#IIOT #cybersecurity . partners strive for security
“Charter of Trust” Siemens +16 industrial partners (AES Corp., Airbus, Allianz, Atos, Cisco, Daimler Group, Dell Technologies, Deutsche Telekom, Enel, IBM, MSC, NXP, SGS, Siemens, Total & TÜV SÜD AG)
Collaboration into the industrial supply chain.
Effective cybersecurity requires cooperation by users, system integrators, contractors, suppliers and clients up and down production streams and supply chains.
“We’re also taking a holistic approach to cybersecurity by initiating an improvement program to protect our IT/OT infrastructure, as well as secure our products and services. In fact, we’re the first company to integrate cybersecurity in all phases of our product development lifecycle. The challenge now is that new approaches are always required, such as using data diodes that only let data out, but don’t allow any access, or our Mindsphere technologies that are using security concepts like the IEC 62443 standard.”
“We’re seeing gas turbines with 5,000 sensors now, so the question is how to protect them over the next 10 years, which is why we’re working on solutions like cryptographic algorithms, and also initiating and driving the Charter of Trust,”
Rainer Zahner, global head of cybersecurity governance, Siemens
“Trust needs a level playing field, and that means having a baseline that everyone can follow,”
“We’ve learned that digitalization creates risks as well as opportunities, which means we can’t have smart devices enabled by microprocessors and networking without addressing their cybersecurity issues, too. Cybersecurity is crucial for increasingly digitalized economies, but we and our business partners can’t jointly achieve it without trust, which is why we’re taking it so seriously. Trust is the differentiator, but it’s costly, and must be seen as investment that will deliver a return later.”
Eva Schulz-Kamm, global head of government affairs, Siemens
“About 90% of smaller companies and other organizations have already experienced cyber incidents, so many users and governments have been asking how Siemens can help because you can’t do cybersecurity alone if you’ve got a microprocessors that’s networked to the cloud,”We want to create a global sandbox where we and others can test our cybersecurity solutions. This doesn’t mean everything will be secure, but it will mean we can do something about it, lead by example, and raise the bar on cybersecurity.”
“For example, we work with the U.S. Dept. of Homeland Security’s (DHS) Industrial Control System-Cyber Emergency Response Team (https://ics-cert.us-cert.gov) when a vulnerability is found or an incident occurs, and determine what’s happened, when a patch is available, and how to inform the installed base,”
Harry Brian, U.S. Industrial Security Services team manager, Siemens.
“We were an early participant the Charter of Trust and keen to drive its 10 commandments because without them we’ll never get to a more stable market that can continue to grow because users can trust their devices and are willing to share their data,”
“High-performance sensing is needed for precise recognition of analog and human environments, such as robots and autonomous vehicles,”
“We’ve been working with Siemens on devices that can deliver data outside of line-of-sight, such as equipping traffic signals with long-range RFID sensors that can work with car-to-car communications to inform vehicles of situations coming up. However, these applications must have secure connectivity and communications.”
Lars Reger, CTO, NXP Automotive.
“All of cybersecurity is related to identity, so we’re bringing our experience in this area to the Charter of Trust and vice versa.” For example, “Principle 2—Responsibility throughout the digital supply chain” includes IAM for connected devices, so Steinacker adds that, “Taxonomy, standardization and industry-based IAM frameworks are needed.”
Angelika Steinacker, CTO for Identity and Access Management (IAM) and IoT, IBM Security Europe
Dave Braines, CTO for emerging technology, IBM Research UK, reports that IBM is also developing fully homomorphic encryption that will let users analyze data while it remains secure and private. This method is based on lattice cryptography, and basically allows data to be viewed so calculations can be performed, but doesn’t give access it.
“The sheer numbers of connected devices in the future mean there will be a lot more vulnerabilities, so TÜV Süd has been shifting its focus from testing and verification for functional safety to also diving into cybersecurity,” says Andy Schweiger, managing director, TÜV Süd Sec-IT. “We’re also moving from testing and certification before a product goes to market to continuous testing of firmware and software updates. In addition, where virus control used to be signature-based to moving to become behaviour -based, which is where machine learning and artificial intelligence (AI) can help by showing how viruses can occur and spread.”
“Cyber attackers want to stay silent and invisible, so 70-80% of their spending is on planning and reconnaissance, and building networks of servers and domains, while only 15-20% goes to actual attacks. Attacks typically progress from unknown servers to known servers. Botnets are also used because they’re cheap and simple, while machine learning allows attackers to adjust minute by minute, and communicate between attackers, botnets and victimized systems. This is why cyber attacks are hard to track down.”
Areas of long-term research into core cybersecurity technologies, including:
Original Source: https://www.controlglobal.com/industrynews/2019/siemens-partners-strive-for-security/