Smart and connected industrial equipment has the potential to spark the next Industrial Revolution, but it also gives threat actors new tools for cyber-sabotage. To tackle the challenge head-on, Siemens’ CEO Joe Kaeser came up with the idea to form the “Charter of Trust” consortium of global organizations that could pool their resources and align around shared principles.
The critical infrastructure security alliance now has 16 member companies. The latest four to join include Cisco, Dell Technologies (including Dell subsidiaries Dell EMC, RSA and VMware), the multinational oil and gas company Total SA and the testing and certification firm TÜV SÜD. Other prominent companies in the group include Airbus, Allianz, Daimler Group, Deutsche Telekom, IBM and NXP.
“The internet now is reaching the industrial world. Instead of worrying about our cellphones or our Whatsapps, now this is about critical infrastructure [and] manufacturing,” Kaeser said in an interview with Bloomberg. “How can we find a common understanding of protecting our whole value chain between our suppliers, our customers and ourselves.”
Michael Dell, chairman and chief executive officer of Dell Technologies said in a statement: “By joining the Charter of Trust and partnering with other leading technology providers, we can help realize the promise of technology innovation to drive human progress while protecting people and securing their data in this digitally connected world.”
“We are excited to have Cisco, Dell, Total and TÜV SUD AG as new Charter of Trust members, as each are leaders in their respective fields,” said Leo Simonovich, vice president and global head, industrial cyber and digital security at Siemens. All of these companies have made digitalization, business transformation and critical infrastructure security key objectives. But the shadow side of technologies such as additive manufacturing, IoT, big data analytics and AI is an increased risk of exposure to cyberattacks, which is true with individual global companies, as well as an ecosystem of partners. “So, when you work together with a common foundation of cybersecurity, you increase the trust you have in having digitalization and cybersecurity move together hand in hand,” Simonovich added. “Just as cybersecurity has no borders, neither does trust.”
A number of the organizations involved in the Charter of Trust are also involved in other consortia with similar cybersecurity initiatives. For instance, Cisco, Dell Technologies, IBM and Siemens also belong to the Industrial Internet Consortium, which has developed an Industrial Internet Security Framework. Siemens and Deutsche Telekom also are members of Plattform Industrie 4.0, a collaborative German initiative to modernize its production sector.
In a recent blog post, Anthony Grieco, senior director at Cisco noted the network company decided to join the Charter of Trust “ because it closely aligns with [its] core values and principles we use to establish explicit trust with our customers and industry partners.” Grieco specifically cited security by design, education, certification and incident response and information sharing as examples of shared principles.
The 10 principles of the agreement include:
- Ownership of cyber and IT security
- Responsibility throughout the digital supply chain
- Security by default
- Innovation and co-creation
- Certification for critical infrastructure and solutions
- Transparency and response
- Regulatory framework
- Joint initiatives
The ability of such consortia to make considerable improvements across such a diverse set of objectives — and tackle the growing challenge of critical infrastructure security — will depend on their ability to delegate responsibilities and pool resources, said Peter Tran, head of global cyber defense and security strategy at Worldpay. “There needs to be very clear governance of all the collaborative layers here,” Tran said. “These are lessons learned within large military organizations trying to share intelligence across global environments, for example.”
Global tech and industrial companies work to catalyze the next industrial revolution with technologies like the Internet of Things and work to establish hyper-converged IT infrastructure, which leverages software virtualization to unify computing, storage and networking. “The future of securing the Fourth Platform of hyper-converged IT infrastructures needs a consortium like this to shape and influence how the myriad of security integration points will look like — particularly within IoT-driven infrastructures where attack surfaces can change in seconds,” Tran said. “However, with the frequency, sophistication and complexity of cyberattacks we are seeing today within critical infrastructures, success for collaboration and execution for this consortium depends on agility, speed and scale.”
Simonovich said the next steps for the Charter of Trust are to refine its organizational framework as it continues to recruit companies and establishes dialogues with governments on cybersecurity. “This is a starting point, and we know that this group nor any individual company can’t solve the cybersecurity challenge alone,” he explained. “We also anticipate opening dialogues with governments to further build a foundation based upon our 10 guiding principles.”