Basic requirements for the sharing and use of data are: Access that is protected against misuse; secure processing, storage and handling of data; and the maintenance of its integrity and confidentiality. Companies in the electrical industry are therefore committed to promote security as comprehensively as possible through a holistic approach. This includes both security by design in the development phase and security lifecycle management throughout the entire product and data lifecycle.
Unauthorized access must be countered with the fastest possible response.
Case studies from practice
Case study 1: Befund24
Befund24 has set up a marketplace for the mediation of remote diagnosis services in the health sector. To protect personal data, the platform operates according to the basic principle of „privacy by design and by default“ in accordance with Article 25 of the General Data Protection Regulation (GDPR). The development of the Befund24 marketplace solution is based on the Siemens Healthi- neers cybersecurity development process, which includes a threat and risk analysis (TRA), the imple- mentation of security standards and security checks. In addition, external penetration tests are car- ried out regularly. Patient data is always encrypted in the Befund24 cloud. Patients can assert any claims for information against the hospital or the creator of the findings report.
Further Information
Case study 2: Eaton
At Eaton, every digitally controlled or networked product or system is tested by a global Center of Excellence (CoE) for product cybersecurity as part of the cybersecurity life-cycle before being launched to the market. The CoE, together with the product managers, acts as an approval body.
Further information
https://www.eaton.com/us/en-us/markets/innovation-stories/Managing-Cybersecurity-Risks.html
Case study 3: Infineon
The high safety requirements for automated and networked vehicles have a major influence on the design of Infineon chips as the smallest electronic elements in the vehicle. In modern vehicles with 100 or more ECUs, so-called security anchors protect against manipulation or theft of data. These semiconductor chips with highly secure encryption mechanisms are either directly integrated into the numerous microcontrollers or built in as discrete security controllers. These chips protect against manipulation and intrusion attempts, so that a violation of data security can be fended off.
Further information
https://www.infineon.com/cms/de/discoveries/Fahrzeugsicherheit/?redirId=38066
Case study 4: Phoenix Contact
Phoenix Contact takes security requirements for software and hardware into account as early as the development phase of a product. For automation solutions, a security concept with the necessary protective measures is developed. Both are carried out in accordance with the international IEC 62443 series of standards. Phoenix Contact has also established a team as a contact partner for users who discover security gaps and actively informs them about known safety gaps. The Product Security Incident Response Team (PSIRT) adheres to the process chain of the standard series when processing, evaluating and publishing reports and updates.
Further information
Case study 5: Siemens
Siemens has established ten principles for cyber security in its "Charter of Trust". These include the principle of "Taking Responsibility in the Digital Supply Chain". This means, for example, that security must also be anchored in the value network with suppliers. To ensure this, a roll-out was started, which includes corresponding terms and conditions in all purchasing contracts and the qualification of 300 pilot suppliers. Siemens supports business partners and suppliers in implementing the "Roadmap to Compliance" with the necessary security levels, including external certification.
Further information
3. Promoting data security through security by design and security lifecycle management
Basic requirements for the sharing and use of data are: Access that is protected against misuse; secure processing, storage and handling of data; and the maintenance of its integrity and confidentiality. Companies in the electrical industry are therefore committed to promote security as comprehensively as possible through a holistic approach. This includes both security by design in the development phase and security lifecycle management throughout the entire product and data lifecycle.
Unauthorized access must be countered with the fastest possible response.
Case studies from practice
Case study 1: Befund24
Befund24 has set up a marketplace for the mediation of remote diagnosis services in the health sector. To protect personal data, the platform operates according to the basic principle of „privacy by design and by default“ in accordance with Article 25 of the General Data Protection Regulation (GDPR). The development of the Befund24 marketplace solution is based on the Siemens Healthi- neers cybersecurity development process, which includes a threat and risk analysis (TRA), the imple- mentation of security standards and security checks. In addition, external penetration tests are car- ried out regularly. Patient data is always encrypted in the Befund24 cloud. Patients can assert any claims for information against the hospital or the creator of the findings report.
Further Information
Case study 2: Eaton
At Eaton, every digitally controlled or networked product or system is tested by a global Center of Excellence (CoE) for product cybersecurity as part of the cybersecurity life-cycle before being launched to the market. The CoE, together with the product managers, acts as an approval body.
Further information
https://www.eaton.com/us/en-us/markets/innovation-stories/Managing-Cybersecurity-Risks.html
Case study 3: Infineon
The high safety requirements for automated and networked vehicles have a major influence on the design of Infineon chips as the smallest electronic elements in the vehicle. In modern vehicles with 100 or more ECUs, so-called security anchors protect against manipulation or theft of data. These semiconductor chips with highly secure encryption mechanisms are either directly integrated into the numerous microcontrollers or built in as discrete security controllers. These chips protect against manipulation and intrusion attempts, so that a violation of data security can be fended off.
Further information
https://www.infineon.com/cms/de/discoveries/Fahrzeugsicherheit/?redirId=38066
Case study 4: Phoenix Contact
Phoenix Contact takes security requirements for software and hardware into account as early as the development phase of a product. For automation solutions, a security concept with the necessary protective measures is developed. Both are carried out in accordance with the international IEC 62443 series of standards. Phoenix Contact has also established a team as a contact partner for users who discover security gaps and actively informs them about known safety gaps. The Product Security Incident Response Team (PSIRT) adheres to the process chain of the standard series when processing, evaluating and publishing reports and updates.
Further information
Case study 5: Siemens
Siemens has established ten principles for cyber security in its "Charter of Trust". These include the principle of "Taking Responsibility in the Digital Supply Chain". This means, for example, that security must also be anchored in the value network with suppliers. To ensure this, a roll-out was started, which includes corresponding terms and conditions in all purchasing contracts and the qualification of 300 pilot suppliers. Siemens supports business partners and suppliers in implementing the "Roadmap to Compliance" with the necessary security levels, including external certification.
Further information