Eight technology industry partners have joined the Munich Security Conference in creating a charter to establish rules and standards for cybersecurity. The Charter of Trust is designed to foster trust in cybersecurity and further advance secure digitalization. The charter includes Airbus, Allianz, Daimler Group, IBM, NXP, SGS, Siemens, and Deutsche Telekom.
The Charter of Trust sets out 10 action areas in cybersecurity, where governments and businesses must both become active. It asks that those at the highest levels of government and business assume responsibility for cybersecurity. The charter calls for governments to introduce a dedicated cybersecurity ministry and asks companies to assign chief information security officers.
|Eight tech leaders formed the Charter of Trust at the Munich Security Conference with the aim of curbing cyber threats. (Image source: Siemens)|
The charter also calls for companies to introduce mandatory, independent third-party certification for critical infrastructure. In addition, they must provide solutions where dangerous situations can arise, such as with autonomous vehicles or robots that interact directly with humans. Going forward, the charter asks that security and data-protection functions be preconfigured in technology and devices, and that cybersecurity regulations be incorporated into free trade agreements. Finally, the charter calls for greater efforts to “foster an understanding of cybersecurity through training and continuing education as well as international initiatives.”
The Revolution in Connectivity Requires a Revolution in Security
With the huge rush to connectivity, companies are creating vulnerable systems. “Billions of devices are being connected by the Internet of Things and they’re interacting on an entirely new level and scale. As much as these advances are improving our lives and economies, the risk of exposure to malicious cyber-attacks is also growing dramatically,” Leo Simonovich, VP of Industrial Cyber and Digital Security at Siemens Energy, told Design News. “Failure to protect the systems that control our homes, hospitals, factories, grids, and virtually all of our infrastructure could have devastating consequences.”
Simonovich noted that security has to grow with connectivity or the development and benefits of connected systems and devices will stall. “Cybersecurity is and has to be more than a seatbelt or an airbag. Security is a factor that’s crucial to the success of the digital economy,” said Simonovich. “People and organizations need to trust that their digital technologies are safe and secure. Otherwise, they won’t embrace the digital transformation. Digitalization and cybersecurity must evolve hand in hand.”
For years, there has been a neck-to-neck race between hackers and those tasked with protecting cyber networks. In recent years, intruders have become very sophisticated. Many of the hackers are now nation states. “In order to keep pace with continuous advances in the market as well as cyber threats, companies and governments must join forces and take decisive action,” said Simonovich. “This means making every effort to protect the data and assets of individuals and businesses, prevent damage from people, businesses, and infrastructures, and build a reliable basis for trust in a connected and digital world.”
Industry Is Particularly Vulnerable
While most internet-connected systems have some vulnerabilities, industrial networks—operation technology (OT)—are particularly vulnerable. They were not originally designed to extend beyond the plant. “Through the eyes of a hacker, OT is not only valuable, it’s vulnerable. Most OT environments were designed to work in isolation. Now they’re being connected to the outside world, as cyber criminals hope cybersecurity efforts continue to lag the speed of digitalization,” said Simonovich. “Making matters even more difficult, many OT systems cannot be taken offline for patching cycles and updates. In some cases, patching may void a manufacturer warranty.”
The charter recognizes that security for cyber-based networks will require a collection of solutions. “This can’t be achieved by a single company or entity; it must be the result of close collaborations on all levels,” said Simonovich. “In this charter, the signing partners outline the key principles we consider essential for establishing a new charter of trust between society, politics, business partners, and customers.”
How Were Members of the Charter Chosen?
The charter was officially launched earlier this year at the Munich Security Conference (MSC). “At the MSC, we laid the cornerstone of the Charter of Trust initiative. Our aspiration and desire is to recruit more comrades in arms for our initiative worldwide, and to create a digital world that is based on trust in the digital and hyper-connected world,” said Simonovich. “The partners are among the leading representatives of their own governments and branches of industry. By signing, they commit themselves to act as Siemens does, and in that way to concern themselves with greater security and trust in a digital world.”
Simonovich noted that the charter is a first step in what is hoped to be an extensive initiative that involves all of the stakeholders in cybersecurity. “This can only be a starting point. No group or individual company can solve this challenge alone. That’s why we invite companies to share our ambition and join the Charter of Trust initiative,” said Simonovich. “We also invite governments of the world and civil society to engage in a focused dialogue: Trust matters to everyone. It must not stop at borders or sectoral limits.”
The Enormity of the Cybersecurity Issue
Simonovich stressed that network security is becoming the most pressing security concern across the globe. “Cybersecurity will be the most important security issue of the future—for societies and companies all over the world,” said Simonovich. “The digital transformation is only going to succeed if we can rely on the security of data and connected systems. Digitalization and cybersecurity are two sides of the same coin.”
He also pointed to the growing cost of attacks—now reaching into the billions annually. “The complexity of attacks and sophistication of malicious actions in cyberspace continue to increase. The threats are asymmetrical, with large interconnected systems vulnerable to attacks by small groups of individuals or rogue states,” said Simonovich. “The economic impact is material: Global ransomware damages are predicted to exceed $5 billion in 2017. As all aspects of life and business become increasingly networked and digitalized, the topic will take on a new dimension. Recent attacks like Wannacry, Industroyer, or Petya are evidence of an increasing threat level.”
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.
As the Internet of Things (IoT) pushes automation to new heights, people will perform fewer and fewer “simple tasks.” Does that mean the demand for highly technical employees will increase as the need for less-technical employees decreases? What will be the immediate and long-term effects on the overall job market? What about our privacy and is the IoT secure? These are loaded questions, but ones that are asked often. Cees Links, wireless pioneer, entrepreneur, and general manager of the Wireless Connectivity business unit in Qorvo, will address these questions, as well as expectations for IoT’s impact on society, in this ESC Boston 2018 keynote presentation, Thursday, April 19, at 1 pm. Use the Code DESIGNNEWS to save 20% when you register for the two-day conference today!