Browse by Editorial Category
Browse by Edition Date

September 2016

Skip Navigation Links.
Expand Applying TechnologyApplying Technology
Expand Energy ManufacturingEnergy Manufacturing
Expand Expo Wichita KS Show Product PreviewExpo Wichita KS Show Product Preview
Expand Current NewsCurrent News
Collapse IMTS Product PreviewIMTS Product Preview
Expand People In The NewsPeople In The News
Expand Quality ControlQuality Control
Expand WeldingWelding
Expand WorkholdingWorkholding

show all editions →

Click here to watch Tutorial Videos >

IscarIscarSST ConsumablesSST Consumables

UL Launches Cybersecurity Assurance Program for Industrial Control Systems



UL, a global safety science organization, has announced its new Cybersecurity Assurance Program (UL CAP) for industrial control systems. Using the new UL 2900-2-2 Standard, UL CAP for industrial control systems offers testable cybersecurity criteria to help assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness.

"UL CAP is designed for control system manufacturers looking for trusted support in assessing security risks while they continue to focus on product innovation to help build safer, more secure products, as well as for OEMs, machine tool builders, system integrators and retrofitters who want to mitigate risks by sourcing products assessed by a trusted third party," said a company spokesperson.

The Industrial Internet of Things (IIoT) is enabling more sophisticated capabilities through network-connected products and systems. As a result, industrial control systems are becoming more interconnected, connectable and networkable. The security, performance and financial risks impacting industrial control systems globally are the key drivers in developing new safeguards in an ever-changing security threat landscape faced with growing risks.

"We are aiming to support and underpin the innovative, rapidly iterating technologies that make up the IIoT with a security program," said Rachna Stegall, Director of Connected Technologies at UL. "The more industrial control systems become interconnected with other devices, the greater the potential security risks. The Cybersecurity Assurance Program's purpose is to help manufacturers, purchasers and end-users, both public and private, mitigate those risks via methodical risk assessments and evaluations."

The new UL CAP was developed with input from major stakeholders representing the U.S. Federal government, academia and industry to elevate the security measures deployed in the critical infrastructure supply chain. The White House recently released the Cybersecurity National Action Plan (CNAP), designed to enhance cybersecurity capabilities within the U.S. government and across the country. UL's CAP services and software security efforts were recognized within the CNAP as a way to test and certify network-connectable devices within the IoT supply chain and ecosystems especially relevant in critical infrastructures.

Asset owners from critical infrastructure can see the benefits of UL CAP as a means for evaluating the security posture of their supply chain. "The availability and integrity of critical infrastructure is crucial to the safety and well-being of society. A comprehensive program that measures critical systems against a common set of reliable security criteria is helpful," stated Terrell Garren, CSO, Duke Energy. UL CAP offers trusted third party support, with the UL 2900-2-2 Standard focusing on both the security of network-connectable products and systems and the vendor processes for developing and maintaining products and systems with a security focus. Additionally, asset owners know the significance of UL CAP being developed with open source technologies in mind as it aligns and simplifies their network-connectable products and systems, architectures and cybersecurity strategies.

UL's evaluation of the security of industrial control systems uses UL 2900-2-2, which is within the UL 2900 series of standards that outline technical criteria for testing and evaluating the security of products and systems that are network-connectable. These standards form a baseline set of technical requirements to measure, and then elevate, the security posture of products and systems. UL 2900 is designed to evolve and incorporate additional technical criteria as the security needs in the marketplace mature.

"Building on the successful framework of the UL CAP pilot program, during which initial vendors benefited from this innovative program, UL CAP can help vendors identify security risks in their products and systems and suggests methods for mitigating those risks," said the spokesperson.

UL 2900-2-2 Standard is intended, but not limited, to apply to the following components:

  • Programmable logic controllers (PLC)
  • PLC and DCS programming software/operator interfaces (HMI)
  • Control server
  • Remote terminal unit (RTU)
  • Human-machine interface (HMI)
  • Input/output (IO) server
  • Networking equipment for ICS systems
  • Distributed control systems (DCS)
  • Historian or data loggers
  • The SCADA server
  • Intelligent electronic devices (IED)
  • Data historian
  • Fieldbus
  • Access equipment for ICS systems.

Meeting the requirements outlined in UL 2900-2-2 Standard allows industrial control systems to be certified by UL as UL 2900-2-2 compliant. Additionally, since security is dynamic, UL 2900-2-2 can support the evaluation of a vendor's processes for design, development and maintenance of secure products and systems.

For more information contact:

UL LLC

333 Pfingsten Rd.

Northbrook, IL 60062-2096

847-272-8800

ulcyber@ul.com

www.ul.com

IMTS 2016 Booth E-4135

< back