The Charter of Trust, an initiative of Siemens AG, was introduced during the 2018 Munich Security Conference and offers baseline standards for Cyber Security. The Charter of Trust recognizes that the digitalization of our society, factories and infrastructure must evolve hand in hand with Cyber Security.

As the network of partners committing to the Charter of Trust continues to grow, companies and organizations can improve their Cyber Resilience by selecting vendors and service providers which either signed the Charter of Trust as partner, or commit to the principles of the Charter of Trust.

The Charter of Trust offers 10 pragmatic strategic principals and commitments to achieve Cyber Security in the digital and highly connected world.

  1. Ownership of cyber and IT security
  2. Responsibility throughout the digital supply chain
  3. Security by default
  4. User-centricity
  5. Innovation and co-creation
  6. Education
  7. Certification for critical infrastructure and solutions
  8. Transparency and response
  9. Regulatory framework
  10. Joint initiatives

Each company and organization will benefit from embracing these principles and implementing a matching Cyber Security policy. For example, the Charter of Trust requires that companies must offer updates, upgrades, and patches throughout a reasonable life-cycle for their products, systems, and services via a secure update mechanism. A matching policy would require the selection of suppliers which fulfill this requirement.

By doing so, the main customers of industrial automation and Internet of Things applications will not only significantly improve their own Cyber Resilience. They will also send a very clear and important message to the suppliers of products and services: When you do not fulfill the requirements of the Charter of Trust, we will no longer do business with you!”.

At the same time, the owners and operators of the currently installed industrial capacity and infrastructure need to send the same message to their suppliers and partners: “Either you help us to improve Cyber Security and Cyber Resilience by embracing the Charter of Trust with us, or we will no longer do business with you!”.

We need this kind of shake up to make sure each and every new installation, each and every improvement project, and each and every maintenance cycle is designed by default to offer Cyber Security and Cyber Resilience. That can only happen when we combine our purchasing power and embrace the Charter of Trust, and the principles of Back to the Future Cyber Security – A manifesto for Cyber Security and the Industrial Legacy!

  1. Own and manage Cyber Security for Industrial Control Assets (ICA) at the highest level of the organization.
  2. Embrace the principals of the Charter of Trust and implement a matching policy.
  3. Create and maintain an ICA inventory, including all devices which connect to a network, are connected to a device which connects to a network, or could be connected to a network.
  4. Implement and test a full ICA backup, recovery and Disaster Response Plan.
  5. Create appropriate depreciation plans and maintenance budgets for all ICA based on the life cycles of these systems.
  6. Allocate sufficient budgets (CAPEX and OPEX) to implement ICA Cyber Security measures as top priority.
  7. Schedule (semi-) annual penetration testing of all ICA and ensure implementation of its findings.
  8. Implement a semi-annual ICA Cyber Security education plan.
  9. Develop Cyber Security standards and procurement requirements for all ICA purchases, projects and maintenance.
  10. Ensure Continuous Improvement by focusing on the weakest link in ICA Cyber Security and resolving the issues.

Resources: