Threat Intelligence

11:40 AM
Connect Directly

Siemens Leads Launch of Global Cybersecurity Initiative

The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.

ICS/SCADA giant Siemens, along with IBM, Airbus, Allianz, Daimler, NXP, SGS, T-Mobile, and the Munich Security Conference, today outlined a new global effort aimed at making cybersecurity a default major component and philosophy for businesses and governments in order to protect critical infrastructure, businesses, and individuals worldwide.

The so-called Charter of Trust centers around the basic goals of protecting the data of individuals and businesses; preventing harm to critical infrastructure, businesses, and individuals via cyberattacks; and establishing a reliable and trusted network infrastructure, according to Joe Kaeser, CEO of Siemens AG.

"Failure to protect the systems that control our homes, hospitals, factories, grids, and virtually all of our infrastructure could have devastating consequences. Democratic and economic values need to be protected from cyber and hybrid threats," the Charter reads. "Cybersecurity is and has to be more than a seatbelt or an airbag here; it’s a factor that’s crucial to the success of the digital economy. People and organizations need to trust that their digital technologies are safe and secure; otherwise they won’t embrace the digital transformation. Digitalization and cybersecurity must evolve hand in hand."

The Charter calls for private industry and governments to work together to take action on those fronts, and includes 10 principles: taking ownership of cybersecurity and IT security; securing the digital supply chain; ensuring security as a default function of products and services; ensuring user-centric design; encouraging innovation of new security measures; educating organizations and the public in cybersecurity; providing certification for critical infrastructure and related products; encouraging transparency in incidents and incident response; establishing a regulatory framework; and facilitating joint initiatives to roll out the other nine principles.

Leo Simonovich, Siemens' vice president and global head of industrial cyber and digital security, says the charter is not merely a call to action. It's "a platform to have a discussion around fundamental principles. We need a common set of rules to create trust," Simonovich told journalists during a signing ceremony for the charter prior to its public unveiling. "It's the industry and government coming together around a common blueprint."

With the supply chain, for example, the goal is to ensure identity and access management, encryption, and continuous software patching becomes the norm. "This is essential to enabling trust to those things," Simonovich said. Product lifecycles also must include security at the core, he said.

He says the hope is that the charter will yield global policy, security standards, and international cooperation among law enforcement, for example. The members envision the European Union, the World Trade Organization, and the International Organization for Standardization, all playing a part.

"I also think it's about coming together around a set of blueprints: what does a secure power plant look like? What does a secure substation look like, for example," he said. "Coming up with discrete solutions around encryption, identity and access management, and security hygiene, and finding a ecosystem of technical partners and customers to co-create with us."

Nicholas Hodac, government and regulatory affairs executive at IBM Europe, says governments around the globe already are looking at how to improve cybersecurity, so the Charter is well-timed to help with that. "Thanks to the global operations of the Charter partners we will be able to promote coherence among government policies. In addition, we can use channels such as the OECD, G7, G20 and WTO to promote dialogue and convergence of cybersecurity policies," he says.

So how will the Charter roll out? "Our objective is to promote this initiative through various channels to more companies, large and small, for them to sign up," Hodac says. "We are currently in the process of identifying those channels and have already been approached by several companies who wish to join the initiative. In parallel we will be presenting this to various governments to demonstrate that industry is taking cybersecurity seriously, acting in a proactive way to address the threats - without the need for additional regulation - and also as a way to help shape cybersecurity policies."

Related Content:


Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Jackson Higgins is Executive Editor at She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Menny Barzilay, Co-founder & CEO, FortyTwo Global,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.