driving security in an unsecure worldin january 2018 we established a new cybersecurity unit headed...

Driving security in

an unsecure world

Siemens Cybersecurity Press Tour | November 26, 2018

Eva Schulz-Kamm, Global Head of Government Affairs

Rainer Zahner, Global Head of Cybersecurity Governance

siemens.com/cybersecurity | charter-of-trust.com | #Charter of Trust Restricted © Siemens AG 2018

Content

1 – Two sides of the same coin Digitalization and the importance of cybersecurity

2 – Driving security Our holistic cybersecurity approach

3 – Questions and answers Open discussion

Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018 siemens.com/cybersecurity | charter-of-trust.com

Siemens at a glance

Siemens AG is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for 170 years. The company is active around the globe, focusing on the areas of electrification, automation and digitalization.

One of the largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of efficient power generation and power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive and software solutions for industry. With its publicly listed subsidiary Siemens Healthineers AG, the company is also a leading provider of medical imaging equipment – such as computed tomography and magnetic resonance imaging systems – and a leader in laboratory diagnostics as well as clinical IT.

In fiscal 2018, which ended on September 30, 2018, Siemens generated revenue of €83.0 billion and net income of €6.1 billion. At the end of September 2018, the company had around 379,000 employees worldwide.

siemens.com/cybersecurity | charter-of-trust.com

Two sides of the same coin Digitalization and the importance of cybersecurity

1

Digitalization creates

opportunities and risks


… and risks Exposure to malicious cyberattacks is also growing dramatically, putting our lives and the stability of our society at risk

Digitalization creates …

Opportunities

Blue Boxing Cryptovirology AOHell

Level Seven Crew hack

Denial-of-service attacks Cloudbleed

sl1nk SCADA hacks

Meltdown/Spectre

Infineon/TPM

AT&T Hack Morris Worm Melissa Worm ILOVEYOU WannaCry

NotPetya

Heartbleed Industroyer/Chrashoverride

Stuxnet

2000 2004 2008 2012 2016 2020 1996 1988 1992

Billions of devices are being connected by the Internet of Things and are the backbone of our infrastructure and economy

50.1B (2020)

IoT Inception (2009) 8.7B (2012)

11.2B (2013)

14.2B (2014)

18.2B (2015)

22.9B (2016)

28.4B (2017)

42.1B (2019)

0.5B (2003)

Connected Systems

Connected Facilities/Plant/Site

Connected Products

34.8B (2018)

Billion of Devices


As much as these advancements are improving our lives and economies, the risk of exposure to malicious cyberattacks is also growing dramatically. Failure to protect the systems that control our homes, hospitals, factories, grids and virtually all of our infrastructures could have devastating consequences. Democratic and economic values need to be protected against cyber and hybrid threats.

– Cybersecurity is and has to be more than a seatbelt or an airbag here; it’s a crucial factor for the success of the digital economy.

– People and organizations have to trust digital technologies to be safe and secure. Otherwise, they can’t accept and embrace the digital transformation.

– Digitalization and cybersecurity must evolve hand in hand.

Cybersecurity as a crucial factor for the digital economy


Driving security Our holistic cybersecurity approach 2

Our cybersecurity approach

Protect society of cyber threats and risks

Increase trust in digital solutions and provide competitive advantage

Accelerate customer’s digital transformation and boost digital business

Digitalization and cybersecurity are two sides of the same coin – That’s why we are driving security holistically with clear overall goals


Siemens is in a unique position to lead industrial cybersecurity

We have four clear distinguishing features that set us apart from the competition

Domain know-how of verticals and cybersecurity

Holistic approach to cybersecurity

Initiator and driver Charter of Trust

Global player in digitalization



As a global player, we unlock the potential of digitalization worldwide.

Global player in digitalization

─ Digital technologies revenue of €5.2 billion (FY 2017)

─ ~1 million devices connected to MindSphere

─ Siemens among world’s top ten software companies


Siemens is following a clear digitalization strategy based on our growth strategy in E-A-D

Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018

Digitalization Leader

Automation No. 1 globally

Electrification Leader

Market CAGR FY 2018 – 2022

~+8%

~+3%

+1 – 3%

Digital services

€~1.2 bn

Siemens software

€~4.0 bn

Revenue FY 2017

Enhanced automation

€~19 bn

Enhanced electrification

€~43 bn

Classic services

€~17 bn

+20%

Strategic direction

Reinforce No. 1 position and utilize it for digitalization

Differentiate through expanded offerings with automation and digitalization

Strengthen leadership with a combination of software, platforms and services MindSphere

With clear acquisitions and in-house developments, we have made ourselves the 8th largest software company in the world

1 In-house development or digital upgrades

Siemens automation – real world

Totally Integrated Automation1

1958 2000 2014 2010 2012 2016 2006 1996

O R S I

SIMATIC1

Siemens software – virtual world

Desigo CC1

Spectrum Power ADMS1

2018

More than €10 billion in software acquisitions since 2007



With our technical expertise and deep domain know-how, we are driving security along the digital value chain.

Domain know-how of verticals and cybersecurity

─ First IT Security team established in 1986

─ 1,275 Cybersecurity experts across all business areas

─ Most of our Divisions already offer cybersecurity solutions


We are driving long-term research topics in our core technology field: Cybersecurity

3

6

2

5

2

5

1

4

5

8

4

7

6

9

5

8

1. Self-Securing Systems Design

2. Security Validation for Digital Twin

3. NextGen Patching

4. Security for Cooperative Autonomous Systems

5. Post Quantum Cryptography

6. Homomorphic Encryption

7. Automated Forensics and Malware Analysis

8. Secure Cloud-based Realtime Control

9. Supply-chain Security

10. …



With our approach to cybersecurity, we provide holistic answers to the threats of our time.

Holistic approach to cybersecurity

─ Initiated improvement program to protect IT/OT infrastructure

─ Created initiative to secure products and services

─ First company to integrate security in all phases of product development lifecycle


The challenges to cybersecurity require new approaches to technology

Need for cybersecurity technologies

ICS: Industrial Control System | IEC: International Electrotechnical Commission

What cybersecurity technology to use for my future products/solutions?

Is there technology that can secure my existing installations?

How can I securely use and connect to the cloud for digital services?

What is the technology to generate security business?

How do I scale my effort for cybersecurity?

Digitalization

Increasingly connected Industrial Control Systems offer new levels of efficiency and productivity

However

Connected critical infrastructures offer new possibilities to attack

Siemens Business Units Standards and regulations e.g. IEC 62443 Security Levels

Protection against intentional violation using sophisticated means, extended resources, ICS specific skills, high motivation

Protection against intentional violation using sophisticated means, moderate resources, ICS specific skills, moderate motivation

Protection against intentional violation using simple means, low resources, generic skills, low motivation

Protection against casual or coincidental violation

SL4

SL3

SL2

SL1


Global Public Affairs Forum | Schulz-Kamm / Zahner| September 28, 2018

We offer a holistic concept to secure products, solutions and services as well as our own IT infrastructure

Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018 Page 18 Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018

Siemens develops, produces and sells products, solutions and services Protection of critical assets, “golden nuggets,” and internal IT/OT infrastructures

Products and Solutions Security

Security Customer Services

Internal Cybersecurity

Customer buys products, solutions or (managed) services Focus on security for Siemens products and solutions including components for critical infrastructure

Siemens service ensures efficient and reliable operations Focus on building up security solutions and service business for Siemens customers

Our holistic concept to cybersecurity makes the difference …

… for the societies, our customers and Siemens

Protection of our IT & OT infrastructure

Page 20 Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018 siemens.com/cybersecurity | charter-of-trust.com

Protection of our products, solutions and services

Enable cyber solutions for our business


With the Charter of Trust, we take the next step toward making the digital world more secure globally.

Initiator and driver Charter of Trust

─ First initiative of its kind worldwide (established 2018)

─ 16 partners have already signed the Charter of Trust

─ Requested France to include Cybersecurity as topic for 2019 G7

Page 21 Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018 siemens.com/cybersecurity | charter-of-trust.com

Global Public Affairs Forum | Schulz-Kamm / Zahner| September 28, 2018

Together with strong partners we have signed the Charter of Trust with three important objectives in our sights:

1. Protect the data of individuals and companies

2. Prevent damage to people, companies and infrastructures

3. Create a reliable foundation on which confidence in a networked, digital world can take root and grow

Page 22 Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018 Page 22 Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018

We came up with ten key principles

01 Ownership of cyber- and IT security

02 Responsibility throughout the digital supply chain

03 Security by default

04 User-centricity

05 Innovation and co-creation

06 Education

07 Certification for critical infrastructure and solutions

08 Transparency and response

09 Regulatory framework

10 Joint initiatives

Page 23 Siemens Cybersecurity Press Tour | Schulz-Kamm / Zahner| November 26, 2018

And we bring them to life as

Principle 1 — Ownership of cyber- and IT security

Concrete implementation steps at Siemens In January 2018 we established a new cybersecurity unit headed by Natalia Oropeza, our new Chief Cybersecurity Officer (CCSO). In this function, she reports directly to the Managing Board of Siemens AG.

“Cybersecurity is more than a challenge. It’s a huge opportunity. By setting standards with a dedicated and global team to make the digital world more secure, we are investing in the world’s most valuable resource: TRUST.

Our proposals for more advanced Cybersecurity rules and standards are invaluable to our partners, stakeholders and societies around the world. That is what we call “ingenuity at work.”

Natalia Oropeza,

Chief Cybersecurity Officer, Siemens AG

01

For our society, customers and Siemens, we are

the trusted partner in the digital world

by providing industry leading cybersecurity.

Together we make cybersecurity real – because it matters

Our Vision

Our

Holistic

approach

The Siemens approach for a new cybersecurity organization

Protection of our IT and OT infrastructures

Protection of our products, solutions and services

Enable cyber solutions for our business



Concrete implementation steps at Siemens Siemens provides a multilayered concept that gives plants both all-round and in-depth protection

Know-how and copy protection

Authentication and user management

Firewall and VPN (Virtual Private Network)

System hardening and continuous monitoring

02

The Siemens security concept defense-in-depth

Principle 2 — Responsibility throughout the digital supply chain

Concrete implementation steps with the CoT partners

With our partners, we are defining a list of minimum security requirements for all players in the supply chain as well as effective mechanisms that can support their implementation



Principle 3 — Security by default

Only if security requirements are already taken into account in the early phase of a product, can the highest appropriate level of security be offered proactively.

Concrete implementation steps at Siemens The Siemens Elektronikwerk Amberg uses cutting-edge technologies to produce approximately 15 million SIMATIC products each year. A holistic security concept is applied throughout the lifecycle.

03 03

Assess Security

Implement Security

Manage Security

“Considering our extensive network, which multiplies the number of possible points of entry to our IT infrastructure, we cannot assume that yesterday’s solutions will protect against today’s potential threats.

Since introducing SIEM, we have much greater transparency about the effectiveness of our measures to protect against cyberattacks.”

Gunter Beitinger,

Chief Executive Officer (CEO), Siemens Elektronikwerk Amberg



Principle 9 — Regulatory framework

Concrete implementation steps at Siemens Siemens actively participate in a comprehensive cybersecurity network (relevant criminal prosecutors, ISA, FIRST, CERT Community, SAFECode). We gather threat information and disseminate it through these partnerships.

Regulation and standardization are only successful if they are based on multilateral cooperation. The World Trade Organization is our role model.

Our Government Affairs

activities, which include the

initiative to create a Charter of

Trust, are committed to helping

bring cybersecurity to the

agenda and translating it into

concrete regulations and

standards.

09


Together we strongly believe ─ Effective cybersecurity is a precondition for

an open, fair and successful digital future

─ By adhering to and promoting our principles, we are creating a foundation of trust for all

charter-of-trust.com As a credible and reliable voice,

we collaborate with key

stakeholders to achieve trust in

cybersecurity for global citizens.

We initiated a network that does not only sign, but collaborates on cybersecurity!

On February 16, 2018, we laid the cornerstone for the joint “Charter of Trust” initiative together with a number of partners aspiring to recruit more comrades in arms for our initiative worldwide and create a digital world that is based on trust in the digital and hyperconnected world. One that’s independent of competitors and regions. Trust must not stop at geographical or industry borders.

Trust matters to everyone. It’s everyone’s task.


Thank you very much for your attention. Discussion 3

driving security in an unsecure worldin january 2018 we established a new cybersecurity unit headed...

Documents