The growing threat of cyber attacks on Internet-based networks is being turned into an economic opportunity for both New Brunswick and Canada. In May 2016, New Brunswick became the first province to develop a comprehensive strategy on cybersecurity and cyber innovation, developed in partnership with academia, government and industry leaders like IBM.
One of the key pillars of that strategy is the newly launched Canadian Institute of Cybersecurity (CIC). Funded last month with $4.6 million in federal, provincial and university financing, it is helping to make the Univ of New Brunswick (UNB) home to the largest network security research group in the nation.
The institute’s core team consists of 27 researchers, post-doctoral fellows, graduate students and co-op students—the majority of whom came to Canada from all reaches of the world, including the US, Brazil, Malaysia, Bangladesh, India, Mexico, Saudi Arabia and Iran.
The CIC evolved from the university’s Information Security Centre of Excellence, which focused primarily on using machine learning, artificial intelligence and IT to make networks more secure. Allen Dillon, managing director of CyberNB, an agency tasked with supporting the creation of an IT security-related cluster in the province, explains that the new institute is taking both a national and multidisciplinary approach to the problem, one that includes working with partners from across Canada and internationally, and with experts from fields such as law, business, engineering, psychology and sociology, as well as computer science.
Recent and ongoing CIC projects |
|
“We’ve seen this type of approach work in other places,” says Sandy Bird, Chief Technology Officer at IBM Security in Fredericton. “We have a lot of people in Israel, for example, where we’ve seen this kind of partnership between the Ben-Gurion University and IBM and it’s been very successful. We’re sure we can build that here.”
Seeking solutions from all disciplines
Dillon says the key to building a successful cybersecurity cluster—and a safer internet for Canada and other countries—is to create an ecosystem of expertise that spans technology as well as public policy. “That requires a purpose-built plan that aligns your security vision across multiple jurisdictions, and a multidisciplinary approach,” says Dillon. “These threats are not just a science problem. They’re a legal problem, a social problem and a criminology problem. You need experts coming at this from multiple angles.”
IBM is CIC’s first R&D partner; it’s also the largest IT security company in the province. The multinational significantly ramped up its operations there in 2011 with the purchase of Q1 Labs, whose QRadar Security Intelligence Platform was developed in partnership with UNB. That acquisition was a catalyst for IBM to form its security division—now a $2-billion business employing over 8,000 researchers, developers and security experts across 133 countries. Last year IBM announced that it would be adding 250 jobs over the next three years, in addition to the 150 employees already there, to create a hub of IT and security technology expertise in New Brunswick.
“Our location in Fredericton is one of IBM’s major innovation hubs in tackling cybersecurity challenges across the globe,” says Bird, co-founder of Q1 Labs and a UNB graduate. Between 5-7% of IBM’s security group's assets globally are based in the province.
The business case for R&D
CIC’s goal is to become financially self-sufficient within five years through a combination of membership fees and revenue from intellectual property (IP) and training programs. Under its model, academic institutions can join for free (they bring their own research grant money) and three levels of corporate membership are available to industry, public institutions and government departments.
Top tier members, like IBM, pay $100,000 annually to carry out continuous R&D in cybersecurity, working alongside two or three assigned graduate students and post-doctoral fellows. In addition to cash, IBM is providing in-kind contributions such as technical and management resources to provide project oversight and mentorship for students.
“Being able to do more joint research with (CIC) is a key aspect of this partnership,” says Bird.
“Strategic members” pay $30,000 annually in return for about 15 hours each month of hands-on technical support. At $5,000 annually, “supporting members” receive about four hours each month of company-specific advisory and consulting services.
Build it and they will come
[rs_quote credit="Dr. Ali Ghorbani" source="Founding Director, Canadian Institute for Cybersecurity"] In today’s society, we trust highly confidential and private information to systems that are constantly under attack. The Canadian Institute for Cybersecurity is poised to alter the cyberwarfare landscape by propelling research, training and collaboration with governments and industry to new levels. [/rs_quote]
CIC is taking a three-pronged approach to fighting cybercrime: training, R&D and commercialization. Programs are designed for students and working professionals of various skill levels—ranging from one-week boot camps and certificate programs to masters and doctoral degrees.
The institute’s founding director, Dr. Ali Ghorbani, says there will also be a concerted effort to turn technological solutions into commercial products and new companies.
“Don’t ask me how many companies we will be working with,” says Ghorbani, a Canada Research Chair in Cybersecurity at UNB. “Instead, ask me how many companies like Q1 Labs we will build and how much IP we will generate. We’re not waiting and hoping that companies will come here. Build it ourselves and others will come to buy from you.”
For example, Ghorbani’s team developed risk assessment and management tools which IBM is now selling. The group has also spun off a company in the area of online advertising fraud detection. A current research focus is mobile banking malware—a growing concern for financial institutions. Not surprisingly, CIC has begun talks with major banks to bring them on board.
[caption id="attachment_9752" align="aligncenter" width="640"] Dr. Ali Ghorbani, Director, Canadian Institute for Cybersecurity. Credit: Joy Cummings / UNB photo[/caption]
One of the biggest challenges for network and cybersecurity research is access to real-world datasets which researchers need to test and validate their solutions. Few companies or organizations are willing to share their confidential data.
“One of the hardest problems for any research institute working in the area of cybersecurity is finding real data to work with,” says Bird. “But there’s this huge potential for the institute to build that living lab type of experience between the universities and its industry partners.”
Until recently, researchers relied on datasets created in the late 1990s by the U.S. Army. Since 2012, the UNB centre has created seven datasets that have been used by about 1,000 universities, companies and research groups around the world. Says Ghorbani: “That has brought huge international recognition to our centre.”
R$