One Year of Successful Teamwork
Sign in for Cybersecurity during the Munich Security Conference (MSC). On February 15, the Charter of Trust celebrated its first birthday. Click in.
Phenomena that 25 years ago were considered pure science fiction are today our ever-present companions in daily life. The list ranges from digital factories to the networking of information with a vast range of systems. All in all, digital systems are not only simplifying many facets of life, but have become a key factor affecting the competitiveness of companies and countries.
However, as these developments have taken shape, the associated concentration of information has become an irresistible target for criminals. As a result, the total number of cyberattacks is rapidly increasing. In 2016 alone, attacks from the Internet caused more than €500 billion in damages worldwide and accounted for up to 1.6 percent of gross domestic product in some European countries.
Attacks from the Internet
Hackers aren’t just attacking conventional PCs. Ever since the Stuxnet malware made headlines worldwide in 2010, manufacturing companies have realized that advancing levels of digitization are blurring the lines between offices and the infrastructures that control industrial facilities. As a result, plant operators have had to prepare for all the challenges that the IT sector is now familiar with – the global WannaCry cyberattack confirmed this in May 2017. Moreover, with ever more products, solutions, and services employing software that is often used in critical infrastructures, the range of cybersecurity risks will continue to grow. As a result, more than eight billion devices, including machines, facilities, sensors, and products, now communicate with one another, representing an increase of about 30 percent since 2016. Moreover, this number will continue to climb dramatically – to more than 20 billion by 2020.
Protecting Critical Infrastructures and Sensitive Data
This challenge affects public infrastructures just as much as the manufacturing industry and the energy and healthcare sectors. Companies everywhere anticipate that the networking of machines and facilities will not only generate significant financial advantages, but major security challenges as well. “However, the risks are manageable if industry uses a thorough and consistent security concept,” says Natalia Oropeza, Head of the Cybersecurity Department at Siemens. At company’s central research and development unit, Corporate Technology (CT), experts develop sophisticated solutions designed to protect Siemens’ divisions against cybercrime. These solutions range from software packages that ensure that security is always up-to-date with regard to authentication methods (“ID checks”) for machines, as well as monitoring solutions that identify and report cyberattacks in near real time so that countermeasures can be taken as early as possible.
“The Internet of Things would be inconceivable without Cybersecurity.”The Cybersecurity-Initiative Charter of Trust is a year old. An interview with Siemens’ COO and CTO Roland Busch and Chief Cybersecurity Officer Natalia Oropeza about the importance of Cybersecurity and the initiative’s progress.
The Charter of Trust was launched a year ago. What’s your assessment so far?
Roland Busch: Very good. There’s been a lot of interest from government, business and civil society. A steady stream of attacks and data leaks have shown that we need a robust framework for action in cybersecurity. Government and business need to work together here. The Charter of Trust has asked France to take up the topic during the country’s presidency of the G7. One of the points under President Emmanuel Macron’s cybersecurity strategy is working on international cybersecurity standards. So the topic has arrived at the very top levels and shows the need for cross-border cooperation
Natalia Oropeza: The content has also advanced. The 16 partners have not only signed and reaffirmed the ten principles of the Charter of Trust, but also signed an agreement to keep working together in the future. One important result to emerge from this cooperation is that last October, we adopted 17 minimum requirements for the digital supply chain. These include, for example, that suppliers have to implement specific standards, procedures and methods to prevent vulnerabilities, malicious codes and security incidents in their products and services. On top of that, a number of companies have come to us and wanted to join the Charter, so we’ll soon be able to include additional partners.
Why does Siemens have a lead role?
Roland Busch: Since we have a lead position in industrial digitalization, we very quickly recognized that cybersecurity is an integral part of the digital revolution. The industrial Internet of Things (IoT) would be inconceivable without cybersecurity. We see how important that is to our customers every day as we work with them. They all want to advance digitalization. But without trust, it won’t work. Our digital services and products for all aspects of MindSphere in the IoT will be a success only if we can simultaneously offer the best possible protection from data theft and attacks. And that, in turn, is something we can’t guarantee by ourselves. Which is why it’s so important to join forces with partners.
Siemens intends to market cybersecurity solutions more heavily in the future. Which role will the organization around the Chief Cybersecurity Officer play here?
Natalia Oropeza: We’ll support the business units in offering high-quality cybersecurity solutions for their customers. We’re a central contact point that can benefit all our units. That way, they can all achieve the same high level of security.
Roland Busch: On top of that, we’ve pooled our technological content in our Company Core Technology for Cybersecurity. This is where experts from our businesses and Corporate Technology develop the solutions of the future for the entire company.
What challenges will we face in the coming years?
Natalia Oropeza: Attacks will keep increasing, in part also because more and more devices will be networked. That will directly affect our daily lives, and here it’s not just our personal data that will be in danger, but our way of life at home and at work. Just for example, think of autonomous cars, hospitals, energy utilities, or digital factories. So we’re working on automating cybersecurity solutions that can avert the vast majority of threats. And for that purpose we’ll also be applying various technologies like artificial intelligence to achieve prevention.
Thirty Years of Cybersecurity at Siemens
Digital systems and cybersecurity need to evolve hand in hand – as indeed has been the case at Siemens for more than 30 years. Whereas in 1986 the company had only a small IT security team consisting of a handful of network security employees, the scope of operations is now far larger. For example, Siemens employs cyber defense experts to examine industrial facilities worldwide for possible threats from the Internet, warns companies of security-related incidents, and coordinates proactive countermeasures. The company currently employs around 1,300 cybersecurity experts. This gives Siemens a very broad foundation for protecting itself and its customers with secure products and systems. Moreover, cybersecurity systems are among Siemens’ “Company Core Technologies” – i.e. technology and innovation areas that are of the greatest strategic significance and by means of which Siemens is striving to play a leading technological role.
Focusing on Future Challenges
As a result, the company has a huge amount of expertise in the field of cybersecurity and the growing challenges it poses. This applies especially to MindSphere, the open, cloud-based IoT operating system from Siemens that combines data analysis, multiple connectivity, development tools, and applications. More than one million devices from a variety of customers are now connected to this system. All of these devices have to be protected, even as their number continue to increase.
In addition to its focus on industrial customers, Siemens also provides cybersecurity services to suppliers, power grid operators, and the healthcare sector.
Even an industrial giant like Siemens cannot handle this issue all on its own if it is to keep pace with the market’s steady progress and the range of criminal threats. On the contrary, companies and governments have to pull together and take targeted action. As a result, Siemens and partners from industry, government, and society started the Initiative “Charter of Trust“ at the Munich Security Conference in February 2018. With a view to making the digital environment more secure as a whole, the document’s signatories describe the key principles that they consider to be indispensable for building a new level of trust between governments, business partners, customers, and society at large. All of the signatories agree that business success cannot be achieved without trust. And the number of signatories continues to increase. In 2018 the Charter started with eight participants, which grew to 15 within the year, including IBM, Daimler, Cisco, Allianz, Dell, and Deutsche Telekom. After one year of the Charter, the balance is positive, with concrete recommendations from the Charter already being reflected in Emmanuel Macron’s French cybersecurity strategy, which was proclaimed at the end of 2018, and in the German IT security law and the EU Cyber Security Act. In addition, all of the Charter’s participants have agreed on the implementation of comprehensive security standards along their supply chains – a major advance considering the number of suppliers worldwide working for the 15 companies.
Although significant efforts have been made to jointly counteract cybercrime, there will never be 100 percent security. Defense against such attacks will continue to be a game of cat and mouse. Nevertheless, cybersecurity experts at research institutes and from industry have taken up this challenge. That’s because business and society must be able to rely on the security of digital technologies to the greatest extent possible. Only this way can all of us benefit from the promise of a digital world.
Cybersecurity at Siemens
Picture Credits: from top: 1. and 2. picture getty images, 3. dpa/picture alliance, 4. and 9. getty images