BlackBerry hat Pläne vorgestellt, die die Sicherheit von Netzwerken und Geräten weiter steigern soll. Mit dem BlackBerry Center for High Assurance Computing Excellence (CHACE) sollen neue Ansätze entwickelt werden, um Unternehmen vor den Konsequenzen von Hackerangriffen zu schützen. Zusammen mit verschiedenen Hochschulen und einigen Industriegruppen, soll ein Sicherheitssystem entstehen, jedoch nicht nach der gängigen Praxis: Erst Fehler, dann Patch.
David Kleidermacher, seit Februar 2015 Chief Security Officer und Leiter der Abteilung Global Product Security:
Es gibt Leute, die glauben, dass der Schlüssel für eine sichere IT-Welt darin liegt, schneller zu Patchen, aber mit diesem Hamster-Rad kann man die eigentliche Ursache nicht beheben.
Systeme, die regelmäßiges Patching brauchen, enthalten immer Verwundbarkeiten, die zwar die Entwickler nicht kennen, die den Hackern aber durchaus bekannt sind. Daher ist klar, dass wir Systeme bauen müssen, die möglichst frei von Sicherheitsfehlern sind.
Die heutige Software und die Sicherheitstechnik hat leider selten dieses Ziel. Es muss aber zum Allgemeinziel werden. CHACE ist BlackBerry´s Initiative mit genau diesem Ziel und wir begrüßen alle, die sich dem Kampf anschließen wollen.
Waterloo, ON – BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader in mobile communications, today introduced the BlackBerry Center for High Assurance Computing Excellence (CHACE). The initiative expands the Company’s research and development (R&D) efforts to drive worldwide innovation and improvement in computer security.
“As the number of connected devices multiplies, so do the threats to security and privacy,” said Bob Egan, CEO, Sepharim Research Group. “Organizations need to rethink the way they approach security and transition from a reactive posture to one that is proactive and promises the greatest defense against sophisticated cyber attackers.”
The fail-then-patch approach to managing security risk has become a widely accepted practice, even as consumers and enterprises face mounting threats from cyber attackers. CHACE aims to reverse the current paradigm with the development of tools and techniques that deliver a far higher level of security protection than currently available.
BlackBerry has a long history in high assurance techniques, including rigorous automated testing, deep vulnerability and failure analysis, and formal methods to prove safety and security properties. These competencies have enabled the Company’s solutions to achieve a wide range of quality, safety, and security certifications, including:
- Approval of smartphone and Mobile Device Management (MDM) platform for use on U.S. Department of Defense classified networks
- Certification for use in vehicle systems that comply with ISO 26262, up to Automotive Safety Integrity Level D, the highest level achievable
- Compliance to IEC 62304 medical software standard and approval in life-critical medical devices
CHACE will extend BlackBerry’s state-of-the-art competencies in vulnerability prevention and enable the application of high assurance security research to real-world products and services.
“There’s a belief that the key to the world’s security issues is to patch faster, but this hamster wheel fails to address the root issue,” said David Kleidermacher, Chief Security Officer, BlackBerry. “Systems that require regular patching always contain vulnerabilities unknown to developers, and some of these vulnerabilities are in fact known by would-be attackers. It’s clear we must build systems that are provably devoid of security flaws. The software and security engineering required to meet this objective is sadly rare today and must become commonplace. CHACE is BlackBerry’s initiative towards this goal, and we welcome all who wish to join the fight.”
Key collaborators with CHACE include academic institutions as well as industry groups that share BlackBerry’s commitment to high assurance practices. For example, CHACE will collaborate with the healthcare community to address security and privacy concerns for next-generation wireless medical devices and applications.
A number of leading organizations have already expressed support for CHACE.
“Next-generation mHealth systems and Internet of Things devices, such as the artificial pancreas for people with diabetes, can dramatically improve quality of life. However, these wireless devices are inhibited from realizing their full potential by an insufficient assurance of security and privacy afforded by current commercial development practices,” said David Klonoff, M.D., President, Diabetes Technology Society and Clinical Professor of Medicine, University of California, San Francisco. “BlackBerry is assisting Diabetes Technology Society to foster the high assurance security processes and standards needed to turn promise into reality for patients with diabetes and other diseases.”
“Cybersecurity education and applied research is a priority at Cal Poly,” said Debra Larson, Ph.D., Dean, College of Engineering, Cal Poly San Luis Obispo. “The school’s new Cybersecurity Center reflects our goal to be at the forefront of preparing the next generation of engineers to ensure the safety of cyberspace in our technologically interconnected world – as well as enhance the user experience of navigating that world. BlackBerry’s Center for High Assurance Computing Excellence is creating exciting new opportunities for university and industry collaborations on this new frontier of innovation, economic activity and security.”
“Given the challenges we face in a modern society that increasingly relies on computing, I believe that establishing a research center focusing on high assurance software is timely and visionary,” said Tevfik Bultan, Professor, Department of Computer Science and Director, Computing Verification Lab (VLab), University of California, Santa Barbara. “I strongly support BlackBerry’s Center for High Assurance Computing Excellence.”
“I commend BlackBerry for its CHACE initiative, which gives participants the opportunity to collaborate on solutions that attack critical security challenges,” said Daniel Kroening, Professor of Computer Science, University of Oxford.
“BlackBerry and the University of Waterloo enjoy a strong partnership that has served as the foundation for groundbreaking research,” said Dave Dietz, Director, Engineering Research, University of Waterloo. “The BlackBerry Center for High Assurance Computing Excellence will be another avenue for us to collaborate on projects critical to secure computing and introduce new technologies to the world.”
Organizations interested in joining CHACE can sign up for more information at www.BlackBerry.com/CHACE. To learn more about BlackBerry security, visit www.BlackBerry.com/Security.
About BlackBerry
A global leader in mobile communications, BlackBerry® revolutionized the mobile industry when it was introduced in 1999. Today, BlackBerry aims to inspire the success of our millions of customers around the world by continuously pushing the boundaries of mobile experiences. Founded in 1984 and based in Waterloo, Ontario, BlackBerry operates offices in North America, Europe, Middle East and Africa, Asia Pacific and Latin America. The Company trades under the ticker symbols “BB” on the Toronto Stock Exchange and “BBRY” on the NASDAQ. For more information, visit www.BlackBerry.com.