1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Charter
of Trust
cot
Charter
of Trust
cot
alt alt
Digitalization has transformed nearly every aspect of modern life. Today, billions of devices are connected through the Internet of Things. While this creates great opportunities, it harbours even greater risks if we are unprepared. Founded in 2018 at the Munich Security Conference, the Charter of Trust was initiated by Siemens because of increasing daily life exposure to malicious cyber-attacks. Today, its members have transformed it into a unique initiative of leading global companies and organizations working together to make the digital world of tomorrow safer.

That’s why together with strong partners we have signed a “Charter of Trust” – aiming at three important objectives

Protect the data of individuals and companies
Prevent damage to people, companies and infrastructures
Create a reliable foundation on which confidence in a networked, digital world can take root and grow

Our 10 Principles

Cybersecurity concerns all of us
Cybersecurity is and has to be more than a seatbelt or an airbag here; it's a factor that's crucial to the success of the digital economy. People and organizations need to trust that their digital technologies are safe and secure; otherwise they won't embrace the digital transformation. That's why we are signing together a Charter of Trust bearing the principles that are fundamental to a secure digital world.

1.Ownership for cyber and IT security

Anchor the responsibility for cybersecurity at the highest governmental and business levels by designating specific ministries and CISOs. Establish clear measures and targets as well as the right mindset throughout organizations – “It is everyone’s task”.

2.Responsibility throughout the digital supply chain

Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as

Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.

Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.

Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable lifecycle for their products, systems, and services via a secure update mechanism.

3.Security by default

Adopt the highest appropriate level of security and data protection and ensure that it is preconfigured into the design of products, functionalities, processes, technologies, operations, architectures, and business models.

4.User-centricity

Serve as a trusted partner throughout a reasonable lifecycle, providing products, systems, and services as well as guidance based on the customer’s cybersecurity needs, impacts, and risks.

5. Innovation and co-creation

Combine domain know-how and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats; drive and encourage i.a. contractual Public Private Partnerships.

6. Education

Include dedicated cybersecurity courses in school curricula – as degree courses in universities, professional education, and trainings – in order to lead the transformation of skills and job profiles needed for the future.

7.Certification for critical infrastructure and solutions

Companies – and if necessary – governments establish mandatory independent third-party certifications (based on future-proof definitions, where life and limb is at risk in particular) for critical infrastructure as well as critical IoT solutions.

8. Transparency and response

Participate in an industrial cybersecurity network in order to share new insights, information on incidents et al.; report incidents beyond today’s practice which is focusing on critical infrastructure.

9. Regulatory framework

Promote multilateral collaborations in regulation and standardization to set a level playing field matching the global reach of WTO; inclusion of rules for cybersecurity into Free Trade Agreements (FTAs).

10. Joint initiatives

Drive joint initiatives including all relevant stakeholders in order to implement the above principles in the various parts of the digital world without undue delay.

Partners

Together we will shape Cybersecurity

In order to keep pace with continuous advances in the market as well as threats from the criminal world, businesses and governments need to coordinate their actions in a targeted manner. We are therefore joining forces to protect our democratic and economic values against cyber and hybrid threats. In this charter, the signing partners outline the key principles we consider essential for establishing a new charter of trust between society, politics, business partners, and customers.
AES
Learn more Learn more
Airbus
Learn more Learn more
Allianz
Learn more Learn more
Atos
Learn more Learn more
Cisco
Learn more Learn more
Dell Technologies
Learn more Learn more
IBM
Learn more Learn more
Infineon
To the Partner To the Partner
Mitsubishi Heavy Industries, Ltd. (MHI)
Learn more Learn more
MSC
To the Partner To the Partner
NTT
Learn more Learn more
NXP
Learn more Learn more
SGS
Learn more Learn more
Siemens
Learn more Learn more
Telekom
Learn more Learn more
Total
To the Partner To the Partner
TÜV Süd
Learn more Learn more

At a glance

The key aspects in a nutshell. Learn more about the Charter of Trust and the features that make it so special, and get to know the ten basic principles for a safer digital world.
Charter of Trust Principles
Charter of Trust Presentation
Education Campaign Booklet

Don’t miss any updates

Sign up for our newsletter to receive current information and reports about cybersecurity.
More about our newsletter More about our newsletter
First and Last Name*
Email*
More about our newsletter More about our newsletter

charteroftrust.com Website © 2020

circles
1

Ownership for cyber and IT security

Anchor the responsibility for cybersecurity at the highest governmental and business levels by designating specific ministries and CISOs. Establish clear measures and targets as well as the right mindset throughout organizations – “It is everyone’s task”.

2

Responsibility throughout the digital supply chain

Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as

Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.

Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.

Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable lifecycle for their products, systems, and services via a secure update mechanism.

3

Security by default

Adopt the highest appropriate level of security and data protection and ensure that it is preconfigured into the design of products, functionalities, processes, technologies, operations, architectures, and business models.

4

User-centricity

Serve as a trusted partner throughout a reasonable lifecycle, providing products, systems, and services as well as guidance based on the customer’s cybersecurity needs, impacts, and risks.

5

Innovation and co-creation

Combine domain know-how and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats; drive and encourage i.a. contractual Public Private Partnerships.

6

Education

Include dedicated cybersecurity courses in school curricula – as degree courses in universities, professional education, and trainings – in order to lead the transformation of skills and job profiles needed for the future.

7

Certification for critical infrastructure and solutions

Companies – and if necessary – governments establish mandatory independent third-party certifications (based on future-proof definitions, where life and limb is at risk in particular) for critical infrastructure as well as critical IoT solutions.

8

Transparency and response

Participate in an industrial cybersecurity network in order to share new insights, information on incidents et al.; report incidents beyond today’s practice which is focusing on critical infrastructure.

9

Regulatory framework

Promote multilateral collaborations in regulation and standardization to set a level playing field matching the global reach of WTO; inclusion of rules for cybersecurity into Free Trade Agreements (FTAs).

10

Joint initiatives

Drive joint initiatives including all relevant stakeholders in order to implement the above principles in the various parts of the digital world without undue delay.