Any supplier hoping to peddle their wares to Siemens will have to meet tough new cybersecurity standards.
The new requirements will be introduced step-by-step starting on February 15, 2019, and anchored in a separate, binding clause in all new contracts. They mostly apply to suppliers of security-critical components such as software, processors and electronic components for certain types of control units.
Existing suppliers who do not yet comply with the requirements are to implement them gradually.
The goal is to better protect the digital supply chain against hacker attacks and are based on the Charter of Trust for cybersecurity.
Suppliers are required to integrate special standards, processes and methods into their products and services. These should prevent vulnerabilities and malicious codes at suppliers – and thus in Siemens products as well. In the future, suppliers themselves must, for example, perform security reviews, conduct tests and take corrective action on a regular basis. Siemens is making these requirements mandatory for its own activities too.
Roland Busch, member of Siemens’ Managing Board and the company’s Chief Operating Officer and Chief Technology Officer said: “This step will enable us to reduce the risk of security incidents along the entire value chain in a holistic manner and offer our customers greater cybersecurity. If all our partner companies put their global weight behind these measures and implement them together with their suppliers, we can generate tremendous impact and make the digital world more secure.”