[BreachExchange] Major Tech Companies Create Cybersecurity Charter of Trust

[Audrey McNeil]

https://www.designnews.com/automation-motion-control/
major-tech-companies-create-cybersecurity-charter-trust/199347432158559

Eight technology industry partners have joined the Munich Security
Conference in creating a charter to establish rules and standards for
cybersecurity. The Charter of Trust is designed to foster trust in
cybersecurity and further advance secure digitalization. The charter
includes Airbus, Allianz, Daimler Group, IBM, NXP, SGS, Siemens, and
Deutsche Telekom.

The Charter of Trust sets out 10 action areas in cybersecurity, where
governments and businesses must both become active. It asks that those at
the highest levels of government and business assume responsibility for
cybersecurity. The charter calls for governments to introduce a dedicated
cybersecurity ministry and asks companies to assign chief information
security officers.

The charter also calls for companies to introduce mandatory, independent
third-party certification for critical infrastructure. In addition, they
must provide solutions where dangerous situations can arise, such as with
autonomous vehicles or robots that interact directly with humans. Going
forward, the charter asks that security and data-protection functions be
preconfigured in technology and devices, and that cybersecurity regulations
be incorporated into free trade agreements. Finally, the charter calls for
greater efforts to “foster an understanding of cybersecurity through
training and continuing education as well as international initiatives.”

The Revolution in Connectivity Requires a Revolution in Security

With the huge rush to connectivity, companies are creating vulnerable
systems. “Billions of devices are being connected by the Internet of Things
and they’re interacting on an entirely new level and scale. As much as
these advances are improving our lives and economies, the risk of exposure
to malicious cyber-attacks is also growing dramatically,” Leo Simonovich,
VP of Industrial Cyber and Digital Security at Siemens Energy, told Design
News. “Failure to protect the systems that control our homes, hospitals,
factories, grids, and virtually all of our infrastructure could have
devastating consequences.”

Simonovich noted that security has to grow with connectivity or the
development and benefits of connected systems and devices will stall.
“Cybersecurity is and has to be more than a seatbelt or an airbag. Security
is a factor that’s crucial to the success of the digital economy,” said
Simonovich. “People and organizations need to trust that their digital
technologies are safe and secure. Otherwise, they won’t embrace the digital
transformation. Digitalization and cybersecurity must evolve hand in hand.”

For years, there has been a neck-to-neck race between hackers and those
tasked with protecting cyber networks. In recent years, intruders have
become very sophisticated. Many of the hackers are now nation states. “In
order to keep pace with continuous advances in the market as well as cyber
threats, companies and governments must join forces and take decisive
action,” said Simonovich. “This means making every effort to protect the
data and assets of individuals and businesses, prevent damage from people,
businesses, and infrastructures, and build a reliable basis for trust in a
connected and digital world.”

Industry Is Particularly Vulnerable

While most internet-connected systems have some vulnerabilities, industrial
networks—operation technology (OT)—are particularly vulnerable. They were
not originally designed to extend beyond the plant. “Through the eyes of a
hacker, OT is not only valuable, it’s vulnerable. Most OT environments were
designed to work in isolation. Now they’re being connected to the outside
world, as cyber criminals hope cybersecurity efforts continue to lag the
speed of digitalization,” said Simonovich. “Making matters even more
difficult, many OT systems cannot be taken offline for patching cycles and
updates. In some cases, patching may void a manufacturer warranty.”

The charter recognizes that security for cyber-based networks will require
a collection of solutions. “This can’t be achieved by a single company or
entity; it must be the result of close collaborations on all levels,” said
Simonovich. “In this charter, the signing partners outline the key
principles we consider essential for establishing a new charter of trust
between society, politics, business partners, and customers.”

How Were Members of the Charter Chosen?

The charter was officially launched earlier this year at the Munich
Security Conference (MSC). “At the MSC, we laid the cornerstone of the
Charter of Trust initiative. Our aspiration and desire is to recruit more
comrades in arms for our initiative worldwide, and to create a digital
world that is based on trust in the digital and hyper-connected world,”
said Simonovich. “The partners are among the leading representatives of
their own governments and branches of industry. By signing, they commit
themselves to act as Siemens does, and in that way to concern themselves
with greater security and trust in a digital world.”

Simonovich noted that the charter is a first step in what is hoped to be an
extensive initiative that involves all of the stakeholders in
cybersecurity. “This can only be a starting point. No group or individual
company can solve this challenge alone. That’s why we invite companies to
share our ambition and join the Charter of Trust initiative,” said
Simonovich. “We also invite governments of the world and civil society to
engage in a focused dialogue: Trust matters to everyone. It must not stop
at borders or sectoral limits.”

The Enormity of the Cybersecurity Issue

Simonovich stressed that network security is becoming the most pressing
security concern across the globe. “Cybersecurity will be the most
important security issue of the future—for societies and companies all over
the world,” said Simonovich. “The digital transformation is only going to
succeed if we can rely on the security of data and connected systems.
Digitalization and cybersecurity are two sides of the same coin.”

He also pointed to the growing cost of attacks—now reaching into the
billions annually. “The complexity of attacks and sophistication of
malicious actions in cyberspace continue to increase. The threats are
asymmetrical, with large interconnected systems vulnerable to attacks by
small groups of individuals or rogue states,” said Simonovich. “The
economic impact is material: Global ransomware damages are predicted to
exceed $5 billion in 2017. As all aspects of life and business become
increasingly networked and digitalized, the topic will take on a new
dimension. Recent attacks like Wannacry, Industroyer, or Petya are evidence
of an increasing threat level.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180419/50094568/attachment.html>