And does your offer include security?
How equipment manufacturers come to terms with new cybersecurity requirements from their clients.
Imagine you are the procurement director for a hospital or an industrial company. Sales representative come along touting the latest features on their products which are now all capable of native IoT. This is great, fantastic value and new business models will be driven by data coming from IoT devices. But you can’t help but think back to when WannaCry hit and the COO and then the CEO of your company both called you in a frenzy asking how to protect the critical production systems.
It turns out that this can be quite the hassle if you’re not prepared. The natural route in such an occurrence is to patch the vulnerability. But the first problem is of the availability of a patch. The lead time for patches from most equipment manufacturers is measured in months, not days. Even when it is available you have to determine who will be patching the machine. Your IT department and production department might be able to combine forces to pull this off but then what happens to the warranty on the machine? Will this be voided by touching the machine and updating it yourself? Better to ask your vendor to come in to help, but if this has not been agreed in your original contract, you are at their mercy and it might cost you dearly in service fees.
All in all you are not too comfortable with your current position. So your company has started thinking about ways to improve the situation and protect vital business infrastructure from cyberattacks. Thus the natural question you will ask every sales representative walking into your office will be: “And does your offer include security?”
The Charter of Trust global cybersecurity initiative
This is a make or break situation for equipment manufacturers who are starting to react to this new requirement of their clients. The Status Quo is not acceptable since, in the very near future, markets will close to equipment that does not include security. On the other hand offering cybersecurity could also be a key differentiator turning the threat into an opportunity. The charter of trust initiative stems from this exact realization its founders and signatories recognize the need for cybersecurity and aim to work together to further trust.
Equipment manufacturers need to decide how to expand their offer regarding cybersecurity to complement their existing portfolio. This is no easy task since cybersecurity experts are in high demand and almost non-existent on the job market. Usually the few experts they have or are able to hire will be used first and foremost to increase product security and roll out patches. But judging by the question from the procurement director, it would certainly also be possible to sell additional cybersecurity services and products if they have the delivery capabilities.
Challenges to address
What the clients really seem to want is an end-to-end security offering that covers not only the production equipment and its immediate environment but rather the whole connected enterprise covering IT, OT as well as IoT. This gives the client one view off all their connected assets, tying together all the responsibility and saving costs by not splitting expertise. This unified view is also crucial to enable detection and mitigation of cross domain attacks that are becoming more prevalent as hackers seek creative new exploits to enter and move laterally within networks.
The lack of resources and the lack of sufficient IT-security expertise at the disposal of equipment manufacturers will make partnerships between manufacturing companies and IT-Security companies essential to make this vision happen.
Working Together to Strengthen Cybersecurity
It is clear that a co-innovation and joint efforts between the client and its end-to-end security provider is a strong asset and a competitive differentiator.
I would like here to share with you the partnership we have signed with Siemens aimed at accelerating each other’s digital transformation business. In the field of cybersecurity we have invested together to create new solutions fitting the needs of our customers. We have for instance created a world class solution that enables cross domain sharing of security events tying them together in our prescriptive SOC. Siemens has built state-of-the-art cybersecurity functionalities for its products and developed a deep understanding of the stakes in production environments.
An added benefit of end-to-end cybersecurity is the inherent asset and data management it entails. This added structure will make the transition towards the data driven enterprise easier, more cost effective and much more reassuring for the C-Suite, trusting that the digital technology they are investing into is safe and secure.
The answer to the question at hand can only be “Yes of course we can offer an end-to-end security solution with our products in combination with our trusted IT-Security partner who under-stands how our products integrate with the IT infrastructure”.