UL adopts new standards for testing cybersecurity tech


In a press statement, the US headquartered company said its Cybersecurity Assurance Program (UL CAP) aims to assess security risks of cybersecurity technologies to help developers improve their solutions.

The UL CAP will use the company’s new standards ‘UL 2900’ to test both hardware and software vulnerabilities, minimize exploitation, address known malware, review security controls and increase security awareness.

Commenting on the project, Rachna Stegall, Director of Connected Technologies at UL said “The more devices become interconnected, the greater the potential security risks to products and services across all sectors.”

[quote] The launch of the testbed, developed with Open Source technologies, follows release of a report on the global cybersecurity market released by energy research company Gartner.

The study predicts that by the year 2020,  21 to 50 billion devices will be connected globally with 66% of the networks having an IoT security breach.

“The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers and end-users, both public and private, mitigate those risks via methodical risk assessments and evaluations,” added Rachna.

UL claims its new standards received recognition from the US Cybersecurity National Plan for testing in the energy, utilities and healthcare sectors.

Terrell Garren, CSO, Duke Energy added: “The availability and integrity of critical infrastructure is crucial to the safety and well-being of society. A comprehensive program that measures critical systems against a common set of reliable security criteria is helpful.”

In the near future, UL said it will provide will provide cyber insurers a common approach to evaluate and more efficiently price cyber risk for companies that adopt and promote the UL certified technologies and processes.

The framework was piloted in the industrial control systems, medical devices, automotive, HVAC, lighting, smart home, appliances, alarm systems, fire systems, building automation, smart meters, network equipment, and consumer electronics sectors.

Cybersecurity tech development

In early March IoT security giants Cryptosoft and Symantec that they are planning to collaborate on authentication and encryption services for the Internet of Things.

The two companies said they will work together in a bid to protect the transfer of data between devices and cloud and web servers.

Symantec’s Managed PKI Device Authentication technology will be integrated with Cryptosoft’s technology to provide manufacturers with authentication, encryption and signing applications, reported CMS Wire.

Geoffrey Noakes, senior director of business development at Symantec, told CMSWire: “Cryptosoft will be embedding Symantec’s roots of trust for the IoT in its cryptographic libraries.

“This means that any developer of Internet of Things products, which is built with Cryptosoft’s libraries, can easily encrypt data as it is being sent from the IoT device to a web server or cloud, and that the code can be tested for being signed.”

image credit: www.japantimes.co.jp