Skip To Content
Sponsored Content:Brought to you by Siemens

Introducing the Charter of Trust

When it comes to cybersecurity, industries cannot wait for governments to intervene and standardize protocols and processes. Cybersecurity is such a large-scale and evolving challenge that individual businesses need to take responsibility and do what they can now. This is the premise behind the Charter of Trust initiative.

Cyberattacks caused more than €500 billion in damages worldwide in 2016, and the risks associated with these attacks are growing exponentially.

Applications tailored for critical infrastructure—such as process sensors for electrical generation plants, and real-time location devices for healthcare—are expected to drive the use of connected Internet of Things (IOT) devices among businesses. In 2017, 8.4 billion networked devices were in use, and Gartner predicts that the number of IOT devices will almost double by 2020 to 20.4 billion.

The Charter of Trust, established by Siemens, the Munich Security Conference and 14 other global industry players, has 10 core principles designed to combat cyber risks to business. Launched at the Munich Security Conference in February 2018, a chief aim of the Charter is to develop and implement rules to ensure cybersecurity throughout the networked environment.

The Charter is working toward establishing minimum standards for cybersecurity that meet the requirements of today’s state-of-the-art technology. Those involved in the Charter initiative believe that active collaboration will help develop these standards and ensure that they are implemented by the companies at the forefront of visualizing and shaping the future of cyberspace.

"Confidence that the security of data and networked systems is guaranteed is a key element of the digital transformation," said Siemens President and CEO Joe Kaeser. "That's why we have to make the digital world more secure and more trustworthy. It's high time we acted – not just individually but jointly with strong partners who are leaders in their markets. We hope more partners will join us to further strengthen our initiative."

The other founding Charter of Trust partners are leaders in their own industries, and include Airbus, Allianz, Daimler Group, IBM, MSC, NXP, SGS and Deutsche Telekom. Since the Charter’s inception they have been joined by other world leaders, including Cisco, Total, AES Corporation, Enel, Atos, and TÜV SÜD AG.

A successful start: At the 2018 Munich Security Conference, the Charter of Trust was signed by (from left to right) Manfred Bischoff (Daimler), Christof Mascher (Allianz), Joe Kaeser (Siemens), Tom Enders (Airbus), Wolfgang Ischinger (Munich Security Conference), Rudy Stroh (NXP Semiconductors), Thomas Kremer (member of the Board of Management of Deutsche Telekom), and Frankie Ng (SGS).

Collective action is clearly needed. The destabilizing WannaCry ransomware attacks in 2017 highlighted how critical infrastructure is particularly vulnerable to attack– with targets ranging from social services to car manufacturers and entire government departments.

"In joining the Charter of Trust, we feel that working together with industry peers will accelerate these goals and make the world a better place," says John N. Stewart, SVP and Chief Security and Trust Officer, Cisco. Michael Dell, Chairman and CEO, Dell Technologies adds: "By joining the Charter of Trust and partnering with other leading technology providers, we can help realize the promise of technology innovation to drive human progress while protecting people and securing their data in this digitally connected world."

The days of cybersecurity being the sole preserve of the IT department are over. Digitalization has led to an era of cybersecurity ubiquity, and has prioritized cybersecurity as an ongoing concern in every boardroom. Siemens has been encouraged by the take-up of the Charter since its launch.

“If we can find common ground on how we deal with each other in the marketplace, that’s good for everybody; then we can compete through innovation, productivity and customer proximity,” says Kaeser. “The internet does not see territorial boundaries, so we need to understand how we can communicate and secure our data with a global perspective. This is not about computers being hacked or cellphones being compromised. It is about keeping physical assets safe.”

Charter of Trust: 10 Principles

1. Ownership for cyber and IT security

Anchor the responsibility for cybersecurity at the highest governmental and business levels by designating specific ministries and CISOs. Establish clear measures and targets as well as the right mindset throughout organizations – “It is everyone’s task”.

2. Responsibility throughout the digital supply chain

Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as

  • Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.
  • Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.
  • Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable lifecycle for their products, systems, and services via a secure update mechanism.

3. Security by default

Adopt the highest appropriate level of security and data protection and ensure that it is preconfigured into the design of products, functionalities, processes, technologies, operations, architectures, and business models.

4. User-centricity

Serve as a trusted partner throughout a reasonable lifecycle, providing products, systems, and services as well as guidance based on the customer’s cybersecurity needs, impacts, and risks.

5. Innovation and co-creation

Combine domain know-how and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats; drive and encourage i.a. contractual Public Private Partnerships.

6. Education

Include dedicated cybersecurity courses in school curricula – as degree courses in universities, professional education, and trainings – in order to lead the transformation of skills and job profiles needed for the future.

7. Certification for critical infrastructure and solutions

Companies – and if necessary – governments establish mandatory independent third-party certifications (based on future-proof definitions, where life and limb is at risk in particular) for critical infrastructure as well as critical IoT solutions.

8. Transparency and response

Participate in an industrial cybersecurity network in order to share new insights, information on incidents et al.; report incidents beyond today’s practice which is focusing on critical infrastucture.

9. Regulatory framework

Promote multilateral collaborations in regulation and standardization to set a level playing field matching the global reach of WTO; inclusion of rules for cybersecurity into Free Trade Agreements (FTAs).

10. Joint initiatives

Drive joint initiatives including all relevant stakeholders in order to implement the above principles in the various parts of the digital world without undue delay.


For more information, visit www.charter-of-trust.com

Written by Arif Durrani, for Bloomberg Media Studios

Related links

Cybersecurity: A pillar of our digital world

Charter of trust: For a secure digital world

Cybersecurity: Comprehensive cyberprotection of energy infrastructures

Power infrastructure resilience: Standing strong against any threat

Siemens
LEARN MORE
Terms of ServiceTrademarksPrivacy Policy
CareersMade in NYCAdvertise
Ad Choices
Help©2026 Bloomberg L.P. All Rights Reserved.