Please use another Browser
It looks like you are using a browser that is not fully supported. Please note that there might be constraints on site display and usability. For the best experience we suggest that you download the newest version of a supported browser:Continue with the current browser
Digital connectivity is making our lives easier and boosting business competitiveness. However, the risk of cyberattacks is increasing as well, causing governments and companies to join forces in defense.
Phenomena that 25 years ago were considered pure science fiction are today our ever-present companions in daily life. The list ranges from digital factories to the networking of information with a vast range of systems. All in all, digital systems are not only simplifying many facets of life, but have become a key factor affecting the competitiveness of companies and countries.
However, as these developments have taken shape, the associated concentration of information has become an irresistible target for criminals. As a result, the total number of cyberattacks is rapidly increasing. In 2016 alone, attacks from the Internet caused more than €500 billion in damages worldwide and accounted for up to 1.6 percent of gross domestic product in some European countries.
Hackers aren’t just attacking conventional PCs. Ever since the Stuxnet malware made headlines worldwide in 2010, manufacturing companies have realized that advancing levels of digitization are blurring the lines between offices and the infrastructures that control industrial facilities. As a result, plant operators have had to prepare for all the challenges that the IT sector is now familiar with – the global WannaCry cyberattack confirmed this in May 2017. Moreover, with ever more products, solutions, and services employing software that is often used in critical infrastructures, the range of cybersecurity risks will continue to grow. As a result, more than eight billion devices, including machines, facilities, sensors, and products, now communicate with one another, representing an increase of about 30 percent since 2016. Moreover, this number will continue to climb dramatically – to more than 20 billion by 2020.
This challenge affects public infrastructures just as much as the manufacturing industry and the energy and healthcare sectors. Companies everywhere anticipate that the networking of machines and facilities will not only generate significant financial advantages, but major security challenges as well. “However, the risks are manageable if industry uses a thorough and consistent security concept,” says Natalia Oropeza, Head of the Cybersecurity Department at Siemens. At company’s central research and development unit, Corporate Technology (CT), experts develop sophisticated solutions designed to protect Siemens’ divisions against cybercrime. These solutions range from software packages that ensure that security is always up-to-date with regard to authentication methods (“ID checks”) for machines, as well as monitoring solutions that identify and report cyberattacks in near real time so that countermeasures can be taken as early as possible.
With the Charter of Trust, Siemens is taking the issue of cyber security to a new level. Together with Daimler and IBM, the company is starting a powerful global initiative: From now on, the future products of all the partner companies will be designed and implemented according to ambitious cyber security principles. Just how this will happen is explained in an interview with Eva Schulz-Kamm, head of Siemens Government Affairs, and Natalia Oropeza, head of the company's new Cybersecurity Department.
Siemens is always emphasizing that cybersecurity has top priority for the company. Why is this topic so important?
Natalia Oropeza: Everything is networked today, whether it’s robots in production, medical devices, or power grids. The risk of data theft or data manipulation is constantly growing. In three years, more than 20 billion devices will be connected to the Internet of Things. Digitalization, which is so profitable for us, can succeed only if customers can build on the integrity of the data.
Eva Schulz-Kamm: The threat to us is one aspect. Another aspect is that we also have a tremendous opportunity to significantly expand our business. Our customers often remain skeptical of digitalization. And rightly so, because there are currently no internationally binding rules for cybersecurity. Now we want to change all that: As a top supplier of secure products for Industrie 4.0, mobility, and medical technology, we’ve started a global initiative to establish trust in the Internet of Things on a broader basis.
How is Siemens building this trust?
Schulz-Kamm: First of all, by being absolutely transparent when it comes to critical incidents. But we want to look even further forward: Cybersecurity is a complex and demanding issue. We’re successful on the market with many businesses, such as Plant Security Services, where we analyze risks in factories and implement security measures, or our cybersecurity services for power companies and network operators. We want to share these best practices with a community but we also want to continue learning. So far there are only a few islands of trust in the industry that we now want to join together in one bold step. We’re not waiting for regulatory interventions or standardization. We’re taking matters into our own hands and are going to create a playing field on which the same rules apply to everyone.
What does this mean in concrete terms?
Schulz-Kamm: … that working with strong partners, we’ve drafted a Charter of Trust that places international cyber security on a new, more comprehensive footing. At the Munich Security Conference, we presented ten elementary, binding principles to which the signatories commit themselves. These are the cornerstones that will establish a Charter of Trust between society, government, business partners, and customers.
Oropeza: And Siemens is the initiator of this Charter! I’ve only just recently joined Siemens and still have an outsider’s perspective. I think it’s fantastic that the company is taking this bold and decisive step. It’s a great opportunity to propagate its tremendous cybersecurity expertise.
30 Years of Cybersecurity
Digital systems and cybersecurity need to evolve hand in hand – as indeed has been the case at Siemens for more than 30 years. Whereas in 1986 the company had only a small IT security team consisting of a handful of network security employees, the scope of operations is now far larger. For example, Siemens employs cyber defense experts to examine industrial facilities worldwide for possible threats from the Internet, warns companies of security-related incidents, and coordinates proactive countermeasures. The company currently employs around 1,275 cybersecurity experts. This gives Siemens a very broad foundation for protecting itself and its customers with secure products and systems. Moreover, cybersecurity systems are among Siemens’ “Company Core Technologies” – i.e. technology and innovation areas that are of the greatest strategic significance and by means of which Siemens is striving to play a leading technological role.
As a result, the company has a huge amount of expertise in the field of cybersecurity and the growing challenges it poses. This applies especially to MindSphere, the open, cloud-based IoT operating system from Siemens that combines data analysis, multiple connectivity, development tools, and applications. More than one million devices from a variety of customers are now connected to this system. All of these devices have to be protected, even as their number continue to increase.
In addition to its focus on industrial customers, Siemens also provides cybersecurity services to suppliers, power grid operators, and the healthcare sector.
Charter of Trust
Even an industrial giant like Siemens cannot handle this issue all on its own if it is to keep pace with the market’s steady progress and the range of criminal threats. On the contrary, companies and governments have to pull together and take targeted action. As a result, Siemens and partners from industry, government, and society have started the Initiative “Charter of Trust“ at the Munich Security Conference, on February 16, 2018. With a view to making the digital environment more secure as a whole, the document’s signatories describe the key principles that they consider to be indispensable for building a new level of trust between governments, business partners, customers, and society at large. All of the signatories agree that business success cannot be achieved without trust. And the number of signatories continues to grow, as additional global companies joined the Charter at the CeraWeek energy conference in the U.S. in March.
Although significant efforts have been made to jointly counteract cybercrime, there will never be 100 percent security. Defense against such attacks will continue to be a game of cat and mouse. Nevertheless, cybersecurity experts at research institutes and from industry have taken up this challenge. That’s because business and society must be able to rely on the security of digital technologies to the greatest extent possible. Only this way can all of us benefit from the promise of a digital world.
Cybersecurity at Siemens