Major business opportunities are on the horizon for organizations interested in securing the internet of things for customers, and BlackBerry Ltd. is actively looking to benefit from the boom. While he’s unsure how much more people are willing to pay for secure IoT devices, BlackBerry CEO John Chen said he’s confident the firm’s latest move to apply the company’s trusted security software, currently found in smartphones and vehicles, to a broader range of IoT devices, is going to pay off.
“It’s going to get worse for a lot of people before it gets better,” Chen told ITWC during a breakfast session with reporters at CES 2019, alluding to the gaps in security when it comes to IoT devices. A recent survey commissioned by the company said approximately 80 per cent of consumers in the U.S., U.K. and Canada don’t trust their current internet-connected devices to secure their data and privacy. “But people will eventually demand [secure IoT] solutions.”
— Alex Coop (@ItsJustAlexCoop) January 9, 2019
Last week BlackBerry announced an expansion to its BlackBerry Secure technology and licensing strategy. The company unveiled three new BlackBerry Secure feature packs that IoT device manufacturers can use, removing the need for manufacturers to develop the technology and cyber security expertise themselves. BlackBerry said to ensure the products are developed to their standards, the team’s cyber security experts review each device before it’s given the final stamp of approval. OEMs now have access to the following three feature packs:
- BlackBerry Secure Enablement Feature Pack: The enablement pack offers secure manufacturing and product lifecycle management features. Specifically, BlackBerry will provide a manufacturing station that provides a hardware Root of Trust and is connected to the company’s Network Operation Center that is monitored 24/7 for uptime and reliability. During manufacturing, a BlackBerry Secure Identity Service Key is injected into the hardware and recorded on a secure server. Both at launch and periodically throughout the product’s lifecycle, checks are performed to verify that the two keys match. If they do not, the device no longer boots.
- BlackBerry Secure Foundations Feature Pack: In addition to hardening the operating system kernel, the Foundations Pack locks down software being executed with Secure Boot and ARM Trustzone technology to securely generate, use and store encryption keys used for various software operations. It also includes the BlackBerry Integrity Detection (BID) service which various components (kernel, Pathtrust, SELinux, etc) across the software stack, and generates real-time ‘health’ reports that can be accessed by users and trusted third-party applications.
- BlackBerry Secure Enterprise Feature Pack: The Enterprise Pack is ideal for devices that will be used in regulated or restricted environments as it enables deeper management and control beyond what is standard in Android Enterprise. Through extended device management policies deployed on the device, enterprises can protect their data by controlling what can be accessed via device debug interfaces, communication protocols (Bluetooth, NFC), and radios (cellular, WIFI, GPS). It is also able to set policies which add baseline security for certifications such as FIPS.
“2019 will be the year consumers will begin to vote with their wallets and seek out products that promise a higher level of security and data privacy,” said Alex Thurber, senior vice-president and general manager of mobility solutions at BlackBerry.
Mark Sangster, chief security strategist at eSentire, agrees. “I commend BlackBerry for the work they’re doing in driving security in the IoT space forward,” he told ITWC. “Based on their pedigree, there’s a strong harmony there and they can definitely build on that experience in this space.”
He notes the feature packs will likely have a profound impact on the industrial IoT space, where a lot of the front-facing parts of a factory, for example, are directly tied to the data centre. BlackBerry’s IoT announcement focuses on the business market, meaning other vendors should be stepping up to the plate to cover the rest of the market, said Sangster, adding the government should also take a hard look at the IoT space and develop a set of standards that emphasize built-in security because of the technology’s rapid insertion into everyday life.
“People need to be aware of the security issues,” he stressed. “Unfortunately, as technology sprawls we get excited about the new gizmos and the benefits that it brings to us. But we don’t necessarily think about the risks. And frankly, it’s the same in business. We see a push where the business element is looking for a competitive edge… so then you have the IT and security departments take on this challenge of not only deploying the technology and delivering that competitive edge, but making sure it’s secure and safe to use.”
According to a 2018 report that surveyed more than 1,250 senior executives, management and security practitioners across the U.S., U.K. and Canada, only 30 per cent of them are confident their business will avoid a major security event in the coming two years. Sixty per cent believe an attack will hit in the next few years. AI and IoT are overtaking cloud as the biggest emerging technology risk. The overall risk posed by cloud over the next three years is expected to drop from 70 to nearly 50 per cent, while risks posed by AI will double and IoT concerns will go up by 30 per cent.
“Fortunately, line of sight from the IT team to the board is improving, which often makes it easier to articulate security risks, obtain the required resources to mitigate those risks, and ultimately, better protect the business,” said Sangster. “The most mature organizations are doing this by moving beyond device-and alert-focused approaches that often focused on tit-for-tat prevention technology and toward threat-based approaches that are both proactive and predictive.”
Chen also said the rise of 5G will have a profound impact on BlackBerry’s work in the autonomous vehicle market. BlackBerry announced the QNX platform for digital cockpits at CES 2019, meaning automakers can offer a reliable and secure QNX-based digital instrument and infotainment system that provides access to the latest Android-based applications such as Google Maps and Google Play from a single engine control unit