In 2017, the U.S. Department of Energy reported that America's electricity infrastructure was in "imminent danger" from cyberattacks that are "growing more frequent and sophisticated." And, according to a recent report from the Council of Economic Advisors, malicious cyber activity against government and industry cost the U.S. economy between $57 billion and $109 billion in 2016 – approximately one-half of U.S. GDP.
The Charter of Trust represents an unprecedented cybersecurity initiative that establishes three primary goals: to protect the data of individuals and businesses; to prevent harm to people, businesses, and infrastructure; and to establish a reliable basis where confidence in a networked, digital world can take root and grow.
The Charter of Trust was announced at the Munich Security Conference (MSC) in February, and signed by a group of founding companies, including Airbus, Allianz, Daimler Group, IBM, MSC, NXP, SGS and Deutsche Telekom, who called for binding rules and standards to ensure greater digital security and integrity in both the public and private sectors.
"Cybersecurity is the most important security issue of our time," said Joe Kaeser, CEO, Siemens AG. "Siemens is working with key partners in industry, government and society to promote the Charter of Trust to make our digital world more secure. The transformational opportunities that exist for society and industry can only be realized if we all have confidence in, and can rely on the security of our data and connected systems."
As the number of cyberattacks worldwide continues to grow, the hardware and software that control critical infrastructure like electricity and gas have become high-value targets. A study of the U.S. oil and gas industry by Ponemon Institute found that operational technology (OT) cyberattacks now comprise 30 percent of all attacks in the U.S. oil and gas industry.
"Protecting our nation's energy infrastructure is critical to maintaining so much of the American way of life," said Senate Energy and Natural Resources Committee Chairman Lisa Murkowski, R-Alaska. "It is great to see companies coming together to build trust and strengthen collaborative efforts to protect critical assets in our nation and around the world. Cybersecurity is a shared responsibility that requires partners at all levels of government and the private sector to address threats and sharpen responses to cyberattacks."
The new Charter of Trust members include The AES Corporation, a Fortune 200 global power company providing energy distribution and generation in 15 countries; Atos, a global leader in digital transformation operating in 72 countries and supporting clients across various business sectors, including energy and utilities; and Enel, Europe's largest power company for market capitalization, operating in more than 30 countries across five continents.
The Charter outlines ten principles to ensure companies and governments are taking action to address cybersecurity at the highest levels through a dedicated cybersecurity ministry in government and a chief information security officer at companies. It calls for mandatory, independent certification for critical infrastructure where lives are at risk, including in the oil and gas, and power generation and distribution industries, and digital applications across all aspects of IoT. It also affirms that as technologies become increasingly digital and connected, security and data privacy functions should be preconfigured and that cybersecurity regulations should be incorporated into free trade treaties. The Charter's signatories are also looking for greater efforts to encourage cybersecurity in vocational training and in international initiatives.
Comments from Andrés Gluski, President and CEO, The AES Corporation
"AES' mission is to improve lives by providing safe, reliable and sustainable energy solutions. Our continued success depends on adapting to change, including utilizing new technologies. A successful cyberattack would impact our ability to deliver electricity and a data breach could negatively affect our employees, customers and partners."
Comments from Thierry Breton, Chairman and CEO, Atos
"Atos is fully engaged in the digitalization of all areas of the economy. Cybersecurity is a crucial component and enabler for this transition. Working hand in hand with Siemens we have jointly developed digital solutions such as best-in-class security operating center and identity and access management for extended enterprise and IoT, or prescriptive security analytics based on artificial intelligence. I fully endorse the initiative of the global Charter of Trust for greater cybersecurity and its ten key principles. I am glad to join as a signatory of this Charter, a great foundation upon which we can build to spread digitalization and create value for our customers and partners."
Comments from Yuri Rassega, Enel Group Chief Information Security Officer
"Cooperation is key to effectively prevent and manage cyber risks. In today's world, technology is becoming increasingly disruptive, making the cyber threats we face all the more frequent and sophisticated. In past years Enel has been working to adopt a systemic vision that takes into account both business drivers and IT/OT/IoT systems-specific protection objectives, defines a risk-based strategy and drives a "cyber security by design" model, boosting the resilience of infrastructure and applications to face cyber threats and risks. With the signing of the Charter of Trust for a Secure Digital World, we are formalizing our commitment to an increasingly coordinated approach to cyber security by merging info and real-time data sharing."
The Charter of Trust and further information are available under: www.siemens.com/press/charter-of-trust