Two of the world’s largest utilities, AES Corp. and Enel, as well as the European IT services firm Atos have joined an industrial security-focused cybersecurity consortium known as the Charter of Trust that was launched in February at the Munich Security Conference. The consortium counts Siemens, Airbus, Allianz, Daimler, IBM, Deutsche Telekom, semiconductor producer NXP and the testing and certification company SGS as members. The news was announced at the energy conference CERAWeek in Houston, Texas.
The expansion of the consortium will assist the organization in its goal of establishing a learning community–based approach to industrial cybersecurity through 10 shared principles. “I look at the Charter as setting the foundation of trust and then building on it with core tenants of innovation and enablement,” said Leo Simonovich, vice president and global head, industrial cyber and digital security at Siemens. “The whole idea is that the industrial security landscape is changing and that, in OT especially, we have to come together to create dedicated OT solutions. We also need to manage security in a way that creates transparency of risk, allowing us to pool our resources together to address it in a smart way.”
The energy sector is a common cybersecurity target. Last October, the U.S. Department of Energy warned that the nation’s power grid was in “imminent danger” from cyberattacks. In February, the department announced it was creating an office dedicated to protecting U.S. electrical infrastructure from cyberthreats and natural disasters.
[Internet of Things World addresses the security concerns for IoT implementation in every vertical, attracting senior security professionals from the world’s biggest organizations. Get your tickets and free expo passes now.]
“Cybersecurity is the most important security issue of our time,” explained Siemens CEO Joe Kaeser in a release. “Siemens is working with key partners in industry, government and society to promote the Charter of Trust to make our digital world more secure. The transformational opportunities that exist for society and industry can only be realized if we all have confidence in, and can rely on the security of our data and connected systems.”
The primary objectives behind the charter include establishing ownership for cybersecurity at the highest governmental and business levels, as well as creating products that are secured by default rather than retroactively. Other important goals cover establishing mandatory third-party certifications for connected critical infrastructure and the creation of risk-based guidelines designed to provide protection across the layers of industrial IoT deployments.
“What is really important for this to be successful is for us to get very concrete about the type of things we do together as a community,” Simonovich said. While education and sharing best practices for securing critical infrastructure will be a priority for the group, the Charter of Trust supports the need for innovation and co-creation, which jointly are one of the core principles of the initiative.
“Cooperation is key to effectively prevent and manage cyber risks,” said Yuri Rassega, Enel Group chief information security officer in a statement.
Yet a sizable portion of the industrial community has been taking a siloed approach to cybersecurity while also addressing it reactively, said Simonovich. “What we want to develop is a proactive approach that shores up our defenses and builds capability,” he explained. “That takes shared responsibility.”