Q What is ULCAP? Where all can it be applied?
A.With the internet bringing in a sea change over the past decade, cyber security has emerged as a top concern. Cyber security is a priority area for us, where we are investing considerable research.
Earlier this year, we released UL2900, a voluntary standard on cybersecurity that is evolving as a cyber-security assurance program. Also called the ULCAP, UL 2900 is a base standard that covers network connectable products, and oversees penetration testing, software security upgrades and vulnerability testing, among other security criteria. Meeting the requirements outlined in the UL 2900 series of standards allows a product or system to be certified by UL as “UL 2900 compliant”.
Keeping in mind that cyber security is a fast evolving area, it is important to note that the testing process is repeatable as the security certificate expires in 12 months.
Since the pilot launch last September, we’ve had several vendors evaluate our program. While we can’t mention specific entities, due to non-disclosure agreements, what we can share is that the vendors we have worked with are involved in general software for securing products – including industrial control vendors and those in the medical space.
Q What security vulnerabilities are therein the Industrial Internet of things (IIoT) segment and what is being done to prevent them?
A. As companies embrace technology at a rapid pace, what we are seeing across the industrial world is that the devices in this segment are talking to each other. Personal devices, as of now are still under our own controland probably more secure whereas industrial devices are critical and need more attention as they speak to consumers and base station. Even devices produced by renowned manufacturers have shown to be vulnerable to hacking.There could be known viruses and trojans that keep developing over a period of time. This is precisely why UL CAP is a continuously evolving programme, where we work with manufacturers as well as industry bodies to understand the ecosystem they are operating in, and how the interconnected devices communicate with each other. The UL 2900 standard helps vendors identify security risks in their products and systems and suggests methods for mitigating those risks in a wide range of industry functions, including industrial control systems, medical devices, automotive, HVAC, lighting, smart home, appliances, alarm systems, fire systems, building automation, smart meters, network equipment, and consumer electronics.