Thank you, Mr. Chair.
On behalf of BlackBerry, I'm delighted to speak with committee members today.
For over 35 years, BlackBerry has invented and built trusted security solutions to help keep people, governments and communities safe and secure. Today, we are a global leader in cybersecurity software and services. We protect more than 500 million systems worldwide. Our customers include all G7 governments, NATO, 45 of the Fortune 100 companies and nine of the top 10 banks, just to name a few.
Given that every aspect of our lives is intertwined with the cyberspace, we must act proactively to decrease our cyber-risks in Canada. This can be done by adopting technologies and approaches that have proven to prevent cyber-attacks.
Required, however, is a fundamental shift in our approach from the current reactive model to a proactive stance, and from a focus on incident response to a prevention-first approach to cybersecurity. At an operational level, that means, first, ensuring that we are equipped with the most advanced AI-driven cybersecurity solutions that can prevent malware before it executes. Second, that means clarity in roles when it comes to cyber-preparedness and response. Third, it means enhancing public-private collaboration to boost our collective cyber-defence.
When it comes to technology, the majority of today's cybersecurity solutions operate on the model of knowns. These are known malware, known attack techniques and known attackers. These knowns are based on a collection of malware samples and indicators of compromise. Once these knowns are gathered, they are triaged, examined and published into cloud repositories, and only after that are systems updated, tested and tuned to defend against these known threats.
This reactive model forces us to deal with the after-effects of a cyber-attack. We need to shift our focus from this incident response to incident prevention.
At BlackBerry, we know this can be done, because in the last 90 days, we stopped more than 1.5 million malware-based cyber-attacks, including more than 200,000 new malware samples, before they had a chance to execute. We did this by leveraging advanced AI and machine learning to continuously uncover and prevent attacks, including ones that had never been seen before. Without prevention-first, advanced AI-driven cyber-solutions like these, Canada is constantly in reactive mode.
Proactive defence also requires clear role definition and a unity of effort. Today, cyber-responsibilities in the federal government are distributed across at least 12 departments and agencies. Multiple ministers have cyber-responsibilities, yet it is unclear who leads and who is responsible for ensuring coherence and a unity of effort.
When cybersecurity doesn't have a dedicated person pushing and fighting for the issue, it sits in the middle of everyone's priority list.
Australia and the U.S. tackled this issue head-on by appointing a cyber minister. In the case of the U.S., it was a presidentially nominated and congressionally confirmed national cyber director. Canada should consider establishing a cabinet or other senior position responsible for ensuring government-wide coherence and action on cybersecurity.
Finally, improving public-private collaboration on cybersecurity should be a priority. Companies like BlackBerry have unique insights and expertise to defend against adversaries, while federal agencies have the means and authorities to act. We should foster proactive collaboration between government and the private sector at the operational level. This would help close gaps in our situation awareness, foster incident response playbooks that are aligned and help create a culture of proactive collaboration at scale.
BlackBerry stands ready to work with the committee to strengthen Canada's cyber-resilience. I thank you for this opportunity today.