What does it mean to trust someone or something? To my way of thinking, trust is having confidence that a person or organization will take actions that ensure my safety while aligning with my beliefs, expectations, and ideals. In days past, perhaps it was more straight-forward. A ride on the railroad required faith that the engineer at the helm knew his or her job and was fit for purpose when the time came for the train to depart. This faith also carried over to the railroad that employed them. Today, as man and machine continue to evolve and intertwine, the lines of trust can become blurred and more complex. While the digital revolution presses forward at an increasing pace, the need for organizational trust is paramount.
When the locomotive engineer is replaced by an amalgamation of automation and artificial intelligence (AI), trust in the organization(s) providing the technology is critical to success. The concept of fit for duty seems to become obsolete; or does it? In a perfect world where the mental and physical weaknesses of humans are overcome by machine, the chink in the armor becomes all too real when these advancements are compromised, maliciously or otherwise. The issue of enterprise trust, therefore, remains paramount, not just for the transportation sector but throughout the Industrial IoT realm; without it, the level of social license required to enable widespread adoption of technology will never occur.
Realizing this, Siemens created and launched the Charter of Trust initiative at the 2018 Munich Security Conference. The charter establishes a baseline level of commitment by members to take ownership of protecting their stakeholders’ assets and data. Cyber attacks represent a threat to individuals and organizations alike. Siemens, along with 15 other organizations (Charter Members to date are: Siemens, The AES Corporation, Airbus, Allianz, Atos, Cisco, Dell Technologies, Enel, IBM, Munich Security Conference, NXP Semiconductors, SGS, Daimler, Deutsche Telekom, Total and TÜV SÜD) that signed on as members are pledging their dedication toward adhering to the principles outlined in the document.
IIoT World was invited to attend a press/media tour in Germany to see firsthand the approach members are taking to uphold their commitment to the Charter of Trust.
During a meeting with, Eva Schulz-Kamm, Global Head, Government Affairs, Siemens; and Rainer Zahner, Global Head of Cybersecurity Governance, Schulz-Kamm and Rainer explained how the charter is a culmination of Siemens’ 30+ year commitment to driving cybersecurity and a response to the exponentially increasing threat horizon for connected devices.
Schulz-Kamm stated that Siemens’ goal is to lead by example. A physicist with an MBA by pedigree, Schulz-Kamm commented that “When customers feel their product is attractive, they still sometimes question if it can be trusted.” A logical question in today’s day and age that hit home for Siemens in 2010 with Stuxnet. This event essentially catalyzed Siemens to rethink and revolutionize their approach and perspective on cybersecurity. Schulz-Kamm went on to state that their clients need evidence; proof Siemens’ system can be trusted. This notion is ultimately what triggered Siemens to create the Charter of Trust. Schulz-Kamm stated, “We are not alone in the world. This is why we created the Charter of Trust as a collaborative with other companies and governments because we believe there needs to be a level playing field for trust, a clear definition of what we mean by trust, and baseline requirements for an IOT product and service.” Siemens is deeply engaged in multiple industrial sectors. With products and services that span transportation (connected trains and other autonomous vehicles), energy supply, industrial controls and integration, building control systems, and healthcare, in all cases, trust by the end user is critical to success.
During our time at the IBM Watson Center, Jonathan Sage, Government & Regulatory Affairs, IBM, explained that the charter is designed to mitigate against a loss of control in homes, factories, utility grids, and infrastructures. At a high level, it is an agreement by signators to uphold three main goals:
Protecting the data and assets of individuals and businesses;
Preventing damage to people, businesses, and infrastructures;
Building a reliable basis for trust in a connected and digital world.
These principles translate into three objectives:
Engage with policy makers to collaborate, educate and raise awareness in cybersecurity;
Raise the bar in cybersecurity with tangible measures and results;
Create a reliable foundation on which confidence in a networked, digital world can take root and grow.
These three objectives are further distilled into 10 key principles.
“Cybersecurity is crucial to the success of our digital economy. Trust in technology is paramount to forward progress,” Sage stated and went on to state that, “the charter is intended to be a living document that will evolve and adapt with time as required.” The need for transparency was discussed and Sage explained that there is a process for organizations looking to join the charter but the specific details for participation were not brought to light.
17 Requirements Set Forth in the Charter of Trust:
The end vision of the initiative also incorporates a level of conformity assessment against the charter criteria and sets the stage for future standards and industry regulation. Based on the current charter membership, some question(s) could potentially be raised around balance, bias, and dominance, should the charter’s criteria formally be taken through a standardization process either regionally or internationally. Regardless, the charter has laid the groundwork for creating an international document should the members choose to move forward with the development of a standard.
The effort is applaudable in terms of being proactive and it will be interesting to see how many other organizations choose to join the Charter of Trust or pledge to uphold the principles that it sets forth.
This article was written by Greg Orloff, the CIO at IIoT World. Greg holds a Bachelor’s of Science degree in Environmental Science and Engineering from The Ohio State University, a Masters of Business Administration in International Business from Case Western Reserve University’s Weatherhead School of Management, and is a graduate of Ivey Business School’s Executive Leadership Program at Western University.