Siemens expands its cybersecurity charter activities to suppliers

February 15, 2019 //By Nick Flaherty
Siemens expands its cybersecurity charter activities to suppliers
Siemens has expanded its 'Charter of Trust' cybersecurity alliance to governments and universities, as well as insisting all its suppliers sign a cybersecurity contract based on the charter.

The charter is now backed by AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total and TÜV Süd as well as  the BSI German Federal Office for Information Security, and the CCN National Cryptologic Centre of Spain. The Graz University of Technology in Austria, which hosts one of the teams that discovered the "Meltdown" and "Spectre" vulnerabilities, is also joining the charter as an associate member.

The associate partner is a new format so that government representatives, universities and think tanks can be part of specific projects without having to become full members with all rights and duties.

"In the age of the internet of things, the cybersecurity is a crucial task. Our Charter of Trust initiative is a very important first step," said Joe Kaeser, CEO of Siemens. "We're open to many more partners. Cybersecurity is the key enabler for successful digital businesses as well as protecting critical infrastructure. We hope that this initiative will lead to a lively public awareness and, ultimately, to binding rules and standards."

An area of early and intense focus has been security of supply chains. Third party risks in supply chains, are becoming a more prevalent issue and are the source of 60 percent of cyberattacks, according to Accenture Strategy. Charter of Trust member companies have worked out baseline requirements and propose their implementation for making cybersecurity an absolute necessity throughout all digital supply chains. These requirements address all aspects of cybersecurity – including people, process and technology. Examples of these requirements include:

  • Data shall be protected from unauthorized access throughout the data lifecycle.
  • Appropriate level of identity and access control and monitoring, including third parties, shall be in place and enforced.
  • A process shall be in place to ensure that products and services are authentic and identifiable.
  • A minimum level of security education and training for employees shall be regularly deployed.

 

These are key to the new contracts for


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.