Tag: BETT2025

BETT 2025: Cyber resilience and schools

On the Friday afternoon of BETT 2025 I had the opportunity to deliver a session on cyber security for education, called “cyber resilience and schools: lets get pragmatic”.   Now I will admit I was a bit worried with it being a day three afternoon session, would anyone turn up, however the session was very well attended which was great.     One thing I will note though is that when I asked about the roles of the various people in the audience, around 95% of them were from technical IT roles.    I get why this would be the case however I worry that this is symptomatic of cyber incidents still being see as an “IT” issue rather than a school wide issue.   When an incident happens, although IT will be the people working hard to resolve it, it will be the whole school which is impacted including in relation to administrative tasks like registration and parental contact, teaching and learning, pastoral and wellbeing support and much more.    Cyber resilience, or cyber security if your prefer that term, needs to be seen as a school wide issue so my thanks and applause go to the small number of school leaders who attended my session, and I hope they found it useful.

My presentation broke down into four main areas, being the current context of schools and cyber security, the need for risk assessment, the need for incident preparation, and the basics which schools need to be doing to limit risk including reducing likelihood and impact of an incident.

In relation to the context it is pretty easy to see the impact and risk in relation to cyber and schools with one school being forced to remain shut at the start of the first week of BETT due to a cyber incident.   The ICO also acknowledged that reported incidents in 2023 had grown 55% over those in 2022.   If putting a cost figure to things, cyber crime world wide is estimated to reach $10.5 trillion dollars this year.   So cyber crime will definitely continue and will continue to hit schools.    One key challenge for schools though is the limited budget available, both financially and staff resource related, to tackle cyber risks and cyber resilience.    This highlights the challenge for schools however I noted a discussion in an industry event where they talked of whether doubling cyber related budgetary spend might half the risk;  The common consensus was probably not.    So, cries for more money, although money would help, would not solve the challenge.

It is therefore about risk management and balance.   Schools can be more secure but in doing so this might impact on flexibility, and therefore on the educational experience of students.    We need to seek to risk assess, identifying our risks, their likelihood and impact, plus the mitigation we could or have put in place, complete with any implications of such mitigation.   Once we know our risks we can plan accordingly in terms of mitigation or incident planning.

My next main point was the need to accept that cyber incidents are a “when” rather than an “if”, and based on this we need to prepare ourselves.    For me this is where desktop exercises are useful, actually working through an example incident with colleagues to identify what needs to be done, by who and when, plus to identify any assumptions which may have been made in terms of how an incident would be responded to.    Now this was one of the exercises from my session however the key value is in conducting such exercises in your own school, with a cross section of your own staff and therefore where the exercise can be tailored to the specific needs and context of the school.    It is all about thinking about the processes in a safe environment of a desktop exercise rather than in the heat of battle in the event of a real life incident.

The last section of my presentation, which may feel a little backwards in relation to having looked at risk management and incident planning first, was that of how we might pragmatically delay an incident occurring or limit its impact.    As I mentioned earlier we don’t have the resources of enterprise organizations so we cant simply throw money or resources at the problem.    For me this therefore means we need to seek to do the basics in terms of cyber resilience.    This refers to forcing MFA, patching as many servers as we can, providing users only with the access they truly need, etc.   It is these basics that will reduce the risk level for our school and college, and hopefully see criminals moving along to the next school or organisation in the hope of an easier target.   And generally the basic steps don’t cost the earth, other than some time to undertake them.

Conclusion

My summation for the session was very much about the need for cyber resilience to be seen as a school wide issue and therefore for it to be discussed at the highest levels including governors/trustees and senior leadership.    They need to have a sense on the risks being faced and guide in relation to seeking to address these risks.   They may not know the technical side however they set the risk appetite and therefore guide the spending of resources, including IT staffing, plus the balance between security and flexibility, which includes flexibility in the classroom.    They should also be central to considering the “what if” scenario and considering how the school might respond to cyber incidents such as data breaches, ransomware, etc.    It is better to prepare than to have to work out what you are going to do while in the midst of a cyber crisis.   And lastly is the basics, we simply need to do these as they are the most cost effective method to delay or limit the impact of a cyber incident.

Cyber crime isn’t going away, so we need to plan and prepare, and not just the IT staff. 

Now if you wish to review my slides or the resources, which included some cyber incident cards for a risk assessment exercise, then you can access them here via Google Drive.

BETT 2025: reflections part 2

Continuing on my reflections of the BETT conference from my previous post, I found sir Stephen Frys discussion with Dr Anne-Marie Imafidon to be quite interesting in the exploring “science reality” and how some things science fiction have come to pass, plus in looking at how Artificial Intelligence (AI) has actually been around for some time.    In terms of science reality, I did a presentation last year where I referenced an episode from Star Trek: The Next Generation, where it appears that captain Piccard is using a device very much like an iPad or other tablet device.     It is notable the episode aired in the 1980’s and focused on events from the 23rd century, when in fact the iPad made its appearance in 2010.   For me this highlights that science fiction sometimes presents us with novel and interesting ideas, that people then seek to make happen.   It also highlights that we are pretty crap at predicting the “when” of things with any real accuracy.

In terms of the longevity of AI, the concept has been discussed since the 1950’s with period of progress and then periods of quiet, with one particular quiet period known as the AI winter.    The reality is that the current progress of AI, as discussed by the sir Stephen and Dr Imafidon, is likely the juncture between increasing computing poor and increasing “oil fields of data”.    I found the point regarding how we “sleepwalked into the internet age” interesting, highlighting we cannot do the same with AI, but did we truly know what the impact of the internet was going to be, so can we truly know what the impact of AI might be?      I also found discuss of how social media focussed on “maximising engagement” to hit the nail of the head especially when this was expanded to include maximising bias, hatred and other negatives.   The term socio-technical skills as something we should possibly seek develop, was a new one on me, but I can see the point.

The discussion then progressed to education and assessment categorising the implications of ChatGPT for cheating as a minor issue brought about by the education system we currently have.    This aligns with some of my views on the need to reform education.    Education is not about tests or coursework, it is about learning.  It isn’t about grades.    I found the comment regarding our current system “testing for ignorance” and then pushing it, to be a particular telling and critical assessment of the world we consider to be education.    In the roundtable on assessment I took part in, that was one of our discussions regarding how coursework and exams are simply scalable for use across different schools, regions and countries, so we use them due to this scalability rather than because they are the best thing for education or for learning, or for our students.   

As the discussion moved back more towards AI there was an interesting discussion on AI development in terms of how we often describe AI as currently being the worst it will be, and that it is constantly improving.  This is fair to a point but sir Stephen referred to the internet as “filling with slop” and “contaminated” and if we assume that AI continues to use the AI in its training data then it too may become contaminated so it maybe possible to suggest that AI might be at its best now and only get worse as it becomes more contaminated by its own “slop”.    And who controls the AI and its development.  It was suggested that the three worst options might be the three groups most likely to lead the way on AI development, being countries, corporations and criminals.   In all three cases I can see the outcomes being far from positive and we can already see the internet being used to political and national ends, for pure commercialisation, consumerisation or profit, or for crime.   

I could likely write a whole series of blogs based on the session by sir Stephen and Dr Imafidon however rather than focussing on that I just want to share how they finished the discussion, on the need to find the “sweet spot”.   The need to find a balance between pessimism and optimism.   Now this aligns very much with my view of balance, in that most good things will have some balancing drawbacks or challenges.   We need to try and find our way and find the best middle group, the “sweet spot”.

The next session I watched before hitting the BETT conference floor was a session titled “Education in the AI era”.   Again I could write a lot about what was said as I found it to be very interesting indeed but am going to avoid doing that.    One key comment mentioned 30% of teachers not using AI;  My sense is this figure is lower than the reality.   The data came from TeacherTapp which I think is great, but I also think that the subset of teachers using TeacherTapp are likely to be those who are a little more tech savvy and therefore likely to use AI, and that a greater proportion of those who don’t use AI will also not be using TeacherTapp.  The bigger and possibly more important question is why some teachers who know of AI aren’t using it;  Is it they don’t know they are using AI, but are, that they don’t have access, lack training, lack confidence or something else?    In terms of access, this session also mentioned access to technology and affordance, which to me links to the concept of digital divides.

I also liked the discussion on banning and blocking AI where they compared it to knives in food tech.   Why would we ban AI in some or all subjects when we know knives can be dangerous, yet don’t ban them?    Now I know that this is a very simplistic and flawed analogy and that it was likely used for effect rather than accuracy, but I think the point is valid;  How often has prohibition of anything ever been beneficial or effective?   It just tends to make people do it more, but do it in secret.

This session finished on the big question, which had also been raised the previous night at the Edufuturists event, in terms of what the purpose of education is?     In terms of what we measure, tests, coursework, grades, are these what truly matters?   And if not, what does matter, and how might we measure it, assuming we need to?

That’s some pretty deep questions to end this post on, but that’s where I found myself and I was still in the morning of day 1 of BETT.   The afternoon would see me getting around the event and doing the networking side of things, which for me is one of the main benefits of BETT, but the sessions from the morning, and some of the other sessions I attended across the conference were also very beneficial in stimulating thoughts and ideas, and in some places in confirming or challenging some of my thinking.    Next BETT post to follow soon……….

BETT 2025: reflections part 1

Last week was the BETT conference and the annual pilgrimage for EdTech peeps the world over, to London.   Its 3 days of tech conference complete with some excellent speakers, trade stands, events and meetings.   For me, this meant three and a half days non-stop with a lot of learning, a lot of sharing and a lot of networking.    As I write this on the train home my social battery is very much depleted but the train ride does provide me an opportunity to reflect, albeit I suspect if I were to stop and relax I would be asleep in seconds.  And I just wish my laptop was working properly, however it seems to be suffering from BETTLag leaving me trying to write this on an iPad but without a keyboard as I opted for the lighter case rather than the heavier one with integral keyboard.  Doh!

So where to start?   I suppose the best place to start is with my usual travel woes.   Am not sure why I seem incapable of a trip out without some sort of issue however this time was no different.   Basically, I arrived at the train station to park my car and get the train to London to find there were no available spaces.    With less than10 minutes until the train this didn’t allow for much searching for an alternative place to park the car leaving me no option but to park it on the road, but outside someone’s house next to the station.    Am hoping they weren’t too annoyed by my parking where I suspect they would normally park however the lack of spaces, and this is despite me having already paid, left me no real choices.    Thankfully after this my journey was reasonably without any further drama except for google maps seeming to indicate I was walking backwards as I navigated from my hotel to the Canva and Edufuturists event on Tuesday night.  

The main thing which struck me from the Edufuturists event was the discussion in relation to culture, and its importance.   This is something I have thought to be true for some time and actually something I presented on when interviewed for the post I now hold.   The required topic for the presentation, from what I can remember, related to developing a technology strategy and culture, however in my presentation I talked at length about strategy, before bringing it back to culture and how culture underpins everything.    A good plan with a weak culture, will remain a good plan but is likely to be poorly implemented, but a poor plan within a strong culture will likely see the plan improved on, driven and developed to positive ends.  Culture eats strategy for breakfast.     I will note that the Edufuturists event felt a little bit strange being in the nice clean professional offices of Canva, whereas my last Edufuturists event, the UpRising event, was held in a slightly different style of venue.   That said, it may also have felt a bit strange as I was to be seen wearing jeans rather than my usual suited and booted look, something that at least one person pointed out to me.   I was however equipped with Irn-Bru as normal, so at least some things never change.

Another thing which struck me in relation to the EduFuturists event was the engagement of those in attendance who all were eager to learn and share, and to do whatever they could to try and drive and support education in its many forms.    My phrase of choice is the David Weinberger quote, “the smartest person in the room is the room”, and in the room with the EduFuturists, I felt we were all that much smarter together, and the collaborative culture made for some really interesting and thought provoking conversations.   These included discussions on the need for continual learning, on personalisation, on accessibility and more.

Wednesday saw the first day of the BETT conference and I loved the phrase David Verry used in referring to AI as a “weapon of mass production”.    The question we then have from that is what such mass production means for us in termly of how it shapes the news, how it shapes our beliefs and identity, what it means for something to be original and much more.   

The Rt Hon Bridget Phillipson, the secretary of state for education was next up and it was nice to hear how she emphasised the “power of tech”.    There has long been great potential available through technology however to date the situation varies significantly across schools in terms of access to technology, support, training and the other prerequisites needed before we get to actually using technology in lessons.    It was therefore nice to hear reference to the need to “close the digital divide” although personally I prefer to refer to “divides” rather than a singular divide given there are so many factors which impact on the disparity in relation to tech in schools.    AI was obviously a fair part of her speech, as it was for many others across BETT this year as AI continues to be the shiny new thing being talked about.    For me here there is a risk that we are speaking so much more about AI that we are not speaking about some other things such as the basic infrastructure, data protection, training and culture.      I also noted a sense that the discussion was very much about AI and teachers, where this is achievable with limited tech in schools, rather than AI with students, and the need for 1:1 devices, where this would require significant investment in devices but also in infrastructure.     She also talked about seeking to address an “absence epidemic” however for me, the key here was when she talked about “belonging”, as this links back potentially to the Edufuturists discussion in relation to culture, and for me is likely something significantly bigger than just the education sector, extending into wider society as a whole.    I wonder if social media, globalisation, increasing migration for work, etc, are meaning that on average people are feeling a lesser sense of belonging than they might have done in the past?    Is the social fibre, the communities of the past, breaking down or at least changing?

Caroline Wright from BESA was up next and her comments regarding the need to focus on the basics, things like infrastructure, training, funding, etc, rather than the “shiniest new thing” struck a cord with me.    I continue to be a big fan of the potential for AI to assist teachers, and for it to help reform education for the better of our students and their future, but I also worry that it is the current shiny thing which everyone is talking about meaning we are speaking less about some of the basics we need if we are to truly see the potential benefits.

I then stayed to listed to Sir Stephen Fry before making my way onto the floor of the main BETT show and beginning my meetings, networking, etc, but for now I will leave that for a future post to be shared shortly.    My step count to this point was reasonably low but it was never going to stay that way.