Today, we find ourselves in the most challenging business environment of our lives. Multinational businesses thrive on certainty and predictability. But in the last several years, we’ve endured a barrage of disruptive and unpredictable events that have accelerated challenges and opportunities.
We’ve endured a once in a lifetime pandemic that has affected each of us in profound ways. The ongoing recovery from the pandemic has been uneven throughout the world and disruptions to global supply chains continue to impact practically every business.
And on the heels of this two-year disruption, we now face what is unfolding in Ukraine with the war which will have significant impact on energy security and the cybersecurity of critical energy assets.
While our sector and the broader technology industry were already sensitive to growing cybersecurity vulnerabilities, we now find ourselves in a new era of energy security concerns and a greater need to bolster and protect the critical energy infrastructure of the customers we serve.
As we learned from President Biden on March 21, 2022, we can expect to see increased malicious cyber activity within U.S. and allied critical infrastructure. I can say with certainty that we at Schneider Electric have seen such an increase and we remain vigilant in protecting our company and customers.
On April 14, 2022, we issued a security bulletin, in collaboration with the U.S. Department of Energy, the Cybersecurity & Infrastructure Security Agency (CISA), and cybersecurity defense partner, Mandiant, detailing, INCONTROLLER, a novel industrial control system (ICS)-oriented attack framework, built to target machine automation devices in critical infrastructure environments.
Working with our Federal government and industry partners, we were able to analyze this malware framework and publish protective measures prior to the framework being exploited for destructive effect. This is an instance of successful collaboration to deter threats against critical infrastructure before they occur, and further underscores how public-private partnerships are instrumental in countering threats.
Today, I’m announcing that we plan to build on this successful collaboration as an inaugural member of CISA’s ICS-focused Joint Cyber Defense Collaborative (JCDC).
As CISA Director, Jen Easterly announced at the S4x22 conference, the JCDC’s mission is to lead collaborative, public-private sector cyber defense planning, cybersecurity information fusion, and the purposeful dissemination of cyber defense guidance to reduce cyber risk to and increase the resilience of U.S. National Critical Functions.
We plan to be an active voice for the ICS community and U.S. critical infrastructure as we plan for and defend against more sophisticated cyber attacks. As a community, we must continue to build cyber defenses in our systems and products while focusing on a more resilient future.
A future where critical infrastructure can withstand cyber attacks and remain functional in the face of disruption. This is the direction we must take our planning efforts as part of the JCDC so that we can prepare ourselves for the next phase of this era.
For more information on Schneider Electric’s existing cybersecurity collaboration, please see below:
Our integrated solutions enable homes, commercial buildings, data centers, and critical infrastructure to operate more efficiently and securely. Our products and systems are used in over one million buildings worldwide, including 40,000 water & wastewater treatment installations, 40% of the world’s hospitals, 10 of the world’s top electric utilities, and 10 of the world’s largest airports. The cybersecurity of these products and systems is therefore of vital importance to us and our customers. As such, Schneider Electric is an active participant in the cybersecurity community in the U.S. and abroad. Below are selected examples of our engagement:
- World Economic Forum Centre for Cybersecurity Partner
- Paris Call for Trust and Security in Cyberspace Supporter
- Cyber Tech Accord Signatory
- Cybersecurity Coalition Member
- ISA Global Cybersecurity Alliance Founding Member
- Electricity Information Sharing and Analysis Participating Vendor
- Department of Energy CyTRICS program – first participating manufacturer to test products used in the U.S. grid.
- CISA Industrial Control Systems Joint Working Group (ICSJWG) – we hold multiple leadership positions in relevant working groups.
- Participate in numerous standards development organizations from the International Electrotechnical Commission (IEC) to the International Organization for Standardization (ISO) to craft relevant cybersecurity standards for our products and solutions.
- Additionally, Schneider Electric, together with the ISA GCA, is working hand in hand with CISA and companies globally to utilize the proven FEMA Incident Command System for use in coordinating cyber incident responses. This effort is called the Incident Command System for Industrial Control Systems (ICS4ICS). This innovative framework helps cyber responders globally to identify, respond, and recovery from cyber incidents using the same framework emergency responders in all other sectors use every day.
More on our cybersecurity posture and activities can be found at our Cybersecurity and Data Protection Posture page.