BlackBerry’s Jeff Davis: ‘Hands off 5.9GHz!’
First publishedin ITS International
As a US Marine, BlackBerry’s Jeff Davis saw the world’s trouble spots. But much of his attention is now focused on what he sees as the ITS sector’s biggest issue: cybersecurity. Adam Hill finds out more
"Oh, I often feel I’m the dumbest guy in the room,” laughs Jeff Davis, senior director, connected transportation, at BlackBerry. It’s hard to credit this. Davis has a range of experience that sets him apart from most people in the ITS sector.
He was in the US Marine Corps, with seven tours of duty, including in Iraq, Kosovo and Djibouti among other foreign trouble spots. For six years of his service he worked on R&D and strategic concepts projects. After leaving the Marines, he spent several years working with government contractors and on security projects with the US Department of Defense.
Among the main advantages of this, he thinks, was that the military gave him exposure at an early stage of his career to ‘concepts and futures’ scenarios. The money involved, and the public awareness – and perhaps scrutiny – his project development work attracted meant that he was working at a scale which he was unlikely to have found so soon in the private sector. “That’s something you get at probably a more junior level,” he says of his time in the Marines.
A more interesting question than what he brings to ITS – Davis suggests - is what made him stay in ITS. That has a lot to do with the military background too, he says. “Being in the military is not something you do to become rich,” he says. Instead, soldiers tend to have a passion for their work. “Moving into the private sector and consulting, it was hard to find that passion,” he explains. “In ITS, these are people who have passion, they have a mission, whether it is saving lives, improving the environment, making a better world. That stretches across every sector I’ve seen in transportation.” In the automotive industry, for example, he says people might join a company because they love cars - and then become safety officers because they want to make safer cars. It’s the same with engineers, Davis goes on. “They care about the roads they are building and technology that can save lives.”
The money around transportation runs into trillions of dollars, and is comparable in that sense to a number of other industries, such as oil and gas. But the discussions you hear around tables in ITS are different, he thinks: “The arguments are not about how much money they can make but how many lives they can save. That’s the common thread that brings it all together. ITS was the first thing I fell in love with since I left the Marine Corps. I found a passion.”
That was not, he admits, something he expected. He remains effusive in his praise of colleagues in the ITS industry. “I was amazed at the people I met,” Davis insists. In ITS America, where he was senior vice president, and in other organisations he has come across, such as Ertico – ITS Europe, people are “amazingly well educated, dedicated and incredibly well read”. Does that mean Davis sometimes found himself in meetings, thinking ‘I’ll just sit quietly’? He laughs: “I have found myself preparing to a level that I have never prepared for anything before.”
Jaguar Land Rover is among a number of manufacturers to have close links with BlackBerry
That preparation is evident. Asked to name the most pressing challenge facing the ITS industry, he is unequivocal: cybersecurity. On the one hand, you might expect him to say that – BlackBerry, after all, is a leading player in the cybersecurity field: the company’s QNX technology is embedded in more than 150 million vehicles on the road today and is used by manufacturers including Audi, BMW, Ford, GM, Honda, Jaguar Land Rover, Mercedes-Benz, Porsche, Toyota and Volkswagen.
But in nearly an hour’s conversation on the phone, Davis barely mentions the company, talking instead in general terms about the threats as he sees them, with – that word again – passion: “It’s the biggest challenge we face moving forward.” The ITS sector has been good at confronting the issue, he thinks: “We haven’t run away from it. But most cities and states don’t have the funding and automobile manufacturers are facing a very hard challenge – a very consistent challenge.” That is why he thinks that “one of the things that’s wonderful” is that Detroit and Silicon Valley have come to understand that they need one another. “Silicon Valley has figured out that it’s really hard to build a car,” he says. “We’ve gotten past the point where we’re boasting about who is the most important.”
This is particularly useful, since the stakes are high. “We’re not building a smartphone where, if it breaks down, we get a blue screen and it’s a little inconvenient,” he points out: it’s about safety and, ultimately, saving lives.
Cybersecurity presents a challenge which requires a special mindset. “We’re a very engineering-focused industry,” he says. “In ITS we see a problem, analyse it, ideate through it, find solutions. Cybersecurity isn’t like that: it’s not a problem that is solvable, per se.” The challenge is human as much as technical: if you create a piece of secure technology, someone is going to try to break into it: “It’s not engineering, a challenge in physics – you’re trying to continuously battle with another brain.” It’s appropriate, in that context, that law enforcement and intelligence agencies around the world therefore see it as warfare: “It quickly goes from something that’s local within their industry to a national security issue.”
If potential payoffs from hacking are significant, the bar is inevitably raised and more people are likely to think of hacking as a profitable activity. “If you have an easy-to-hack system, someone with very little understanding of technology, but a great understanding of human nature, can hack it,” Davis points out. “Think about it as the ease of breaking in through a door. If I put a cardboard door up, anyone can break it down. If I put a steel door up, that limits it. Add a lock, and you need someone who can unpick that lock.” At present, he estimates, maybe 10% of people could get into the average system, given the right tools and the inclination to do it. “So get it down to 0.00001%,” he says.
A few people hack, in effect, for fun. “There is a certain number out there, but they tend to be a bit more disorganized than criminal groups,” he suggests. “The people who are out doing ransomware attacks are doing it for monetary gain. You get a lot of very clever and talented hackers in the ransomware game. And you get a lot of clever and talented hackers who want to work for a cause.”
Cybersecurity is the ITS sector's most pressing issue, says Davis
Such causes might include activist groups in various areas, although the potential disruption they cause is nothing compared to that which could be created by state-sponsored hacking. “It’s part of the geopolitical system,” says Davis evenly. “It’s neither a good thing nor a bad thing – it just is. There’s a fine line we have to steer between fear-mongering and good, sober analysis. Cybersecurity is about managing risk. If you want to be perfectly safe, stay indoors. Every time you go outside, you take a calculated risk. Cybersecurity is no different: you have to weigh risk and reward. That’s a very different discussion to a fear-mongering discussion. Can a hacker work their way from your enterprise systems to your operational systems? It’s not about scaring the bejesus out of people.”
Corporations must decide what level of risk they can cope with. In transportation terms, perhaps, the red line might be protecting people riding in their cars. Much time is spent by equipment manufacturers and transport agencies ensuring that roadside units, on-board units and traffic lights are functioning safely and securely. “If some hacker decides to shut off adaptive cruise control, ram the car into another lane and kill a family of four, that’s not something we can tolerate,” Davis says. But a ransomware attack, on the other hand? “Maybe that’s something we can live with,” he continues. “We always say that ‘good’ isn’t good enough. You have to look at what is right for that situation and that risk. Ask yourself: ‘What am I willing to give up?’”
While admirably realistic, that sounds like quite a nuanced message for clients which, presumably, just want to be told their operations are safe. “Well, it’s a complex message,” he agrees. “It’s not something you can put into a tagline and sell. But I believe that a vocabulary within transportation is beginning to emerge.” He praises the lead taken by the US Department of Transportation. “They have really tried to make it part of their repertoire,” he says. “And when you look at organisations like ITS America, they’ve gone out of their way to create a cybersecurity taskforce.” He would have liked to see more on cybersecurity, including some funding set aside, in the new transportation bill.
Increased connectivity requires complicated technology – and some sort of harmonisation, ultimately, too, with a choice to be made between dedicated short-range communications (DSRC) or cellular Vehicle to Everything (C-V2X), say. With competing advocates arguing their cases, this does not seem to be happening quickly. “I’m not frustrated by it,” Davis says cheerfully. “This is how technology works. They’ll fight it out. Both of these standards deserve a fair shot on the market and the market will decide. We’re going to figure it out as an industry.”
BlackBerry, he insists, is “completely tech neutral: we’re above the chipware, we can exist on either of those technologies”. However, Davis is far from neutral on one key issue: the protection of the 5.9GHz spectrum for transportation use. “The thing that’s holding us back is that US 5.9 should not be under any kind of risk from any other industry,” he says firmly. “Even if there is a slim chance of interference, why would you even want to risk that? Why would you even want to push that envelope? We should not be battling with other industries over that spectrum, whether you’re a DSRC advocate or a C-V2X advocate. There should be a very clear message that this is our hard line – this is not a money play: this is about saving lives on US roads. If we have to crowd the technologies onto part of the spectrum, we’ll be causing more problems than we’re solving.”
So what does Davis see as the next battleground in ITS? “I don’t know that I see it as a battleground,” he muses. “But as we get connectivity deployed, we’ll take our expectations based on our understanding of the systems and we’ll start to see how they’re behaving on the road. We’ll get the chance to start tweaking the technology. The biggest challenges are around security and communications management – and systems understanding.”
This last one is particularly important, Davis thinks. Since this is new territory, working out how well disparate elements dovetail together is going to be crucial to our knowledge of how safe and effective connected systems are. “One of the hardest things human beings are going to have is understanding what the health of these systems look like,” he points out. It’s not as simple as adding apps to your smartphone. “By managing and watching what happens in these interactions, we can make an impact,” Davis concludes.
So, the dumbest guy in the room? Don’t you believe it.