Driving security in uncertain times The Charter of Trust for a secure digital world

By Eva SCHULZ-KAMM, Global Head of Government Affairs at Siemens AG

Digitalization is the biggest and most radical transformation in the history of industry.

The real and virtual worlds are merging digital twins, robotics, big data, and artificial intelligence are revolutionizing the world of manufacturing.

And as the number of devices and machines connected to the Internet of Things grows, the risks are rising: In 2017 alone, cyber attacks caused damage amounting to €500 billion worldwide.

What if attacks on critical infrastructure were successful? What if the IT systems connecting and controlling our homes, hospitals, airports, factories and power grids failed?

How can we protect our economy and our society, and ultimately the more than seven billion people on this planet against such attacks?

Well, first, by recognizing that the threats in the digital world are real and that they put the real world at risk.

And, second, by understanding that we can only meet these threats together  by joining forces and making a strong collective effort.

That’s why Siemens, together with the Munich Security Conference and a number of other companies, initiated the Charter of Trust.

It outlines principles and concrete actions based on our expertise and more than 30 years of experience in the field of cybersecurity.

The goals of the Charter are clearly defined: first, to protect the data of individuals and companies; second, to prevent damage to people, companies, and infrastructure; and third, to create a foundation for trust in the digital world.

We’re already taking action to achieve these goals.

An area of early and intense focus has been security of global supply chains. Third party risks in global supply chains, are becoming a more prevalent issue and are the source of 60 percent of cyberattacks.

The Charter of Trust member companies have worked out baseline requirements and propose their implementation for making cybersecurity an absolute necessity throughout all their digital supply chains.

These requirements address all aspects of cybersecurity including people, process and technology.

Examples of these requirements include:

Data shall be protected from unauthorized access throughout the data lifecycle.

Appropriate level of identity and access control and monitoring, including third parties, shall be in place and enforced.

A process shall be in place to ensure that products and services are authentic and identifiable.

An appropriated level of security education and training for employees shall be regularly deployed.

Together we are establishing a risk-based methodology for implementing these requirements in our own supply chains, involving supply chain partners in the process. In addition we’re exploring how to improve awareness and knowledge of cybersecurity issues through training and education.

And that’s just one side of the coin. With our round tables worldwide, we enabled an in-depth exchange between policy makers and the Charter partners.

Governments and industry are aligning at the global, regional and national levels in the pursuit of common security goals.

The “Paris Peace Call for Trust & Security in Cyberspace” presented in November 2018 by French President Emmanuel Macron for example is a clear commitment to form and achieve stability in cyberspace and confirms the willingness to work together to define and implement international cybersecurity principles.

Content wise, the Paris Peace Call shares key tenets with the Charter of Trust principles and the partners look forward to seeing them reinforced further at the forthcoming G7 summit.

Also, the new EU Cybersecurity Act was an important step towards strengthening cyber institutions and providing more security in uncertain times.

But that’s not all. For 2019 we have set ourselves ambitious goals. Besides deepening and expanding the policy dialog, we plan to advance the topic “Security by default“. This means that security is already preconfigured during the development of products.

Since 2018, the Charter of Trust has grown to 16 members. In addition to Siemens and the Munich Security Conference, the signatories include AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total and TÜV Süd.

In addition, the German Federal Office for Information Security, the CCN National Cryptologic Center of Spain and the Graz University of Technology in Austria have joined the charter as associate members.

On February 19, 2019, Mitsubishi Heavy Industries (MHI) signed a letter of intent to join the Charter of Trust for cybersecurity in Tokyo, expanding the Charter’s reach into Asia.

The company’s membership is expected to be finalized by the end of September 2019. MHI will be the first Asian company to join the global cybersecurity initiative.

That clearly demonstrates: no company and no country is big enough or powerful enough to meet the cybersecurity challenge alone.

That’s why all of us should work together to establish binding global rules and standards.

The Charter of Trust shows that even in times of imminent trade conflicts and growing mistrust, global collaboration is possible for the good of all.