Siemens has introduced new cybersecurity rules for its suppliers.
Suppliers must comply with minimum binding requirements which are being introduced step-by-step and are anchored in a separate, binding clause in all new contracts.
These requirements apply primarily to suppliers of security-critical components such as software, processors and electronic components for certain types of control units.
Siemens says that “the goal is to better protect the digital supply chain against hacker attacks”.
Existing suppliers who do not yet comply with the requirements are to implement them gradually. In future, suppliers themselves must, for example, perform security reviews, conduct tests and take corrective action on a regular basis.
“This step will enable us to reduce the risk of security incidents along the entire value chain in a holistic manner and offer our customers greater cybersecurity,” said Roland Busch, Siemens’ Chief Technology Officer.
“If all our partner companies put their global weight behind these measures and implement them together with their suppliers, we can generate tremendous impact and make the digital world more secure.”
Last year, Siemens strengthened its internal capacities for repelling hacker attacks and restructured its cyberorganization, which now has 1275 employees worldwide. In every region and division, the company has strengthened its network of cybersecurity managers, who now report to Siemens’ Chief Cybersecurity Officer Natalia Oropeza (pictured).
In a previous interview, Oropeza said: “Everything is networked today, whether it’s robots in production, medical devices, or power grids. The risk of data theft or data manipulation is constantly growing. In three years, more than 20 billion devices will be connected to the Internet of Things. Digitalization, which is so profitable for us, can succeed only if customers can build on the integrity of the data.”