and a rash of user ignorance driven cyber incidents suggest that the piecemeal approach we've grudgingly adopted isn't working.

I've been pointing to these embarrassing statistics and presenting on the importance of filling this foundational gap in our curriculum for years on Dusty World

2022 TMC7 Research Symposium: Table Talks and Future Skills

(2020) How to Pivot Ontario Education to Prepare for The Next Wave

(2017) The Digital Divide is Deep and Wide

(2012) The New Literacy

Perhaps now, in a maelstrom of bad press and the potential for real financial damage to staff and students (and their families), education will finally take on systemic transformation to address digital skills and especially cybersecurity awareness. The benefits would go far beyond reducing the number of successful cyber breaches. A more digitally literate society would be able to pivot to remote learning in an emergency and might also offer climate reduction possibilities by reducing the need for face to face schooling. It would even help create a less factory driven/age based system that relies on millions of gallons of diesel to deliver bodies to age appropriate facilities every day. The central problem is that the digitally delayed education system is the least likely place to find this future friendly vision.

We could have used the pandemic to finally
engage with digital literacy
- instead it became
another excuse to play victim to our own
lack of foresight.
Do you know how many times cybersecurity is mentioned in Ontario computer technology or computer science curriculums? Not once - not even in the two specialist subjects it should be covered in. We've driven students onto potentially insecure online learning environments for years now and even the compsci students don't learn how to secure it.

 Nowhere has this failure to address digital literacy been more apparent in emergency remote learning where many students were thrust into online mediums that they have very little understanding of with unsurprising results. Most students still equate technology with entertainment, which is why implementing it in classrooms has been fraught with problems. Most teachers have less digital fluency than anyone in a modern office setting.

One of the early myths used to justify this bury-it approach to digital literacy was that of the 'digital native' - the idea that students who grew up with digital technology were somehow magically imbued with the ability to understand it technically and use it safely and effectively. This is like saying that because I grew up in the 1970s and was familiar with cars, I already know how a car works and how to operate one. This absurd belief persists in many schools despite being summarily discounted by research.

Being familiar with digital technology means you don't have to overcome the fear that older people have in making a mistake with it, but I can assure you, students are not immune to making poor technical decisions based on digital ignorance. The rush by students in my school to use 'free' VPNs to bypass blocks on social media sites isn't digital native genius, it's profoundly ignorant. The criminals offering these services aren't offering them for free. This gives a fine example of how digitally illiterate school systems are. Blocking content and driving students to put their digital information at risk through questionable technology is about where we're at in education these days. Incredibly, many educators then point to this as an example of just how good the kids are with technology.

Research on the poor state of digital skills across entire populations shows an astonishing lack of capability, even as we increasingly depend on networked digital technologies to support every aspect of public education. When technology fails, the learning stops in 2023..

This isn't just a Canada problem, it's worldwide.
Addressing the digital skills gap for future education

A global measure of digital and ICT literacy skills (it isn't pretty)

"higher socioeconomic status was associated with higher proficiency both within & across countries - student experience of computer use & their frequency of computer use at home were positively associated with proficiency" - Because we off-load this essential literacy because we don't want to take responsibility for it.

The Distribution of Users’ Computer Skills: Worse Than You Think

Nearly 1 in 3 workers lack foundational digital skills

Canada struggles to prepare its workforce for changing digital economy

"81 per cent of Canadians say they don’t have the resources to learn the digital skills required by businesses today, and 86 per cent say they are not prepared to meet the digital skills requirements of the future."


Summary 

Cyber-education is the sharp end of this failure to teach digital literacy because of the fear that surrounds the subject and the dire consequences of not addressing it. Convincing educators to engage with cybersafety, cybersecurity and data privacy learning is virtually impossible, especially as most staff are no more digitally savvy than anyone else. You have to be trying exceptionally hard to not be using digital technology in 2023. Your lights are on because of it and your lessons are available to students because of it, yet no one wants to teach it, or learn it as a specific technology/media skill.

Beyond the sharp point of cyber, we have a population that spends an inordinate amount of their time, both professional and personal, in networked technology, yet almost no one knows how it works, what to do when it goes wrong or how to secure it. Younger people aren't afraid of it, but their bravado creates dangers of a different kind.

If we're going to use networked technology in every subject, we should have K-8 curriculum in place with mandatory time given to specifically learning digital skills well beyond coding, and also include digital literacy integration with all subjects. This should begin the moment we put students in online learning.  A systemic approach to this would start solving the educator digital skills crisis and eventually result in a dramatic drop in successful cyber-attacks as we begin to heal the ignorance that current attacks exploit. Many federal programs exist, but Canada's chaotic, siloed education landscape means that with no central authority, provincial ministries and local school boards are left with the responsibility to engage with a problem that operates well beyond their jurisdictions.

Digital skills gaps cost billions in lost jobs and opportunities and exacerbate existing inequalities. By resolving this failure of vision that public education has been central in creating, we might finally assume the role it should have played all along. It doesn't require lengthy apologies, but it does require some humility before a systemic failure we've all played a part in. I only hope the people leading education in Canada are more interested in doing the right thing for students, staff and their families instead of maintaining the expedient idea that digital literacy happens by magical birthright, or at home.


Yes, it's a tsunami of cyberattacks on canadian education:

Vancouver Film School hit by paralyzing cyberattack
Attackers say they have deleted data stolen from Ontario school board
School board confirms hack; attacker sent note through photocopiers
Ministry beefing up security after school board 'cyber incident'
Ottawa french public school board paid hackers ransom after data breach
Teachers and parents urge answers as investigation into school board hack continues
OSSTF confirms current and past members’ information compromised in cyberattack
Former members call out OSSTF for handling of personal information stolen in cyberattack
Maple Ridge-Pitt Meadows school district alerts families of potential data leak
“It’s pretty scary”: TRU students concerned after possible hacking of student aid websites
https://canadatoday.news/ca/vancouver-park-board-to-consider-new-revenue-streams-including-more-restaurants-223298/
https://www.therecord.com/news/waterloo-region/2022/09/15/at-least-three-former-wrdsb-employees-report-identity-theft-attempts-since-cyber-attack.html
https://cupe.ca/statement-crystal-krauter-maki-educational-assistant-and-cupe-4148-president-regarding-ransomware
A failure to educate staff

What our failure in education looks like to the people experiencing it:
"44% said that school only taught them very basic computing skills, 37% said that school education didn’t prepare them with the technology skills they needed for their careers. 40% consider learning new digital skills essential to future career options"

Saturday 15 October 2022

Creating A Canadian Cybersecurity Ecosystem

Last week I attended my first conferences in a long time. Someone will have to explain to me why classroom teachers have no access to professional development like this. On Wednesday and Thursday morning I was at SecTor in Toronto, making many new contacts in industry and realizing that the vast majority of companies on the front lines of cyber-defence in Canada are eager to help both the public and public education get a handle on cybersafety and digital hygiene. On Thursday afternoon and Friday I was at the University of Waterloo for their Privacy & Cybersecurity Conference. These were two very different conferences with SecTor clearly focused on industry and sales and Waterloo's CPI on academic research and strategic thinking, but you'd be amazed how well the two fit together. I really wish they'd arrange things so people could do one and then the other instead of overlapping them, but that failure to look after each other symbiotically is emblematic of a larger problem in Canada.


I had a great chat with a colleague at ICTC a few weeks ago where he described his approach as 'serving the ecosystem', which I intend to emulate.  He sees ICTC's role as helping everyone working in Canada's digital skills development space to meet the council's mission, which is to strengthen Canada's digital advantage in an ever more connected and volatile global economy.  This sounds like a big ask but I believe in the goal, and that belief gives me the energy to take on this seemingly insurmountable task.

One of my favourite moments from the Waterloo CPI conference was when one of the audience, after listening to how five universities are connecting to each other, interrupted with a clear and present warning.  He guaranteed that in the next five years Canadians are going to be sitting in the dark after a cyber-attack from a well developed foreign aggressor.  When we're all sitting there in the cold and dark with no electricity, gas or communications, will we think we've done enough?  Intense, right?

Early in the talk that question came up in, the head of TMU's CyberSecure Catalyst was talking about how he headed to Israel to see how they created a world-class cybersecure ecosystem in the most challenging of circumstances.  His takeaway?  The Israeli system is predicated on familiarity, trust and connectivity.  After only a month and a bit observing Canada's approach, it seems we're doing the opposite.  I've stumbled across excellent resources in both government academia and industry, but each one is working from its own funding formula and entirely focused on meeting the targets in that formula.  Even our connectivity is fractured with numerous 'networks' forming independently of each other, all with the idea of uniting us.  It'd be funny if it weren't so absurd.  Here are a few of them:
They're all doing good work, but they're doing it in silos and in many cases repeating material found in other programs.  It's neither efficient nor is it anything like the Israeli approach of centralized trust, familiarity and cooperative development.  I'm not surprised that, after announcing yet another Canadian network that'll cure our cyber-skills shortage (which is so bad that the government says we need to bring in talent to fill the gap), that guy in the audience lost his patience.

"The siloed approach we know doesn't work anymore. We think it should change and this budget didn't give us the warm fuzzies."

Christyn is exactly right, Canada's initial approach of jumpstarting as many programs as it could to try and cover the cybersecurity shortfall doesn't scale well now that cybersafety is a part of everyone's lives from individuals and small businesses all the way along to multi-national corporations and federal governments.  COVID only accelerated our dependence on digital connectivity yet we continue to lag behind in terms of cyber capacity, especially in education.

At the conference, Ontario's Ministry of Economic Development representative kept describing Ontario's many cyber-focused companies and educational organizations as an ecosystem, but a lot of potted plants all sitting in the same area are not an ecosystem, which is exactly Canada's problem.

How Canada is approaching cybersecurity capacity development.

How Israel does it - with trust, interconnectivity and familiarity - no silos, and everyone looking after each other.

Canada needs to work together to create a national focus on cybersecurity skills development starting in elementary school with integrated digital hygiene and cybersafety learning that leads to middle school access to programs like CyberTitan that introduce students to hands on I.T. skills that demystify the subject and open up pathways.  In high school everyone should be learning essential digital skills (which are atrociously poor - more than 80% of successful cyber-attacks are the result of user ignorance) as a mandatory course. Students interested in pursuing cybersecurity should have early access to coop and STEM programs that will set them on the right track for post-secondary - no adult upskilling required.  This is also where we need to address how our high schools genderize pathways, knocking many girls out of these opportunities.

If we can demystify cyber in k-12 we will be able to graduate cyber-safe students who are able to operate in our interconnected digital economy in every pathway.  Digital fluency and access to cyber-opportunities is, of course, also an equity and inclusion issue; these opportunities aren't just for wealthy, urban boys, though they continue to dominate the industry.  Emerging digital careers tend to be more future proof and higher paying, and everyone deserves a crack at them.

Canada is the only major federation and one of few countries in the world without a national education standard, leaving our minors open to wildly differing political influences and support in our schools; there is no such thing as 'Canadian Education'.  Rather than start with central administration, I think Canada should start with a canadian student bill of rights to protect minors from these changeable winds, but I digress.  Canada's fractured approach to education (like its fractured approach to cyber) means that we need to reach a critical mass with government and industry partners in order to break into the siloed world of canadian public education.  But with no central authority to get onside, a win in Ontario does not mean a win in Quebec, or anywhere else in the country.

Canada's patchwork approach to governance along with its challenging geography means we're facing barriers that Israel and other world leaders in cyber have never had to contend with, which is precisely why we need to pool our resources, grow an interconnected ecosystem of pubic and private cyberskills supporters and then take on this seemingly insurmountable task.

Cybersecurity might sound like an esoteric reason for this big of a challenge, but cyber lives at the pointy end of a pyramid of digital infrastructure needs that Canada is still sorely in need of developing.  Focusing on cyber means we're also focusing on equity and inclusion by connecting everyone, including remote northern communities, new Canadians and people who can't afford Canada's monopolistic telecom infrastructure, to the digital economy.  To get to cyber we need to get through device accessibility, network connectivity and digital skills development, which is why it's a worthy strategic goal. 

The trick is going to be getting all these disparate interests to unite in order to tackle Canada's unique and challenging geography and history - otherwise we're all going to be sitting in the cold dark in a few years wondering why we didn't do more when we could have.

***

UPDATE:  News from the frontlines of 21st Century war, which includes cyber:  

"Collaborating, exchanging information, assisting one another — this is the best way to thwart cybercriminals."

"All told, cyber resiliency relies on collaborative efforts from the global community, he said. Addressing the corporate audience, he underscored the importance of investing in and building a cybersecurity system as a strategic method to improve the cyber resilience of the state."


The importance of collaboration in cybersecurity, including in education and user outreach, is more obvious than ever as the Ukraine conflict continues.  One day Canada will be in the crosshairs, will we be ready?  Or will we have dozens of competing interests all producing redundant content?

Saturday 18 November 2023

Cyber Education in Canada is Broken, Here's How to Fix It

I've been sitting on this one for some time. What's below is more like brainstorming than a clear solution, but I feel like it's moving in the right direction...

The Problem: Canada's Cyber-education system is broken - or doesn't exist at all

I've been ruminating on this since virtually attending the "How to protect our children in an increasingly digital and online world" meeting by Economic Development Ontario and the Canadian Trade commission a couple of weeks ago. James Hayes from Cyber Legends is a man on a mission. His keynote was both insightful and frustrating - the main point being that Ontario (and by extension Canada)'s cyber-education ecosystem is broken. I'd go so far as to say that in most places it doesn't exist at all; broken implies that there was something there to begin with.

This observation speaks to a cultural challenge that Canada faces. Other countries are able to leverage a collaborative approach to the asymmetrical global threat cyberattacks pose, but Canada's history and the loose confederation it has produced creates many gaps between levels of government. Those gaps are where cybercriminals operate.

The Problem: cybersecurity, cybersafety and online privacy are barely mentioned in Canadian school curriculum and educators are some of the least digitally experienced professionals able to resolve this skills crisis

In Ontario we've mandated mandatory eLearning for all students, but cybersecurity only just got into the computer studies curriculum in this year's rewrite, and what's there is thin (it immediately devolves into personal online data awareness and ignores the many interesting technical specialities in cybersecurity). This optional course doesn't run in most high schools (it was cancelled locally in mine), so this one mention isn't seen by most students.

Many other provinces don't mention cybersecurity at all even as they all depend on it every day with networked education technology delivering material in every classroom. Cyberskills are now essential skills if we want to keep the learning happening, but aren't treated that way in our education systems. New Brunswick is the exception with a full cyber-learning pathway for students interested in heading into the field professionally. Why does that matter? There is a global shortage of cybersecurity professionals, so Canada's usual approach of immigrating in solutions to its education failings won't work in this case.

James mentioned teacher cyber-illiteracy in his keynote as well.
There are solutions like CyberBytes that offer upskilling...
Our oblivious response to cybersecurity awareness is part of a larger problem in public education. When I first came into teaching in 2003 I was surprised to see the education system rocking early 90s information and communication technology. Throughout my career education has dragged its feet at every opportunity in terms of adopting digital transformation and the benefits it delivers. The result of this decades long drag is that people in education tend to be less digitally literate than the general population, even as they are expected to teach students essential digital skills like cyber awareness. 
Teachers are precisely who you want to be raising general cyberawareness and the skills needed to safely navigate our online world, but decades of status quo leadership means educators are missing the digital media literacy necessary to do it.


The Problem: we're happy to make online edtech solutions mandatory (usually as a cost cutting measure) but a surprising percentage of the people doing it don't think they should be held legally responsible for its safe delivery


I spoke on a panel about cybersecurity at the Canadian Edtech Summit the week before. The event had an online component so I started a poll aimed at the education administration and technology companies in attendance. Recently the SEC in the US sued a company for their failure to respond to cybersecurity problems that they were very much aware of that resulted in many clients' data being spilled onto the darkweb. This raises an interesting policy question: should school boards and provincial education ministries be held legally responsible for cybersecurity in Canadian classrooms? Canadian educational ministries and their school boards have increasingly adopted cloud based solutions to reduce costs on what used to be locally managed technology integration, but with internet based 'cloud' solutions come cybersecurity responsibilities. This US decision will likely influence our lax cyber responsibility policies in Canada and I was curious what the people implementing these technologies (often poorly) thought of the potential for liability penalties for failing to protect student data (which often also includes staff and family personal data too).

I expected the people delivering online edtech (school boards, ministries, not-for-profits and private edtech companies) to recognize that cybersecurity is very much their responsibility if their technology is vulnerable online, especially if they are going to demand that students use online learning tools. This should be especially obvious when our 'clients' are vulnerable sector children whose safety should be a primary concern.

Most did recognize the importance of taking responsibility for their technology delivery, but I'd love to have a chat with the quarter or so who thought they should be putting student learning online while bearing no legal responsibility for it. One of those people could well be managing your local school board's technology department.

If we've got a problem with the people delivering online edtech understanding that they are responsible for cybersecurity, we need to back the bus up and clarify those responsibilities with policy - legally binding policy.  I recently saw a memo which said data privacy wasn't even a paid job in the school board and is done outside of regular work responsibilities by IT staff, most of whom have no cybersecurity experience. Until we begin taking public sector cybersecurity seriously we will continue to see our public services being disrupted by breaches and system failures.

NIST's cybersecurity framework offers a technical policy approach to cybersecurity that clarifies what organizations need to do to provide viable online security. ISED has a Canadian version called ITSG-33 which is more policy focused.  This isn't an all or nothing thing with a solution for every problem. Any time you put data online you risk being hacked, but by following these best practices you can at least know you've taken reasonable steps towards preventing abuse. What you want to do is get up to Tier Four of the NIST framework where you're proactively defending against threats, but public education in Canada can't get out of Tier Two because "implementation is still piecemeal", and no one has "the proper resources needed to protect themselves." Our cyber failures in Canadian education are the result of poor policy and the resultant lack of funding. I'd hope that we'd follow best practices in protecting student data, but that ship sailed years ago. If that carrot isn't available, then a legal policy stick might be the only thing left that prompts ministries and schools to make student data privacy a priority.


The Problem: Public services in Canada are siloed bureaucracies that are difficult to work with


This isn't just an education problem, it's a
CANADA problem. Canada's history hasn't
produced a culture that can collaborate
against asymmetrical global threats.
During the panel talk at the EdTech summit one of the speakers said, "working with public school boards is very difficult. It can take years just to find the right person to talk to. Even if you can find that person, they'll tell you there are no resources." I talked to Kyle Bokyo, another of the panelists, after the event and we commiserated on this point.

There are not for profits and businesses in Canada who are attempting to provide solutions to Canada's ongoing cyber-education failures, but attempting to engage with any public service in Canada is a a difficult prospect. If you talk to the ministries they hold up their hands and say they only manage the funding and not the implementation of cybersecurity solutions. If you talk to the regional school boards they say that they aren't provided resources to do it.

In Canada's uncoordinated cyber policy landscape I suspect it's easier to play victim even as you assume greater cyber risk pushing user data into the cloud than it is to develop a coordinated response to this very asymmetrical problem. These gaps in responsibility make it easy for the people paid to protect student data to point the finger at each other rather than solve the problem, even as breach after breach occurs.

Canada's failure to
coordinate cyber response
is recognized as an
problem globally
.
What I learned through COVID as a classroom teacher is that the people running public education will ask all manner or ridiculousness just to maintain the illusion of a functional system. It's what got them into their offices and they aren't about to jeopardize that. Public education, along with other public services, are insular industries with generational employees and tightly knit networks of political operatives managing them. This might sound like immigrant complaining (and it is), but the best way to get into education 'leadership' is to have had family who did it, or marry into one. The next best way is to be willing to maintain the status quo at all costs. Agility and responsiveness aren't words often applied to this sector.

Cybersecurity in public education is dangerously under-prioritized even as we continue the rush to cloud based edtech solutions in an attempt to save money. On top of that a surprising percentage of the people delivering these solutions don't think they should be held legally responsible for its safe delivery. This deadlock suggests that we need policy that not only enforces best cybersecurity practices in education, but also makes resources for it a requirement rather than a politically motivated shell game.

But the fix needs to go further in education because we also have a responsibility for providing graduates with opportunities to learn the skills they need to survive in a rapidly changing world; something we're not doing as many jurisdictions continue to studiously ignore cyber education and digital skills in general. The key piece to this puzzle is policy that creates a responsive, responsible Canadian cybereducation system. In aligning resources to create cybersecure online learning we might also usher in a new era of relevant, richer digital skills development.


The Solution: A Viable 21st Century Canadian Digital Education Ecosystem

As both James and Kyle mentioned in their talks, technology moves so quickly that large public services are always going to struggle to keep up, but an agile edtech sector could help with that. Startups and small businesses can pivot to keep up with technology emergence in a way that larger organizations struggle with - that's why Google and the rest buy agility rather than trying to produce it in-house. The problem has been Canada's pigeon hole approach which doesn't aim to produce a coherent ecosystem of interrelated programs that provide a comprehensive Canadian shield.

As mentioned previously, the issue of regional school boards and provincial ministries making it difficult for anyone outside of these insular systems from collaborating with them is a key problem. We can't leverage digitally literate industry partners if they have no way to effectively communicate with education delivery systems.

The solution is to connect the federal government with the Council of Ministers of Education, Canada and The Insurance Bureau of Canada and design a centralized approval process that connects Canadian not for profits and industry edtech expertise with provincial ministries and clears the way for access to credible cybereducation materials through direct internal communications channels with education systems. Instead of individual boards doing cyber badly, a national partnership with a wide range of technology specializations and strengths would work together to build solutions at scale while also ensuring that these solutions are prioritized with mandatory funding. This relationship would also prompt meaningful updates to curriculum instead of the current 'in a bubble' approach that produces material well short of what is needed to prepare graduates for our technically challenging future.

I made this graphic after last year's CPI conference
at University of Waterloo
, where I first met James,
Cheryl and Cyber Legends.
In such an environment a startup like James' Cyber Legends, or an internationally partnered and long running national competition like CyberTitan would pass NIST levels of cyber-review nationally and then be welcomed into a Canada-wide edtech ecosystem that works through each provincial and territorial education ministry directly into school boards. Any edtech company working outside of this framework would find itself where we all do now: on the outside unable to make any significant change. But those who meet this national standard would be considered trusted internal partners with access to federal funding and direct internal access to provincial education at both the ministry and district levels. No more trying for years to find a person who may (or most likely doesn't) exist in a local school board who is in charge of cybereducation.

This ecosystem would reward collaboration. Members would only be accepted if they are producing complementary resources that create a full range of learning opportunities to all aspects of our increasingly digital world across all subjects, including cybersecurity. This nationally curated resource allows teachers from all corners of the country to develop meaningful digital skills, including the difficult ones to deliver like cybersecurity. This equity of access to resources would end nationally embarrassing PISA results that prevent smaller provincial education systems who lack resources from producing results below the world average.  Members of Canada's edtech program would find funding easier and be able to work with partners who ensure that their programs are successfully integrated and in a constant state of improvement in order to keep up with the impressive rate of technological change we're all dealing with. This would also give those providing federal funding clear guidelines for who they should be supporting.

The stick would come through policy changes that are both legal and regulatory. Any school board (and by association ministry) not making use of these secure, partner provided resources for improving student data protection would find themselves both liable for any breaches, and also uninsured. Educational cybersecurity would no longer be a political blame game. Local implementation would still very much remain the purview of school districts, and ministries would remain very much in charge of funding their province or territory, but with focused federal support many of the associated expenses would be reduced through the centralization of resources. These savings would also be a carrot. With national cyber standards and partnerships that leverage the strengths of all members of Canada's education ecosystem (federal government, private industry, national not for profit, education ministries, and local school boards), Canadian students would enjoy access to more Canadian made digital learning opportunities that raise digital fluency in a meaningful way, and they could do this while also exploring cybersecurity in a way that creates a more secure Canada. Imagine what all these cyber-aware students could do for our national security. It's the only solution we have that scales to meet the problem. Those students go home and raise cyberawareness in their families and communities, reducing the main reason for successful cyberattacks.

We have a habit of regionalizing our approaches to government in Canada, but in the face of wildly asymmetrical threats like cybercrime and (increasingly) international cyber espionage, we need to push back against this culture and build a collaborative defence. In doing so we would also create much richer digital learning opportunities in our schools that would make Canada more secure and competitive in the networked, global economy.


The Solution: collaboration doesn't end locally, regionally or even nationally in Canada

I'm attending The Global Forum for Cyber Excellence's inaugural Global Conference on Cyber Capacity Building in Accra, Ghana at the end of November. 

"It is paramount for all nations to have the expertise, knowledge and skills to strengthen their cyber-resilience"

I'm presenting a research paper a former student and CyberTitan (Louise Turner) and I have written about the disruption quantum computing will cause to cybersecurity encryption in the coming years. Doing this research with Louise has been both eye opening and very intellectually satisfying, but after 20+ years in the classroom I'm still very much a cyber-educator first and a cyber researcher second. It's why I invited one of the next generation of cyber professionals to write the paper with me.

Looking at the program for the conference, the lack of talent and focus on developing cyberskills both in the population and in those interested in pursuing work in the industry isn't a Canada only problem, it's a global one. If we can repair Canada's internal cyber-education system, we can then work with international partners to help them do the same. The cyber battlefield inherently favours the anonymity of hackers damaging our systems with impunity for their own gain, but through collaboration the defenders could become mighty. A cyber-aware population would be foundational for reducing cyberattacks in our public services.

As the GFCE so eloquently puts it: "Nations should work together and support each other with these capabilities, so that no country is left behind in their digital evolution. After all, a chain is only as strong as the weakest link."  Look for the Accra Call: a global action framework that supports countries in strengthening their cyber resilience being announced during the conference.

Wednesday 11 May 2016

Failing Forward

Failures, repeated failures, are finger posts on the
road to achievement. One fails forward toward success.
- C.S. Lewis
Four years ago I decided to show what we know in the information technology focused computer engineering course I teach at Centre Wellington DHS.  The Skills Canada I.T. and Networking Administration contest seemed custom tailored to do that for us.  That first year we took two competitors down to Guelph and finished second and third to an urban(e) high school in the regional competition.  We took what we learned from that first round and applied again the next year, this time winning our way through to the provincial competition for the first time.  Had we not known the competition by failing at it the first time, we never would never have been able to re-orientate ourselves and get out of the regional battle.

That first student we sent to provincials was a polymath, gifted at pretty much everything, but once again we were unprepared and we ended up finishing fourth overall.  Like mechanics and other stochastic skills, I.T. is experiential.  You can be the sharpest person in the room, but the more experienced technician will usually figure it out first because the problems aren't always obvious and linear; instinct based on experience plays a surprisingly large part in analyzing problems.  Still, fifth in the province wasn't bad for our second go at it.   Our competitor came back and debriefed on the provincial competition just as our previous students had with the regional competition.

Our third go at it had two competitors having to face off challengers regionally.  They finished 1-2 and we were off to provincials again.  Our second run at the big competition showed just how much the scope of the competition could change year to year.  We once again finished in the top ten, but didn't medal.  As before, our competitor came back and did a thorough debrief, helping the next candidate (the one who'd finished second regionally) get ready in more detail than ever before.  The old adage goes: I was able to reach so high because I stood on the backs of giants.  In our case this is completely true.  Had those previous students not leapt into the breach and shown us the way, we would never have seen the steady improvement that we did.

We just got back from provincial competition once again.  We gold medalled in I.T. and then finished top three in all technology competitions combined - meaning we didn't just beat other competitors, we also got a near perfect score in the process.  The first thing Zach, our gold medalist, did when he found out he won was shout out to the people who came before him, thanking them for the doing all that dangerous reconnaissance blind.

We're off to Moncton next month to compete in Skills Canada at the national level.  Ontario's is the biggest provincial skills program with the toughest competition, and we scored highly, but it's our first time nationally.  I didn't consider changing our approach.  Our goal is to go there and learn.  Zach has benefited from the failures of previous students, and now it's his turn to go first and pave the way.

Can a small town school compete against massive, urban
school boards?  Yes, yes we can.
At first glance it might look like those previous students failed, but they didn't, they were part of something bigger than themselves that has succeeded.  I know some people look at competitions like Skills Canada and wring their hands over how harsh it is on tender adolescent egos, but our failures made us better and our approach meant we were resilient in the face of those failures.  Even when we were sending different individuals year on year there was a team feeling as new competitors read over the notes, advice and encouragement of now long graduated students (all of whom are enjoying post-secondary computer focused success).  In many cases current competitors connected with grads through social media in order to further develop this mentorship.

The education system has focused relentlessly on student success.  A big part of that push is to mitigate failure wherever possible.  When failure is removed from learning you can't develop nonlinear, experiential skill-sets or take risks on new challenges because those things in particular demand failure in order to learn.  You also can't learn to fail forward or consider your learning to be a part of something larger than yourself.  No fail learning is remarkably selfish on a number of levels, damaging not only a student's ability to learn stochastic skills, but also weakening their resiliency, resolve and humility before a task.

The concept of no-fail learning is very academic in origin, no real-world learning process would consider such an approach viable.  It's unfortunately ironic that one of my best teaching experiences and a unique learning opportunity for many students has to happen outside of the classroom, where the many benefits of failure are still allowed to happen.

A couple of years ago I realized were were on a multi-year trajectory, so I started putting up posters in the classroom for each competitor so that new students would realize they are part of a dynasty!


Our school mascot is a falcon... geddit?