updates to security. “In practice, what we’ve seen is that if the vendor adopts these standards, it becomes part of their independent best practices and shows they’re doing the right thing,” said Modeste. “The adoption of these standards demonstrates to their clients that they’re adapting and they have third-part validation of that adapting.”
Ongoing UL Cybersecurity Standards
UL began publishing standards for the ICS providers last year. “We published a series of standards in 2016. We published more this past summer. We started three years ago as we worked is an advisory the Obama Administration,” said Modeste. “We met with several agencies with the government, DHS being the biggest one. We partnered with various agencies, including DARPA. We also include several consultants and utilities.”
The standards come out of UL’s Cybersecurity Assurance Program) UL CAP, which offers third party support to allow users to evaluate both the security of network-connectable products and systems, as well as the vendor processes for developing and maintaining products and systems for security.
While the standards apply to a wide swath of industries, including medical and buildings, the core work was done for manufacturing. “The standards are focused on the manufacturing community, to help them build good design into their products,” said Modeste. “That means the vendor takes into consideration the flaws and weaknesses that a hacker may use to attack. The standards don’t specifically say they should identify and notify the user. Instead, it makes the product robust enough to product itself. The software in the products will be trained to detect and take action.”
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.
Image courtesy of Underwriters Laboratories.
|The Embedded Systems Conference (ESC) is back in Minnesota and it’s bigger than ever. Over two days, Nov. 8-9, 2017, receive in-depth education geared to drive a year’s worth of work. Uncover software design innovation, hardware breakthroughs, fresh IoT trends, product demos, and more that will change how you spend time and money on your next project. Click here to register today!|