The Daily Swig Web security digest

Placing trust in the industry: Siemens launches global cybersecurity charter

Jessica Haworth | 22 February 2018 at 11:30

Siemens’ global head of government affairs outlines the key principles of the newly launched Charter of Trust.

Siemens launched its Charter of Trust at the Munich Security Conference last week, as the technology giant vows to tackle cybersecurity issues head on.

The charter was signed by a number of big players across multiple industries, including Airbus, Allianz, and IBM, who agreed to work together to improve their security posture.

Principles of the initiative include working with governments to further education of web-related security issues, the creation of a new regulatory framework, and an agreement to collaborate with other industries through the digital supply chain.

The Daily Swig spoke to Siemens’ global head of government affairs, Eva Schulz-Kamm, to find out more about the Charter of Trust and what it means for an accelerating digital world.

Why did Siemens launch the Charter of Trust?

We discussed this in detail with our experts. The outcome was clear: we need to take action immediately and we can’t solve this issue alone!

Building trust in a digital world is a societal challenge that needs to be tackled by a coalition of companies, governments and civil society. Collaboration is key. 

The internet of things in itself is really its own ecosystem, and even if you're building an ordinary IoT device you really need to make sure it is secure. 

From that angle we said, ’yes, we really need to do something about it’, and we came up with 10 principles where we believe it is really a joint effort for the industry leaders on the one hand, but also together with cross-border government support to write some really basic rules for cybersecurity and we should implement them as fast as possible.

How do you hope to influence governments to see cybersecurity as a priority?

Well, I don’t believe governments need to be influenced by Siemens or any other partner from the Charter of Trust because they see it already as top concern or top priority.

World leaders have it on their agenda. Governments are reaching out to us as partners and also to other stakeholders to say, ’We see these kind of threats are coming, what can we do? How can we help to be more trusted?’

We want to lead by example. We wouldn’t like to go to governments and dictate to them, ’You need to do A, B, and C’. We have identified these principles as some of the most key basic requirements that can provide more trust.

And we want to share it – if governments seek answers and want to create a level playing field for trust then we can provide some advice.

How important is collaboration between industries when facing security issues?

Collaboration is the key for the Charter of Trust to succeed.

In former times, you would have dedicated formulas for dedicated problems – whether it’s the automotive sector or the production sector.

Now you have many sectors interlinked with each other. You have to think about the whole IoT supply chain.

Everybody needs to work together: If you have a highly complex robot or IoT device, for instance, in order to make it more secure than before, collaboration is the real key.

One of the principles is the increased education of security issues - how do you hope to achieve this?

I think this has two sides. The first is really that we need, as quickly as possible, more experts in cybersecurity.

There is a growing need for those experts in Europe and worldwide. We also need more education and we need the do’s and don’ts of cybersecurity to be taught from kindergarten up to professional education in universities and companies.

What other aspects of the charter are important?

Security by default – this has directly to do with education.

If you drive a car, you don't need to be educated about the motor functions. No one expects you being a motor expert.

Equally, I think we can’t expect from consumers or citizens that they need to be experts in cybersecurity. This is why we also emphasize security by default.

I think suppliers need to make sure that the parameters are in place when they sell a product – a consumer product or a B2B product – so that when the customer buys it, the security is already integrated.

And if the customers find it burdensome or don’t like it, they can opt out. I think this is important for the educational part.

There’s a lot of burden on the consumer at the moment to be knowledgeable about it and to switch things on.

What’s next for the Charter of Trust?

I think in the next month we will focus on joining forces with some other leaders in various sectors.

From the requests we have had, we see we could have major players from the energy, healthcare and technology sector joining us.

We will be open to more partners and will change the focus to really look into the principles we have outlined.

The idea is to come up with a ready-to-use set of rules that we can apply and implement internationally.