NORTHBROOK, Ill.—Underwriters Laboratories (UL), a global safety science organization, has launched its new Cybersecurity Assurance Program (UL CAP).
The standards organization says the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness.
UL CAP is for vendors looking for trusted support in assessing security risks while they continue to focus on product innovation to help build safer more secure products, as well as for purchasers of products who want to mitigate risks by sourcing products validated by a trusted third party.
As cyber-attacks become more sophisticated, harder to protect against, and more costly than ever, security precautions are critical. There will be 21-50 billion connected devices by 2020, according to Gartner and other industry reports. An IDC Research, Inc. report predicts that by 2018, 66 per cent of networks will have an IoT security breach.
The security and financial risks impacting products and services globally for public and private sectors and consumers alike are the key drivers to develop new safeguards in an ever-changing security threat landscape faced with growing risks.
“We’re aiming to support and underpin the innovative, rapidly iterating technologies that make up the Internet of Things (IoT) with a security program,” said Rachna Stegall, Director of Connected Technologies at UL. “The more devices become interconnected, the greater the potential security risks to products and services across all sectors. The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers and end-users, both public and private, mitigate those risks via methodical risk assessments and evaluations.”
The new UL CAP was developed with input from major stakeholders representing the U.S. Federal government, academia and industry to elevate the security measures deployed in the critical infrastructure supply chain. The White House recently released the Cybersecurity National Action Plan (CNAP), designed to enhance cybersecurity capabilities within the US government and across the country. UL’s CAP services and software security efforts were recognized within the CNAP as a way to test and certify network-connectable devices within the Internet of Things supply chain and ecosystems especially relevant in critical infrastructures, such as energy, utilities and healthcare.
UL is a global independent safety science company with nearly 11,000 professionals developing research and standards to continually advance and meet ever-evolving safety needs.