In the world of security conferences, RSA is one of the world’s best, and since BlackBerry has always been synonymous with security, the company took the opportunity to make a few announcements. Aside from the already released news of WatchDox’s acquisition, BlackBerry also launched a new initiative that aims to change the way security is conducted nowadays.
The BlackBerry Center for High Assurance Computing Excellence, or CHACE, has as one of its main goals the ideal to change the current ‘fail-then-patch’ security model that exists. With its creation, CHACE extends BlackBerry’s R&D push to continue innovating and improving security online.
One of BlackBerry’s subsidiary’s, Certicom, also announced a new managed public key infrastructure (M-PKI) certificate service that will help device manufacturers and service providers secure their IoT networks and ecosystems.
Check out both press release below!
BlackBerry Advances Security of Mobile and Internet of Things with New High Assurance Initiative
BlackBerry’s Center for High Assurance Computing Excellence unites researchers to target vulnerability prevention
Apr 21, 2015
Waterloo, ON – BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader in mobile communications, today introduced the BlackBerry Center for High Assurance Computing Excellence (CHACE). The initiative expands the Company’s research and development (R&D) efforts to drive worldwide innovation and improvement in computer security.
“As the number of connected devices multiplies, so do the threats to security and privacy,” said Bob Egan, CEO, Sepharim Research Group. “Organizations need to rethink the way they approach security and transition from a reactive posture to one that is proactive and promises the greatest defense against sophisticated cyber attackers.”
The fail-then-patch approach to managing security risk has become a widely accepted practice, even as consumers and enterprises face mounting threats from cyber attackers. CHACE aims to reverse the current paradigm with the development of tools and techniques that deliver a far higher level of security protection than currently available.
BlackBerry has a long history in high assurance techniques, including rigorous automated testing, deep vulnerability and failure analysis, and formal methods to prove safety and security properties. These competencies have enabled the Company’s solutions to achieve a wide range of quality, safety, and security certifications, including:
- Approval of smartphone and Mobile Device Management (MDM) platform for use on U.S. Department of Defense classified networks
- Certification for use in vehicle systems that comply with ISO 26262, up to Automotive Safety Integrity Level D, the highest level achievable
- Compliance to IEC 62304 medical software standard and approval in life-critical medical devices
CHACE will extend BlackBerry’s state-of-the-art competencies in vulnerability prevention and enable the application of high assurance security research to real-world products and services.
“There’s a belief that the key to the world’s security issues is to patch faster, but this hamster wheel fails to address the root issue,” said David Kleidermacher, Chief Security Officer, BlackBerry. “Systems that require regular patching always contain vulnerabilities unknown to developers, and some of these vulnerabilities are in fact known by would-be attackers. It’s clear we must build systems that are provably devoid of security flaws. The software and security engineering required to meet this objective is sadly rare today and must become commonplace. CHACE is BlackBerry’s initiative towards this goal, and we welcome all who wish to join the fight.”
Key collaborators with CHACE include academic institutions as well as industry groups that share BlackBerry’s commitment to high assurance practices. For example, CHACE will collaborate with the healthcare community to address security and privacy concerns for next-generation wireless medical devices and applications.
A number of leading organizations have already expressed support for CHACE.
“Next-generation mHealth systems and Internet of Things devices, such as the artificial pancreas for people with diabetes, can dramatically improve quality of life. However, these wireless devices are inhibited from realizing their full potential by an insufficient assurance of security and privacy afforded by current commercial development practices,” said David Klonoff, M.D., President, Diabetes Technology Society and Clinical Professor of Medicine, University of California, San Francisco. “BlackBerry is assisting Diabetes Technology Society to foster the high assurance security processes and standards needed to turn promise into reality for patients with diabetes and other diseases.”
“Cybersecurity education and applied research is a priority at Cal Poly,” said Debra Larson, Ph.D., Dean, College of Engineering, Cal Poly San Luis Obispo. “The school’s new Cybersecurity Center reflects our goal to be at the forefront of preparing the next generation of engineers to ensure the safety of cyberspace in our technologically interconnected world – as well as enhance the user experience of navigating that world. BlackBerry’s Center for High Assurance Computing Excellence is creating exciting new opportunities for university and industry collaborations on this new frontier of innovation, economic activity and security.”
“Given the challenges we face in a modern society that increasingly relies on computing, I believe that establishing a research center focusing on high assurance software is timely and visionary,” said Tevfik Bultan, Professor, Department of Computer Science and Director, Computing Verification Lab (VLab), University of California, Santa Barbara. “I strongly support BlackBerry’s Center for High Assurance Computing Excellence.”
“I commend BlackBerry for its CHACE initiative, which gives participants the opportunity to collaborate on solutions that attack critical security challenges,” said Daniel Kroening, Professor of Computer Science, University of Oxford.
“BlackBerry and the University of Waterloo enjoy a strong partnership that has served as the foundation for groundbreaking research,” said Dave Dietz, Director, Engineering Research, University of Waterloo. “The BlackBerry Center for High Assurance Computing Excellence will be another avenue for us to collaborate on projects critical to secure computing and introduce new technologies to the world.”
A global leader in mobile communications, BlackBerry® revolutionized the mobile industry when it was introduced in 1999. Today, BlackBerry aims to inspire the success of our millions of customers around the world by continuously pushing the boundaries of mobile experiences. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Middle East and Africa, Asia Pacific and Latin America. The Company trades under the ticker symbols “BB” on the Toronto Stock Exchange and “BBRY” on the NASDAQ. For more information, visit www.BlackBerry.com.
Certicom Launches Managed Certificate Service to Secure Sensor Networks and IoT Applications
Elliptic Curve Cryptography offers high-end, low-cost protection for millions of smart connected devices
Apr 21, 2015
Waterloo, ON — Certicom Corp., a subsidiary of BlackBerry Limited (NASDAQ: BBRY; TSX: BB), today announced a new managed public key infrastructure certificate service for connected devices, unleashing the performance of its renowned security technology for a broad range of Internet of Things (IoT) applications. This cost-effective service will help device manufacturers and service providers secure their IoT networks and ecosystems, ensuring that the devices they connect are known and trusted. The service puts security certificates under Certicom’s management, meaning customers can focus more on their core business and less on security infrastructure and management.
On the week of April 13, Certicom began issuing certificates for the smart meter initiative in the United Kingdom, a market with over 104 million smart meters and home energy management devices that conform to ZigBee® Smart Energy specifications. Certicom designed this new managed PKI certificate service to scale up to hundreds of millions of connected devices. Since 2008, Certicom has issued nearly 60 million ZigBee device certificates to secure smart meters and energy management devices worldwide. Members of the ZigBee Alliance use the certificates to enroll devices into a network and protect sensitive data with powerful, efficient Elliptic Curve Cryptography (ECC) from Certicom.
“Certicom’s application security framework implements strong device identity and supports role- and policy-based access control, allowing alliance members to provide customers with an enterprise-grade secure sensor network,” said Ryan Maley, Director of Strategic Marketing, ZigBee Alliance. “This announcement further demonstrates Certicom’s leadership in Internet of Things security and enables highly secure ZigBee devices for every home and small business in Great Britain.”
“Strong cryptography and entity authentication are the foundation of IoT security,” said Jim Alfred, Vice President, BlackBerry Technology Solutions, Certicom. “When you manage remote devices, you need to know that you can trust the devices and that your communications network is secured. Certicom device certificates can provide that assurance. Offering innovations in device security is part of BlackBerry’s ongoing mission to be a leading provider of device and application management solutions.”
The Certicom managed PKI certificate service is available to device manufacturers and service providers, whether on the BlackBerry® IoT Platform or as part of another connected device ecosystem or private network, with options for Elliptic Curve, hybrid, or legacy RSA-based device certificates.
Visit Certicom online to learn more about ZigBee Smart Energy device certificates and how to access Certicom security technology.
Certicom, a subsidiary of BlackBerry Limited, manages and protects the value of content, applications, and devices with government-approved security. Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the global leader in ECC, Certicom has licensed its security offerings to hundreds of multinational technology companies, including IBM, General Dynamics, and SAP. Founded in 1985, Certicom’s corporate office is located in Mississauga, Ontario, Canada with worldwide sales offices in the USA, Europe, and Asia. Visit www.certicom.com
A global leader in mobile communications, BlackBerry® revolutionized the mobile industry when it was introduced in 1999. Today, BlackBerry aims to inspire the success of our millions of customers around the world by continuously pushing the boundaries of mobile experiences. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Middle East and Africa, Asia Pacific and Latin America. The Company trades under the ticker symbols “BB” on the Toronto Stock Exchange and “BBRY” on the NASDAQ. For more information, visit www.blackberry.com.
ZigBee offers the only open, global wireless standard enabling everyday simple and smart objects to work together and help you control your world. ZigBee is the leading standard for monitoring and control used in consumer, commercial, and industrial markets around the world. The Alliance is an open, non-profit ecosystem of approximately 400 organizations developing and promoting standards defining the Internet of Things for use in homes and businesses. For more information, visit www.ZigBee.org.