The government-backed accreditation is a prerequisite for any company dealing with Critical National Infrastructure (CNI) or defence projects in the UK
Siemens UK has been awarded the Cyber Essentials Plus (CE+) certification, a prerequisite for organisations applying for critical national infrastructure (CNI) and defence projects in the United Kingdom.
The certification was awarded by ECSC, an independent certifying body for the Cyber Essentials programme, which conducts assessments and reports the outcome to the scheme administrators – the Information Assurance for Small and Medium Enterprises (IASME) consortium.
Cyber Essentials is a cyber security standard introduced by the UK government that aims to provide organisations with pragmatic protection against the most common cyber security threats. CE+ is a step ahead of the standard Cyber Essentials (CE) assessment, which requires organisations to undertake a series of onsite technical assessments that include internal vulnerability tests against servers and sample workstations.
Siemens was awarded the CE+ following a stringent three-month process conducted at its Manchester and Newcastle premises. The evaluation, which was carried out remotely in view of COVID restrictions, looked at:
- Boundary Firewalls & Internet Gateways
- Secure Configuration
- Patch Management
- Access Gateway (User accounts)
- Malware Protection
The certification is renewable every 12 months and Siemens received its CE certificate in November 2020 followed by its CE+ accreditation in Jan 2021.
Paul Hingley, Business Unit Manager, Industrial Security Services at Siemens said, “The CE+ badge significantly endorses Siemens’ stature as a company that takes cyber security very seriously. It demonstrates our commitment to the UK Government Cyber Security initiatives while also demonstrating to our customers that we are a company they can trust. Siemens has also invested heavily in our global internal policies and procedures where we can demonstrate compliance against the IEC62443 standard. Our product development and services all comply to this global standard allowing us to supply solutions and service provisions our customers can rely on. We are the first global company in the Industrial Control Systems (ICS) space to achieve this certification which is a massive achievement for a company with such a complex IT structure that operates on a global platform. This provides Siemens with the ability to demonstrate our competence and credibility in Cyber Security when we compete for major CNI and Defence projects.”
“The CE+ certification together with our internal IEC62443 compliance and governance procedures implies to our clients they are dealing with a company whose products can be validated and verified into security architectures, solutions, processes and systems. It allows our customers to promote best practices, to enhance and promote cyber security requirements into their own supply chain. At Siemens we are committed to ensuring our stakeholders can rely on the highest standards of cyber security, compliance, and privacy while maintaining the very highest standards of engineering.”
Siemens has over 900 assets at both of the sites that went through the rigorous process and nearly 300 machines connected remotely throughout the UK. Other sites in the UK are following the same route and will all be CE+ certified before the end of 2021.
Sean Fahey, CE Specialist, ECSC said, “Whilst this wasn’t my first experience with a manufacturing company, it was one of the largest tasks we had undertaken. It was very much an adapted team effort from both parties.
“We worked with one goal and along the way found solutions, adapted to issues, all this ensuring we remained compliant to the standards. It’s reassuring to see organisations like Siemens be part of the CE+ certification process and taking the responsibility seriously and it is not simply a ‘tick box’ exercise.”
About Cyber Essentials
The UK Government worked with the IASME consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls to help organisations protect themselves against common online security threats. The Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme.
Further information and guidance for businesses, charities and other organisation can be found on the new Cyber Essentials microsite at www.cyberessentials.ncsc.gov.uk.
Follow Siemens on Twitter at: @SiemensUKNews
Siemens Digital Industries (DI) is an innovation leader in automation and digitalization. Closely collaborating with partners and customers, DI drives the digital transformation in the process and discrete industries. With its Digital Enterprise portfolio, DI provides companies of all sizes with an end-to-end set of products, solutions and services to integrate and digitalize the entire value chain. Optimized for the specific needs of each industry, DI’s unique portfolio supports customers to achieve greater productivity and flexibility. DI is constantly adding innovations to its portfolio to integrate cutting-edge future technologies. Siemens Digital Industries has its global headquarters in Nuremberg, Germany, and has around 75,000 employees internationally.
Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability, and internationality for more than 170 years. Active around the world, the company focuses on intelligent infrastructure for buildings and distributed energy systems and on automation and digitalization in the process and manufacturing industries. Siemens brings together the digital and physical worlds to benefit customers and society. Through Mobility, a leading supplier of intelligent mobility solutions for rail and road transport, Siemens is helping to shape the world market for passenger and freight services. Via its majority stake in the publicly listed company Siemens Healthineers, Siemens is also a world-leading supplier of medical technology and digital health services. In addition, Siemens holds a minority stake in Siemens Energy, a global leader in the transmission and generation of electrical power that has been listed on the stock exchange since September 28, 2020. In fiscal 2019, which ended on September 30, 2019, the Siemens Group generated revenue of €58.5 billion and net income of €5.6 billion. As of September 30, 2019, the company had around 295,000 employees worldwide on the basis of continuing operations. Further information is available on the Internet at www.siemens.com.