Monty's Pentesting Notes | Obsidian

    IR523 Prompt

    I am an International Relations and Cyber Security joint major student. I am currently taking the course, IR 523, Cyber security and U.S. national security, taught by Professor Weinstein. An assignment is developing the outline for a National-Level Cybersecurity policy paper. In my case, it will be for Canada. Here are the details I’ve brainstormed. Please write a one-page outline for me. Imagine that you are a well-seasoned head at the Cyber Centre of Canada. When applicable, you should quote and add references. Use the “search the web” feature to ensure that all references you may provide are authentic. Read all of my brainstorming carefully and try to connect them in a sensible order. Use all your tokens and resources while thinking.

    Here are some key details that cannot be missed:
    Policy or Purpose Statement
    A clear declaration of the goals/objectives, significance or rationale.
    Action Items
    Detailed instructions outlining what actions must be taken, by whom, and how.
    Scope and Applicability
    Defines who or what is affected or exempted by the order.
    Legal and Administrative Basis
    Citations of laws, constitutional provisions, or previous executive orders
    Implementation Details
    Timelines, reporting requirements, or funding considerations.

    Develop an outline for a National-Level Cybersecurity Policy Paper. Assume you are working in the National Security Council (or the equivalent for another nation, if you’re an International Student) for the Deputy National Security Advisor for Cyber and Emerging Technology. Your assignment is to provide a recommended cybersecurity strategy for the nation.
    —

    Write an outline for my cyber security policy strategy paper for Canada. In this strategy, I would like to address current and emerging threats, the U.S.A. under Trump administration in particular. I would like to bring up the potential to use Artificial intelligence (LLMs) to conduct a thorough red-teaming penetration testing; not just utilizing AI to generate phishing emails with impeccable grammar and looks very authentic; but actually giving AI the power to interact with the system, to conduct efficient and thorough penetration testing analysis. In successful development of such red-teaming AI, we would use it massively on Canadian businesses, as part of the requirement, charge-free, of course. The most recent document, National cyber threat assessment 2025–2026, accounts all the countires that pose the greatest cyber threat, but failed to forsee the Imperialist ideals of the Trump administration, we need to prepare to face the biggest the strongest cyberspace actor, the U.S.A. Thus, we need to have the Cyber centre of canada to collaborate with the Vector institute and the CIFAR to attract talents, especially a guy who is about to graduate from BU with a keen interest in cyber security, and give him at least 300k per year. He is very talented. We need to keep our edge as a leading force in AI, and combine that with red teaming in particular, to have an extra card in hand for any unforeseen adversaries. Furthermore, we could collaborate and with the EU and the U.K. in addressing and developing AI

    Canadian Centre for Cyber Security (Cyber Centre), part of the CSE

    Purpose statement: renew Canada's cybersecurity policy to address emerging threats and the unpredictable Trump administration.

    Emerging threats: Quantum and AI (AI-powered red-teaming; efficiency and broadness of attacks; it’s a probability game); Biggest threat: The U.S. under trump administration as he antagonizes Canada; we need to anticipate our allies turning against us and invade our cyber space

    International cooperation: cooperates with the EU and the U.K.. Critical infrastructure: run AI-powered red teaming; collaborate with UofT and invest a lot to gain an edge in AI-powered red-teaming. Make the cybersecurity market in Canada thrive.

    Examine what the adversary wants; protect it; the US would want this maybe
    In the energy and mineral sector, crude oil is Canada’s top export, reaching US$143 billion in 2023, with 90 per cent destined for the U.S. Given its critical role as Canada’s largest export across all sectors, it is not surprising that Trump has noted crude oil would subject to a lower tariff of 10 per cent.

    Implementation plan: Canadian Centre for Cyber Security (Head of the Canadian Centre for Cyber Security) and the CIFAR, Vector institute

    National cyber threat assessment 2025–2026

    malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to
    hacktivists

    State adversary focus:
    PRC
    Russia
    Iran
    DPRK
    India

    But it didn’t mention the U.S. now we need to prepare if the Trump administration decides to infiltrate Canada through cyberspace.

    Artificial intelligence are amplifying cyberspace threats
    Phishing-as-a-service from AI chatbots

    Deepfakes, phishing emails
    create and spread AI misinformation

    threat assessment is based
    on information available as of
    September 20, 2024

    commercial services that provide service to both civilian and military customers

    Core-priorities:
    make Canada the leading country in terms of utilizing AI to automate pentesting
    ensure that Canada is ready if our best ally, The U.S., which also is the biggest cyberspace power in the world, decides to infiltrate and sabotage us
    protect Canada’s private sectors by running government-led AI automated pentest; free of charge available to all Canadian businesses
    Defense priority: Canadian-owned businesses, always put Canadians first. Defense against state actors trying to disrupt our network

    References:
    https://theconversation.com/canada-u-s-tariff-war-how-it-will-impact-different-products-and-industries-248824
    https://www.canada.ca/en/communications-security/news/2024/10/canadian-centre-for-cyber-security-releases-national-cyber-threat-assessment-2025-2026.html