UL Launches Cybersecurity Assurance Program
Will help vendors in assessing security risks and help purchasers of products in mitigating risk
NORTHBROOK, Ill. — UL (Underwriters Laboratories) has announced its new Cybersecurity Assurance Program (UL CAP). UL CAP uses the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls, and increase security awareness. UL CAP is for vendors looking for trusted support in assessing security risks while they continue to focus on product innovation to help build safer more secure products, as well as for purchasers of products who want to mitigate risks by sourcing products validated by a trusted third party.
UL noted that as cyber-attacks become more sophisticated, harder to protect against, and more costly, security precautions are critical. There will be 21-50 billion connected devices by 2020, according to Gartner and other industry reports. By 2018, it is predicted that 66 percent of networks will have an Internet of Things (IoT) security breach. The security and financial risks impacting products and services globally for the public and private sectors and consumers alike are the key drivers to develop new safeguards in an ever-changing security threat landscape faced with growing risks.
“We’re aiming to support and underpin the innovative, rapidly iterating technologies that make up the Internet of Things with a security program,” said Rachna Stegall, director of connected technologies at UL. “The more devices become interconnected, the greater the potential security risks to products and services across all sectors. The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers, and end-users, both public and private, mitigate those risks via methodical risk assessments and evaluations.”
The new UL CAP was developed with input from major stakeholders representing the U.S. federal government, academia, and industry to elevate the security measures deployed in the critical infrastructure supply chain. The White House recently released the Cybersecurity National Action Plan (CNAP), designed to enhance cybersecurity capabilities within the U.S. government and across the country. UL’s CAP services and software security efforts were recognized within the CNAP as a way to test and certify network-connectable devices within the Internet of Things supply chain and ecosystems especially relevant in critical infrastructures, such as energy, utilities, and health care.
Building on the successful pilot, UL CAP can help vendors identify security risks in their products and systems and suggests methods for mitigating those risks in a wide range of industries, including: HVAC, appliances, smart home, building automation, industrial control systems, consumer electronics, and more.
Meeting the requirements outlined in the UL 2900 series of standards allows a product or system to be certified by UL as “UL 2900 compliant.” Additionally, since security is dynamic, UL 2900 can support the evaluation of a vendor’s processes for design, development, and maintenance of secure products and systems.
For more information on UL CAP, visit www.ul.com/cybersecurity.
Publication date: 4/19/2016