Connected Solution Security Principles

Connected Solution Security Principles

The growing connectivity of people, devices and organizations opens up tremendous business opportunities. While this increased level of connectivity provides value, it also heightens the need for organizations to focus on cybersecurity. We, at Caterpillar, are taking a proactive approach toward protecting your data and embedding security within our connected solutions. The principles listed here form the basis of our connected solution security strategy that emphasizes due care in managing risk.

  1. We have a dedicated cybersecurity program and team focused on securing connected solutions

    Our dedicated connected solution security program is designed to produce secure solutions and protect connected solution data. We have a cross-functional cybersecurity team comprised of professionals from our product, information security, legal and compliance organizations who focus on managing the security of our connected solutions. The program extends beyond our people to include our partners and customers.

  2. We follow a risk-based approach to implement multiple layers of cybersecurity controls

    We use standards-based processes and technologies to design, develop and validate the security of our connected solutions and to protect customer data from unauthorized access or disclosure.

  3. We proactively identify and address risks to our connected solutions

    We monitor and assess the cybersecurity posture of our connected solutions and environment and take active steps to continuously improve. We have also created a website for researchers and others to report information or potential cybersecurity vulnerabilities that may affect our products or services: http://www.cat.com/vulnerability-reporting.

  4. We respond to cybersecurity events in our connected solution environment

    Our cross-functional Computer Security Incident Response Team (CSIRT) is dedicated to threat intelligence, detection and response to cyberattacks, including those that may impact our connected solution environment.

  5. We provide ongoing training and awareness

    Our internal cybersecurity awareness program caters to topics such as phishing, social networking, password security and mobile device usage. We provide cybersecurity training to employees who need specific cybersecurity skills as part of their job responsibilities. We also develop guidance to help our customers configure, operate and decommission their connected products in a secure manner.

 

Contact: For more information about connected solution security at Caterpillar, please email us at ProductSecurity@cat.com.