At the Munich Security Conference in February 2018, nine organisations signed the world’s first joint charter for greater cyber security. A year on, the Charter of Trust has grown to 16 members. In addition to Siemens and the Munich Security Conference, the signatories include AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total and TÜV Süd.
Now, the Charter of Trust welcomes two government authorities to its ranks as associate members for the very first time: the BSI German Federal Office for Information Security, which is one of the most relevant institutions for cyber security experts and the CCN National Cryptologic Center of Spain.
CCN is an agency of the Spanish State annexed to the National Intelligence Center. In addition, the Graz University of Technology in Austria will be joining the charter as an associate member. The team there focuses on cyber security research and for instance was one of the teams that discovered the IT vulnerabilities ‘Meltdown’ and ‘Spectre’.
The associate partner is a new format, through which the Charter is opening up for important government representatives, universities and think tanks for cooperation. A benefit to such organisations is that they can cooperate on specific projects without having to become full members with all rights and duties.
“In the age of the internet of things, the Charter of Trust is a very important first step,” said Joe Kaeser, CEO of Siemens. “We’re open to many more partners, making the real and digital worlds safer places for all of us. Cyber security is the key enabler for successful digital businesses. We hope that this initiative will lead to a lively public debate on cyber security and, ultimately, to binding rules and standards.”
An area of early and intense focus has been security of supply chains. Third-party risks in supply chains, are becoming a more prevalent issue and are the source of 60% of cyber attacks, according to Accenture Strategy. Charter of Trust member companies have worked out baseline requirements and propose their implementation for making cyber security an absolute necessity throughout all digital supply chains.
These requirements address all aspects of cyber security – including people, process and technology. Examples of these requirements include:
Charter of Trust members are establishing a risk-based methodology for implementing these requirements in their own supply chains, involving supply chain partners in the process.
In 2018 Charter of Trust round tables worldwide opened up an in-depth exchange between policy makers and the Charter partners. Governments and industry are aligning at the global, regional and national levels in the pursuit of common security goals. The ‘Paris Peace Call for Trust & Security in Cyberspace’ presented in November 2018 by French President Emmanuel Macron is a clear commitment to form and achieve stability in cyber space and confirms the willingness to work together to define and implement international cyber security principles. Content wise, the Paris Peace Call shares key tenets with the Charter of Trust principles and the partners look forward to seeing them reinforced further at the forthcoming G7 summit.
Ambassador Wolfgang Ischinger, Chairman of the Munich Security Conference, said: “Cyber security will play an important role at the next G7 summit. The Charter of Trust has stimulated important discussions here and is an authoritative guideline for policy makers.”
The new EU Cybersecurity Act was an important step towards strengthening cyber institutions and providing a framework to develop cyber certifications. The Charter of Trust members look forward to bringing their expertise to bear in the development of the certifications as implementation gets underway in 2019.
The Charter of Trust has set ambitious goals for 2019. Besides deepening and expanding the policy dialogue, members plan to advance two topics: ‘Cybersecurity by Default’ and ‘Education’, meaning predictive cyber security settings embedded in products and other environments, and global continuing training efforts both inside and outside companies.
According to the Center for Strategic and International Studies, threats to cyber security in 2018 caused 500 billion euros in losses worldwide. And threats to cyber security are constantly on the rise as the world digitalises further: according to Gartner, 8.4 billion networked devices were in use in 2017, 31% more than in 2016. The figure is expected to rise to 20.4 billion by 2020.