By Gregory Hale
It is time to take cybersecurity plans and initiatives into our own hands where we can’t wait for government to come to the rescue.
That idea is one of the guiding thoughts behind the Charter of Trust, said Joe Kaeser, chief executive of Siemens AG during a session Thursday at the Future of Cybersecurity event sponsored by Siemens which was a part of National Infrastructure Week hosted by Bloomberg in Washington.
“The thing is everyone talks about the Internet of Things. The Internet is reaching the industrial world. There are billions of devices connected and there are 20 to 30 million devices connected right now. At some point of time, there will be trillions of devices. And the question is how do they actually deal with (cybersecurity) and instead of your whatsapp account being down for five minutes. But how does the professional protect people’s assets, protect critical infrastructure? So, how should that actually work? You can ask the government to set the framework to get something done. But the fact of the matter is government when it comes to cybersecurity it could take a long time. We cannot wait that long.”
Kaeser went on to say, Charter of Trust members want to be very action oriented. “What exactly do we do with our trusted partners working together in a heightened area of trust to exchange our data.”
In terms of government’s role in cybersecurity, companies can’t sit around and watch.
“Nation-related cyber security actions are much more powerful than any small company will ever be,” Kaeser said. “That is why companies can’t wait. They need to find a way to do business in other areas of the world. We have local operations in 170 countries around the world. We have 470 factories around the world. I want to know what is going on in the factories so I can understand on how we can improve them.”
The ten principles at the core of the Charter include:
1. Ownership of cyber at IT security
2. Responsibility through the digital supply chain where there is identity and access management, encryption, and continuous protection
3. Security by default
5. Innovation and co-creation
7. Certification for critical infrastructure and solutions
8. Transparency and response
9. Regulatory framework
10. Joint initiatives
The ten principles should be a basic way of operating for companies.
“I consider safety and the integrity of data a fundamental, like compliance,” Kaeser said. “You don’t talk about it, you just do it.”
Siemens learned the hard way about the importance of a strong cybersecurity message and program.
That concept came crashing down on them when the industry learned in 2010 about the Stuxnet virus hitting a Siemens automation system at an Iranian nuclear enrichment facility.
“We knew very quickly it was not someone sitting in the dark apartment. This was something else, we worked to try and understand what it took. We calculated it took 180 man years to create that. Stuxnet was a 911 call in the company. It was like ‘Houston we have a problem.’ It was like in Siemens, we have a problem. It took some of the world’s most prominent forces to crack our system.”
One Day Closer
Part of learning about that incident is something Kaeser is keenly aware of.
“One thing I know is we are one day closer to the next event,” he said.
That is why security remains in the forefront of Siemens actions.
“We want to prove it to our customers and to stay one step ahead. To think it is going away would be naive.
That mindset means Siemens will remain committed to the Charter of Trust.
“Charter of Trust are big words,” Kaeser said. “Charter has a continental nature. Trust is another big word to use these days. You have to make good in showing the world what you mean by that.”
Right now there are 16 members in the Charter of Trust, but they are not stopping there.
“We want to have more people sign up,” Kaeser said. “We don’t want to make this a poker story being told. We want to make these 10 principles actionable. We need to show the world that this is real.”