BlackBerry partners with Girl Guides of Canada announcing 'Digital Defenders' program, along with first public demo of CylancePROTECT's mobile security at World Tour 2019.
On November 7, at their World Tour event in Toronto, BlackBerry announced a partnership with Girl Guides of Canada, and officially launched their ‘Digital Defenders‘ program. The program aims to generate interest in cybersecurity for its GGC’s members through “play and discovery-based learning”.
The program recruits from ages 5-17 and is segmented into several branches of the GGC including, ‘Sparks’ (ages 5-6), ‘Rangers’ (ages 17-18) and all the branches in between; all of whom will get to learn about malware, encryption, and various aspects of cybersecurity. The older Rangers will also mentor the younger Sparks, while the program itself helps to create ‘digital citizens’ in understanding online threats and how to navigate around them.
Meghan McClurg and Olivia Tietz, two Rangers with Girl Guides of Canada, were in attendance for the launch. Alongside BlackBerry, they are in part helping lead and pave the way for women to enter the STEM fields by focusing on getting fellow members interested in cybersecurity at an early age. Looking to bring gender inclusivity into the STEM fields, these Rangers are also mentors for younger guides in their program, a program that not only introduces girls to the world of cybersecurity, but in essence will broaden their understanding of computers, terminology and technological know-how.
According to the program’s ‘objective’ and ‘outcomes’, the girls will learn how to defend their data, understand how computers work and how to keep them safe. At its rudimentary level, Sparks are provided a checklist informing them when to cover their ‘webcam in case of spyware’; to ‘ask before downloading apps or buying things in games’; and to ‘only share pictures or videos’ with permission, among many other items on the list. The checklist even suggests that they periodically update their antivirus software—something that adults rarely remember to do themselves. Through puzzles and activities (e.g. Bug Hunter, Malware Macramé and “Keep” It Safe), the program is comprehensive, but also fun and engaging.
Former Girl Guide and current VP of BlackBerry’s Advanced Technology Development Labs, Sarah Tatsis, sees a great need to teach girls to protect themselves and their devices when connected online, particularly in today’s climate of digital uncertainty. The hope here is to help girls cultivate their skill sets, increase their digital literacy, while bringing into purview the possibility of future employment in cybersecurity.
Vocational aspirations aside, it’s advantageous to create good, long-lasting habits and it’s best to start early. The key, Tatsis feels, in establishing longterm interest, isn’t just providing the knowledge, it’s about mentoring and the need for mentors to be present. Tatsis also points out that in the coming years, it’s estimated that over 3 million jobs in cybersecurity will be unfilled worldwide; and in Canada, many companies currently hold open unfilled positions for cybersecurity professionals.
CEO of Girl Guides of Canada, Jill Zelmanovits, also echoed the significant talent shortage in the cybersecurity space, and that the program and partnership with BlackBerry is somewhat borne out of necessity. More importantly, these are jobs that Zelmanovits says girls want to pursue. “Somehow there’s this gap between what they’re saying they want and where they end up,” said Zelmanovits.
According to Zelmanovits, “1 in 4 girls don’t see a role model in the jobs of their dreams” and then went on to explain that girls in their early teens will experience gender bias and discrimination, and that it’s important to provide them an opportunity “to be a leader” and that the Digital Defenders program offers “a menu of options”, while also adding that “girl-only environments” nurture aspects of openness that would otherwise not be available to them.
For BlackBerry, this partnership with Girl Guides of Canada is a way to encourage and empower the next generation to be fearless but also prudent when navigating the digital world, and in doing so, they hope to foster an entire gender—significantly underrepresented—to help fill the current dearth of talent in cybersecurity.
"If you can't see it, you can't be it."
Zelmanovits explains that girls, some as young as five in the program, vocalize their concerns to the effect of, “I should probably not use my birthday or full name for passwords”. Many of the activities are intended to increase GGC members’ technical knowledge, but they also spur discussion amongst members as a precursor towards mapping their preferred skills to possible jobs in cybersecurity.
Girls who pass the program earn a Digital Defenders crest that they can wear as a badge of knowledge (and honour). The program’s impact can reach as many as 70,000 of their members Canada-wide. If you’re looking to register your daughter and enable the next generation of digital citizens, visit GGC’s website here.
BlackBerry, CylancePROTECT and AI
After listening to speakers talk about computer viruses, malware and nation state’s attempting to hack large corporations, it becomes clear that many of tomorrow’s battlefronts will take place in cyberspace. It’s a tomorrow filled with potential disasters and nightmarish scenarios, where cars are remotely commandeered or where ovens are turned on in the middle of the night from an unknowable source.
From the stage, BlackBerry’s evangelist Brian Robison, offered a more recent account of a cybersecurity violation: in one case, a major Canadian company made claims that there were numerous password attacks on their corporate servers from a nation state (undisclosed); upwards of 400,000 password attacks per minute. Password hacks, Robison said, are the most common cybersecurity attacks.
Shielding one’s devices from cyberattacks is a task most aren’t willing to undertake as it’s incredibly challenging and an endless struggle—but somebody, or some thing has to do it. BlackBerry revealed and demonstrated for the first time a feature of CylancePROTECT that secures mobile phones from cyber attacks. CylancePROTECT is unique from other AV solutions in combating malicious attacks, and historically has been at the vanguard of detecting and analyzing potential invaders well in advance by using AI and machine learning. In 2017, the spread of the ransomeware cryptoworm known as WannaCry, was anticipated by Cylance two years in advance and was stopped, preventing damage to Cylance’s 4000-plus customers. In general, CylancePROTECT prevents access and can prevent malware from executing, and has been said to surpass existing anti-viral systems in terms of performance.
One feature of CylancePROTECT on mobile devices was demonstrated and illustrated onscreen. It showed the software using microscopic data points and biometrics to determine the user/owner of the device. If, for example, someone other than the user picks up a phone that was left unlocked, the AI will recognize any difference within seconds, sensing even the slightest variation in movements distinct from the original user. It then prevents others from using the device by shutting it down.
It’s unknown if this application will ever be made available to the average consumer and not just to enterprise subscribers, but it isn’t hard to imagine that a public, more privacy conscious by the day, would be interested in such a product.
Is it too late to say that cyberattacks are the “new normal”? Viruses, malware and ransomware aren’t new, but the degree to which these have permeated the digital sphere is currently nearing incalculable proportions. However, leave it to the talented team at BlackBerry to attempt and describe what these numbers might look like and their nature in the IoT—an often murky subject.
The Galactic Vastness of the IoT: From Tea Kettles to Vending Machines, Every Connected Device (and loosely-connected device) Holds The Potential For Cyberattacks
Comparisons with the human anatomy and pathology are tempting and impossibly unavoidable when analyzing and writing about the world of connected devices and cybersecurity: both systems are complex, are attacked and protected, made immune or infected, and sometimes similar terminology can be used to describe their inner and outer workings. While AI may produce an antidote or act like a refined immune system, viruses look to infect and digitally circumvent through any opportunistic node in the IoT. It is something that James Kulikowski researches, informs and grapples to understand as Senior Cyber Security Consultant.
As he took to the stage, Kulikowski reminded the crowd that people have anywhere between 3-5 devices that connect to the Internet (some estimates are higher, particularly in the west), while overall device totals exceed 50 billion worldwide.
So, can BlackBerry and CylancePROTECT provide necessary “digital vaccines” for the 50 plus billion devices in the world? It’s difficult to conclude since the takeaway from the talk was that there are more questions than answers when it comes to the IoT. The figure is staggering, but it sounds more insurmountable when hearing that approximately 5 million new devices connect each day around the world—all potential new nodes of entry for hackers to exploit.
In addition, there are unnoticed rogue assets at companies, as Kulikowski pointed out, that allow for potential unanticipated attacks. Citing a real-life example, Kulikowski told the audience of a time when a worker, at an undisclosed company, decided to include an additional router at work so as to allow for the playing of Minecraft. This is just a single example of when a node is created unknowingly in which systems and companies can be exploited.
Even modern vending machines have the capacity to notify third party vendors about parts that need replacement or servicing, or when the machine has run out of itemized inventory. In other words, it’s a fully connected device, that most would never consider technologically complex or susceptible of being hacked.
But the most interesting and encapsulating story that summarized the future security concerns of the IoT, was when Kulikowski described the ability for one to gain sensitive information through a tea kettle. (It’s a story that begs to coin a metric as the ‘tea kettle threshold’—to describe what little is needed to infiltrate a device/network and thus what it demands of cybersecurity professionals). Kulikowski went on to explain that this specific tea kettle attack was unique in that one does not have to connect to the owner’s network “to view what traffic is going on”; which also prevents any “forensic signs” of the hack.
The kettle was made accessible as it lacked any password authentication or log-in of any kind. The points of entry were through two wireless access points in the device: ‘client mode’ and ‘access point mode’. As Kulikowski explained, in the access point mode, one is able to connect and set a configuration for the client mode to tell it what wireless AP to connect to; and it would store a WPA or WPA2 in a text file on the device. Once one gains influence through the command line or root access, they are then able “to talk to it” says Kulikowski, and consequently gain credentials for the wireless network to which it is connected. Using a program like Wireshark one can “sniff traffic promiscuously” pass data for authentication and then “decrypt it in realtime without actually having to connect to a network.”
A lot to sink in.
Like the vagueness of the IoT, cybersecurity experts still know less than what they’ll need to know very, very soon. AI will be an indispensable tool in engaging with serious cybersecurity strategies, as devices and their vulnerabilities become infinite in scope. BlackBerry Cylance will be at the forefront, and it appears that BlackBerry’s acquisition of Cylance was a master stroke for the company, as together they will pioneer new technologies to combat tomorrow’s threats today.