Tools


Siemens Worldwide

Pictures of the Future

Contact

Contact

Mr. Sebastian Webel
Mr. Sebastian Webel

Editor-in-Chief

Mobile: +49 172-7169762

Werner-von-Siemens-Straße 1
80333 Munich

Pictures of the Future
The Magazine for Research and Innovation
 

Cybersecurity

Cybersecurity - Unlock the Potential of Digitalization

Showcase Factory: Siemens’ plant for industrial controls in the Bavarian city of Amberg is already considered to be the company’s most state-of-the-art plant worldwide. There, products and machines communicate with each other, enabling the products themselves to control their production. That makes an effective cybersecurity concept essential.

Through the Charter of Trust Siemens has initiated a cultural shift toward cooperation in the field of cybersecurity. That’s because if there is a lack of comprehensive protection the magic of digitalization can quickly mutate into an El Dorado for cybercriminals. Siemens is already complying with key basic principles of the Charter today and offering its customers a comprehensive security concept. A look behind the scenes.

“At the moment, building trust is the key criterion for the success of digitalization,” says Franz Köbinger. He knows what he’s talking about. As a Marketing Manager Digital Enterprise at Siemens, he knows his customers very well, and he realizes that for many companies there’s still a high threshold to cross before they can confront this topic. “However, digitalization can unlock tremendous potential, and that can only benefit everyone,” he says. This view is supported by current developments: Approximately 8.4 billion devices were connected with the Internet in 2017. According to forecasts, that number will increase to 20.4 billion by 2020. In the future this will enable industry to continue raising its standards of quality and make its production processes flexible and cost-efficient.

“Nonetheless, many people are worried that the networking that makes this connectivity possible could make them vulnerable,” Köbinger adds. There's a good reason for this concern. The damage caused by cyberattacks in 2017 was estimated at more than €500 billion. And the more devices and machines are connected with one another, as is the case with the Internet of Things (IoT), the greater seems the danger of being hacked.

Innovative technologies for the Fourth Industrial Revolution: They are already a reality at Siemens’ Electronics Manufacturing Plant in Erlangen, Germany. A key reason for the success of this plant is that people and machines work hand in hand.

The Goal: Making Digitalization Successful

It’s clear that we can unlock the potential of the digital transformation only if we succeed in setting high security standards for data and connected systems. Digitalization and cybersecurity are two sides of the same coin. To put it another way, digitalization is the reason why cybersecurity has become a critical factor for business. “Today nobody can meet the tremendous challenges of cybersecurity alone,” Köbinger says. “To make sure that users can safely use products, we need a whole chain of players who all agree to apply common standards.”

Accordingly, at the Munich Security Conference in 2018 Siemens initiated the Charter of Trust for a secure digital world, thus taking an important step toward more cooperation and transparency in the world of digitalization. This step is attracting a lot of attention, because the Charter has by now been signed by 12 partners. The number of interested companies is growing by leaps and bounds.

Although the Charter is still in the development phase, Siemens has already fulfilled some of the tasks defined in it. Siemens is a company that earns €5.2 billion in revenue from software and digital services and has already connected more than a million devices with the MindSphere. As a result, it urgently needs a level of security that keeps up with its growing digital portfolio. Industrial security, an area that is relevant for Siemens, is addressed in two of the key themes in the Charter: “Responsibility in the Digital Supply Chain” and “Cybersecurity as a Factory Setting.” Both of these themes are interwoven, and both of them obligate the signatories to ensure protection at all levels of the Internet of Things.

“Defense in Depth” – Siemens’ Holistic Security Concept

“Siemens is already implementing its response to these requirements. It’s called Defense in Depth,” says Franz Köbinger. “This is our concept of industrial security. You can think of it as the many layers of an onion. In terms of this image, we use several layers to protect the inside of the onion, namely entire industrial plants and all of their elements, including the associated networks. Security considerations are already taken into account during the creation of the individual elements – in other words, during product development. We call this Security by Design.”

According to Köbinger, “Every plant is different, but there are principles you always have to keep in mind.” Three basic steps are needed to safeguard industrial facilities. The first step involves general plant security – in other words, physical access to the plant, organizational measures such as security policies, and monitoring the plant for anomalies that could indicate a cyberattack. The second step, safeguarding networks, includes the installation of firewalls and the encryption of data transmission. The third step focuses on system integrity – in other words, protecting the individual terminals and systems from access by unauthorized individuals as well as unauthorized changes. Thus potential attackers must always overcome a combination of several obstacles, and that is much more difficult and time-consuming than simply cracking individual safety measures.

Whatever the level in question, there’s always the same conclusion: "That we can protect the digital infrastructure only if we work together.”

Friendly Hacking: Putting Ourselves to the Test

In addition, Siemens relies on a self-monitoring process conducted by a dedicated CERT team (Cyber Emergency Readiness Team). This department uses “friendly hacking” methods to test Siemens’ own products and solutions as well as the company’s internal IT infrastructures. Moreover, this team of experts is also called in when weak points or incidents are reported. The experts then check to see whether any Siemens products are affected, and if so, which ones, so that they can make security updates available as soon as possible. As required by the Charter of Trust, in such cases Siemens’ industrial customers are promptly informed about all of the weak points as well as the available security updates and corrective measures. “If we want to eliminate weak points, it’s absolutely essential to have transparency,” Köbinger says. “If we notice something amiss, we tell the customer about it and also provide a solution." Whatever the level in question, there’s always the same conclusion: “That we can protect the digital infrastructure only if we work together.”

Thanks to Digitalization, production lines will be able to independently react to changing demands.

Binding Standards and Rules – The Aim of the Shared Effort

A prime example of Siemens’ holistic and multilevel concept is the Amberg electronics plant, which is the company’s showcase factory for digitalization. This is where approximately 15 million Simatic controllers are produced every year. At the plant, even the individual assembly lines are protected with their own firewalls.

Self-regulation is one thing, but proving that it has taken place is another. That’s why the Charter of Trust aims to cooperatively establish internationally binding rules and standards. For customers, this would mean that devices, systems, and solutions are provided with a kind of cybersecurity certificate. “Siemens is one of the companies that have recognized the strategic relevance of standardization and that are actively pursuing it over the long term,” says Michael Teigeler, the Managing Director of VDE-DKE and Secretary of the National Committee of Germany of the International Electrotechnical Commission (IEC). He believes that these institutions too are undergoing a cultural change. “Digitalization is forcing us to reinvent ourselves,” he says.

Trust As a Basic Principle – Breaking New Ground with the Charter of Trust

Siemens has reinvented itself and has already unlocked a great deal of digital potential. For example, today it’s one of the ten leading global software companies as well as a pioneer in the area of cybersecurity. One of the reasons for this success is that it is committed to promoting an atmosphere of trust, which may be the most important factor leading to the success of digitalization. Through the Charter of Trust, Siemens and its partners are making an important contribution to the process of gaining their customers’ trust and deepening this trust over time.

Sandra Zistl
Picture credits: from top: 4. Shutterstock / xieyuliang