DRIVING SECURITY IN AN UNSECURE WORLDmedias.dii.eu/Site_dii/GPAC/Speaker-presentation/... · DII...
Transcript of DRIVING SECURITY IN AN UNSECURE WORLDmedias.dii.eu/Site_dii/GPAC/Speaker-presentation/... · DII...
DII • 164 BD HAUSSMANN 75008 PARIS • TÉL : +33 (0)1 43 12 85 55 • WWW.DII.EU
Eva Schulz-Kamm
Global Head of Government Affairs
SIEMENS AG
DRIVING SECURITY
IN AN UNSECURE WORLD
1st ANNUAL FORUM
GLOBAL PUBLIC AFFAIRS FORUM
September 28, 2018 | PARIS
Siemens at a glance
Siemens AG is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for 170 years. The company is active around the globe, focusing on the areas of electrification, automation and digitalization.
One of the world’s largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of efficient power generation and power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive and software solutions for industry. With its publicly listed subsidiary Siemens Healthineers AG, the company is also a leading provider of medical imaging equipment.
In fiscal 2017, which ended on September 30, 2017, Siemens generated revenue of €83.0 billion and net income of €6.2 billion. At the end of September 2017, the company had around 377,000 employees worldwide.
www.siemens.com
Page 3
Digitalizationcreates
opportunities and risks
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
… and risksExposure to malicious cyber attacks is also growing dramatically, putting our lives and the stability of our society at risk
Digitalization creates …
Page 4
Opportunities
Blue BoxingCryptovirologyAOHell
Level Seven Crew hackDenial-of-service attacks
Cloudbleed
sl1nk SCADA hacks Meltdown/Spectre
Infineon/TPM
AT&T Hack Morris Worm Melissa Worm ILOVEYOUWannaCry
NotPetya
HeartbleedIndustroyer/Chrashoverride
Stuxnet
2000 2004 2008 2012 2016 202019961988 1992
Billions of devices are being connectedby the Internet of Things, and are the backbone of our infrastructure and economy
50.1B (2020)
IoT Inception (2009) 8.7B (2012)
11.2B (2013)
14.2B (2014)
18.2B (2015)
22.9B (2016)
28.4B (2017)
42.1B (2019)
0.5B (2003)
Connected Systems
Connected Facilities/Plant/Site
Connected Products
34.8B (2018)
Billion of Devices
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
And it‘s common truth
Page 5
We can’t expect people to actively support the digital transformation if we cannot TRUST in the security of data and networked systems.
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
Page 6
That’s why together with strong partners we have signed a “Charter of Trust” –aiming at three important objectives
1. Protect the data of individuals and companies
2. Prevent damage to people, companies and infrastructures
3. Create a reliable foundation on which confidence in a networked, digital world can take root and grow
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
We came up withten key principles
Page 7
01 Ownership of cyberand IT security
02 Responsibility throughout the digital supply chain
03 Security by default
04 User-centricity
05 Innovation and co-creation
06 Education
07 Certification for critical infrastructure and solutions
08 Transparency and response
09 Regulatory framework
10 Joint initiatives
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
And we bring them to life as
Principle 1 — Ownership of cyber and IT security
Concrete implementation steps at SiemensIn January 2018 we established a new Cybersecurity unit headed by Natalia Oropeza, our new Chief Cybersecurity Officer (CCSO). In this function, she reports directly to the Managing Board of Siemens AG.
“Cybersecurity is more than a challenge. It’s a huge opportunity. By setting standards with a dedicated and global team to make the digital world more secure, we are investing in the world's most valuable resource: TRUST.
Our proposals for more advanced Cybersecurity rules and standards are invaluable to our partners, stakeholders and societies around the world. That is what we call “ingenuity at work.”
Natalia Oropeza,Chief Cybersecurity Officer, Siemens AG
Page 8
01
For our society, customers and Siemens, we are
the trusted partner in the digital world
by providing industry leading cybersecurity
Together we make cybersecurity real – because it matters
Our Vision
Our Holisticapproach
The Siemens approach for a newCybersecurity organization
Protection of our IT and OT Infrastructure
Protection of our products, solutions and services
Enable cyber solutions for our business
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
And we bring them to life as
Page 9
Concrete implementation steps at SiemensSiemens provides a multi-layer concept that gives plants both all-round and in-depth protection
Know-how andcopy protection
Authentication and user management
Firewall and VPN(Virtual Privat Network)
System hardening and continuous monitoring
02
The Siemens security conceptdefense-in-depth
Principle 2 — Responsibility throughout the digital supply chain
Concrete implementation steps with the CoT partners
With our partners, we are defining a list of minimum security requirements for all players in the supply chain, and effective mechanisms that can support their implementation
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
And we bring them to life as
Page 10
Principle 3 —Security by default
Only if security requirements are already taken into account in the early phase of a product, can the highest appropriate level of security be offered proactively.
Concrete implementation steps at SiemensThe Siemens Elektronikwerk Amberg uses cutting-edge technologies to produce approximately 15 million SIMATIC products each year. A holistic security concept is applied throughout the lifecycle.
0303
AssessSecurity
ImplementSecurity
ManageSecurity
“Considering our extensive network, which multiplies the number of possible points of entry to our IT infrastructure, we cannot assume that yesterday’s solutions will protect against today’s potential threats.
Since introducing SIEM, we have much higher transparency about the effectiveness of our measures to protect against cyberattacks.”
Gunter Beitinger,Chief Executive Officer (CEO), Siemens Elektronikwerk Amberg
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
And we bring them to life as
Page 11
Principle 9 — Regulatory framework
Concrete implementation steps at SiemensSiemens actively participate in a comprehensive cybersecurity network (relevant criminal prosecutors, ISA, FIRST, CERT Community, SAFECode). We gather threat information and disseminate it through these partnerships.
Regulation and standardization are only successful if they are based on multilateral cooperation. The World Trade Organization is our role model.
Our Government Affairs activities, which include the initiative to create a Charter of Trust, are committed to helping bring cybersecurity to the agenda and translating it into concrete regulations and standards.
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
09
Nevertheless
Page 12
“We can’t do it alone. It's high time we act – together with strong partners who are leaders in their markets.”
Joe KaeserInitiator of the Charter of Trust
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
Together we strongly believe─ Effective cybersecurity is a precondition for
an open, fair and successful digital future
─ By adhering to and promoting our principles,we are creating a foundation of trust for all
charter-of-trust.comAs a credible and reliable voice, we collaborate with key stakeholders to achieve trust in cybersecurity for global citizens.
We initiated a network that does not only sign, but collaborates on Cybersecurity!On February 16, 2018, we laid the cornerstone for the joint “Charter of Trust” initiative with partners – aspiring and desiring to recruit more comrades in arms for our initiative worldwide and to create a digital world that is based on trust in the digital and hyper-connected world. One that’s independent of competitors and regions. Trust must not stop at geographical or industry borders.
Trust matters to everyone. It’s everyone’s task.
We sign for cybersecurity!
We sign theCharter of Trust.
Page 15 Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018
Thank you!Time for discussion
If you have questions on ourCharter of Trust on Cybersecurity
Page 17
please contact us
Chief Cybersecurity Officer (CCSO)of Siemens AGNatalia Gutierrez [email protected]
“Charter of Trust“ initiativeEva [email protected]
Global coordinator of the “Charter of Trust“ initiativeKai [email protected]
Contact on CoT communications Johannes von [email protected]
Global Public Affairs Forum | Eva Schulz-Kamm | September 28, 2018