By 2020, there will be 21-50 billion connected devices according to Gartner and other industry reports. By 2018, it is predicted that 66% networks will have an IoT security breach. Source

Cyber attacks are becoming more sophisticated, harder to prevent and costlier, and they make security precautions deeply critical. Fortunately, verifying known software vulnerabilities and exploitable weaknesses can reduce the exposure of systems to cyber attacks. Internet of Things (IoT) enables sophisticated capabilities through network-connected products and systems, but every device connected to the cloud, or just the internet, is a potential target for cybercriminals.

UL helps mitigate safety and performance risks inherent to IoT-related technologies with the UL Cybersecurity Assurance Program (UL CAP). Using the UL 2900 series of cybersecurity standards, we offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. The program helps identify security risks in products and systems and suggests methods for mitigating those risks in a wide range of industry functions: industrial control systems, medical devices, automotive, HVAC, lighting, smart homes, appliances, alarm systems, fire systems, building automation, smart meters, network equipment and consumer electronics.
Addressing Security Concerns image

UL’s cybersecurity services for network-connectable products and systems include:

  • Testing security criteria based on UL 2900 cybersecurity standards or specified requirements
  • Testing for certification based on UL 2900 cybersecurity standards
  • Evaluation and risk assessment of vendor processes for developing and maintaining security products and systems
  • Training on security readiness for designing products and sourcing third-party components

 

UL 2900 – Cybersecurity Series of Standards

Testing and evaluation criteria in the UL 2900 series of standards:

  • Fuzz testing of products to identify zero day vulnerabilities across all interfaces
  • Evaluation of known vulnerabilities in products that have not been patched using the Common Vulnerability Enumerations (CVE) scheme
  • Identification of known malware in products
  • Static source code analysis for software weaknesses identified by Common Weakness Enumerations (CWE)
  • Static binary analysis for software weaknesses identified by CWE, open source software and third-party libraries
  • Specific security controls identified for use in products that reduce security risks associated with:
    • Access control and authentication of products
    • Cryptography used in products
    • Remote communications with products
    • Software updates on products
    • Decommissioning of products
  • Structured penetration testing of products based on flaws identified in other tests
  • Risk assessment of product security mitigation designed into products

 

INDUSTRY-SPECIFIC CYBERSECURITY INFORMATION

For more information on UL Cyber security Services, please visit:  www.ul.com/cybersecurity