Global safety science organization UL has debuted a new Cybersecurity Assurance Program (UL CAP) for industrial control systems. Using the new UL 2900-2-2 Standard, UL CAP for industrial control systems offers testable cybersecurity criteria to help assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness.
The Industrial Internet of Things (IIoT) is enabling more sophisticated capabilities through network-connected products and systems. As a result, industrial control systems are becoming more interconnected, connectable and networkable, opening the door to new security threats.
“We're aiming to support and underpin the innovative, rapidly iterating technologies that make up the IIoT with a security program,” said Rachna Stegall, director of connected technologies at UL. "The more industrial control systems become interconnected with other devices, the greater the potential security risks. The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers, and end-users, both public and private, mitigate those risks via methodical risk assessments and evaluations.”
UL's evaluation of the security of industrial control systems uses UL 2900-2-2, which is within the UL 2900 series of standards that outline technical criteria for testing and evaluating the security of products and systems that are network-connectable. These standards form a baseline set of technical requirements to measure, and then elevate, the security posture of products and systems. UL 2900 is designed to evolve and incorporate additional technical criteria as the security needs in the marketplace mature.
For more information on UL CAP, visit UL at IMTS booth E-4135.