Siemens has formed a consortium of giant companies to form a community of trust to build greater cyber security. The major industrial and tech allies in the consortium include Airbus, Allianz, Daimler Group, IBM, MSC, NXP, SGS, and Deutsche Telekom.
Those companies believe that cybercrime is getting out of hand and they need to band together to protect both digital assets and physical assets — from data centers to power plants. The companies will sign the Charter of Trust at the Munich Security Conference today in Germany.
Siemens CEO Joe Kaeser said in an interview with VentureBeat that his company has 460 factories around the world, with many of them in China. His company needs to keep the data safe, and it has to comply with data laws in various countries. He can’t bring some of that data out of China.
“I need to know how these factories are doing no matter where I am,” he said. “I have to access my data wherever I am. But we also have to keep this data safe. We need something that verifies identity and enables trust. We have to build a community. People have to understand that the physical world can actually be the victim in cyberattacks. Data theft can impact the physical world.”
The trust group will do things like eliminate duplicate costs for manufacturers and bring standards to the Internet of Things. The companies want to share resources for defending themselves against attack, and they are calling on governments and chief information security officers to join them and create independent certification for critical infrastructure and the Internet of Things. Kaeser doesn’t want to have to hire thousands of cybersecurity people just to have to cover all the bases alone.
“We have to be able to verify with my partners that these people are OK without building up thousands and thousands of cybersecurity people to protect my stuff,” Kaeser said. “Do we know all the answers yet? Absolutely not. Do we know we need to do this? Absolutely.”
The Charter of Trust calls for binding rules and standards to build trust in cybersecurity and further advance digitalization.
The Charter outlines 10 action areas in cybersecurity where governments and businesses must both become active. It calls for responsibility for cybersecurity to be assumed at the highest levels of government and business, with the introduction of a dedicated ministry in governments and a chief information security officer at companies. It also calls for companies to establish mandatory, independent third-party certification for critical infrastructure and solutions — above all, where dangerous situations can arise, such as with autonomous vehicles or the robots of tomorrow, which will interact directly with humans during production processes.
“We need tangible use cases on how to defend a power plant or how to defend a mobile system or the traffic lights,” Kaeser said.
In the future, security and data protection functions should be “preconfigured” into technologies, and cybersecurity regulations should be incorporated into free trade agreements, the companies said. The Charter’s signatories also call for greater efforts to foster an understanding of cybersecurity through training and continuing education as well as international initiatives.
“Secure digital networks are the critical infrastructure underpinning our interconnected world,” said Canadian foreign minister Chrystia Freeland, in a statement. “Canada welcomes the efforts of these key industry players to help create a safer cyberspace. Cybersecurity
will certainly be a focus of Canada’s G7 presidency year. ”
The matter is also a top priority for the Munich Security Conference.
“Governments must take a leadership role when it comes to the transaction rules in cyberspace,” said Wolfgang Ischinger, chairman of the Munich Security Conference, in a statement. “But the companies that are in the forefront of envisioning and designing the future of cyberspace must develop and implement the standards. That’s why the Charter is so important. Together with our partners, we want to advance the topic and help define its content.”
According to the ENISA Threat Landscape Report, cybersecurity attacks caused damage totaling more than $815 billion (€560 billion) worldwide in 2016 alone. For some European countries, the damage was equivalent to 1.6 percent of the gross domestic product.
“It’s important to protect not only the assets but also the data flows, and it creates the coming together of industry, government, and academia,” said Leo Simonovich, a security vice president at Siemens, in an interview. “Our customers are looking for blueprints, both technical and strategic.”
And in a digitalized world, the threats to cybersecurity are steadily growing: According to Gartner, 8.4 billion networked devices were in use in 2017 — a 31 percent increase over 2016. By 2020, the figure is expected to reach 20.4 billion.
Kaeser referred to Bitcoin as “the greatest money-laundering machine ever built.”
He added, “And no one cares. There are thousands of regulations. Every time I come into this beautiful country, I have to report if I have more than $10,000 in [physical] cash. In cyberspace, you can transfer much more than that and no one cares. No one stops you. The black money. The dirty money. The drug money is being cleaned. No one cares because no one knows how to deal with it. Think about it. The whole world is not prepared for this.”
As for the response, it hasn’t even started yet, Kaeser said.
“This is just the beginning,” he said. “We should have 50 or 100 companies trying to reinvent the same wheel time again. We need a knowledge community, and that’s the intent.”