Just posted on the Modern Machine Shop BLOG by Mark Albert,
is an article about an exciting development in the IIoT space - UL Labs
creating an industrial Cybersecurity Assurance Program (UL CAP).
Here is an excerpt from the article:
"UL, a global safety science organization, has announced what it calls a Cybersecurity Assurance Program (UL CAP) for industrial control systems. Using the new UL 2900-2-2 standard, UL CAP for industrial control systems is designed to provide testable cybersecurity criteria to help assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. UL CAP is intended for control system manufacturers who need support in assessing security risks while they continue to focus on product innovation to help build safer, more secure products. These steps will help protect the Industrial Internet of Things (IIoT). The program should benefit OEMs, machine tool builders, system integrators, and retrofitters who want to mitigate risks by sourcing products assessed by an expert third party...
... Network-connected products and systems offer capabilities that promise significant boosts in productivity to manufacturing companies. Industrial control systems, for example, are becoming more interconnected, connectable and networkable, thus making data-driven manufacturing a practical reality on the factory floor. However, there are growing risks that threaten the security, performance and financial return on these control systems and the equipment they run."
I think that this is a great and timely initiative - one that the growing IIoT sector needs to make sure we don't create more harm than good. It is also good that a dedicated ongoing effort is in place to address cybersecurity as its' challenges will not go away - in fact I think a whole new security sector has been created.
Read the whole article at:
UL 2900 series of Cybersecurity Outlines are essential element of UL’s newly announced Cybersecurity Assurance Program, UL CAP
UL’s Press Release issued April 5, 2016 announced UL’s new Cybersecurity Assurance Program (UL CAP). UL CAP uses the newly published UL 2900 series of outlines to offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. The outlines form a baseline set of technical requirements to measure, and then elevate, the security posture of products and systems, and by design the requirements will evolve to incorporate additional technical criteria as the security needs in the marketplace mature.
The new requirements published on March 30, 2016 are available to UL’s certification customers via the Standards Certification Customer Library (SCCL) and can be purchased by visiting UL’s Standards Catalog or the UL Standards Sales Site.
- UL 2900-1, Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements
- UL 2900-2-1, Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems
- UL 2900-2-2, Software Cybersecurity for Network-Connectable Products, Part 2-2: Particular Requirements for Industrial Control Systems