Siemens-led IoT security charter doubles members, puts focus on supply chains
Eight further organisations have joined the Charter of Trust for cybersecurity, an initiative launched by Siemens last year to raise security in the internet of things (IoT) market. Membership of the charter now stands at 17. Siemens said the group’s first task is to address security of supply chains. The German company has issued new terms to its own suppliers to reduce security risks in its own operations.
In addition to Siemens and the Munich Security Conference, the original signatories, members now include AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total and TÜV Süd. Mitsubishi Heavy Industries (MHI) has also signed a letter of intent to join the initiative, expanding its reach into Asia.
The Charter of Trust was formalised at the Munich Security Conference in 2018, and has swelled to almost double its signatories at the 2019 summit in February. Two government authorities: the BSI German Federal Office for Information Security and the CCN National Cryptologic Center of Spain, have also joined as associate members for the very first time. The Graz University of Technology in Austria is also set to join as an associate member.
Associate partnerships are open to government representatives, universities and think tanks, enabling them to cooperate on specific projects without having to become full members with all rights and duties, said Siemens.
Joe Kaeser, chief executive at the German industrial outfit, said: “In the age of the internet of things, cybersecurity is a crucial task. Our Charter of Trust initiative is a very important first step. We’re open to many more partners. Cybersecurity is the key enabler for successful digital businesses as well as protecting critical infrastructure. We hope that this initiative will lead to a lively public awareness and, ultimately, to binding rules and standards.”
Kaeser said of the latest joiner, and the expansion of the working group into Asia: “Cybersecurity knows no boundaries. That’s why we highly appreciate Mitsubishi Heavy Industries joining us as the first big Asian company, making the digital world more trustworthy and secure. This will make our joint initiative even more global.”
Third party risks in supply chains are the source of 60 per cent of cyberattacks, according to Accenture Strategy. Charter of Trust member companies have defined “baseline requirements” to make cybersecurity – of people, processes and technologies – an absolute necessity throughout all digital supply chains, Siemens said.
The charter states four aims: to protect data from unauthorised access throughout its ‘lifecycle’; to enforce an appropriate level of identity and access control, including for third parties; to ensure a process identify and authenticate products and services; and to deploy a minimum level of security education and training for employees.
Members will implement these requirements in their own supply chains, said Siemens. The Germany company has announced new cybersecurity requirements for its own suppliers, to be introduced step-by-step and anchored in new supplier contracts. These requirements will apply primarily to suppliers of security-critical components such as software, processors and electronic components for certain types of control units, it said.
Existing suppliers who do not yet comply with the requirements are to implement them gradually. The goal is to better protect the digital supply chain against hacker attacks. The requirements stipulate that suppliers must integrate special standards, processes and methods into their products and services.
Roland Busch, chief operating officer and chief technology officer at Siemens, commented: “This step will enable us to reduce the risk of security incidents along the entire value chain in a holistic manner and offer our customers greater cybersecurity. If all our partner companies put their global weight behind these measures and implement them together with their suppliers, we can generate tremendous impact and make the digital world more secure.”
According to the Center for Strategic and International Studies, threats to cybersecurity in 2018 caused €500 billion in losses worldwide. Risks will rise as the volume of connected devices, principally in IoT markets, spirals. According to Gartner, 8.4 billion networked devices were in use in 2017 – 31 per cent more than in 2016. This figure is expected to rise to 20.4 billion by 2020.
Governments and industry are aligning at the global, regional and national levels on cyber security, said Siemens. It noted the Paris Peace Call for Trust & Security in Cyberspace, presented in November 2018 by French President Emmanuel Macron, committed to “form and achieve” stability in cyberspace, and the new EU Cybersecurity Act seeks to strengthen cyber institutions and provide a framework to develop cyber certifications.