Services to help secure and protect products, software and infrastructures against cybersecurity risks.
UL’s safety science expertise spans more than a century to protect people, products and places. Building upon its founding experience in mitigating fire and shock hazards, UL has continued to push the leading edge of safety, specifically with a focus on emerging technologies. The rise in interconnected technologies has ushered in increased vulnerabilities, leading to cyber-attacks and the increased need for independent cybersecurity validation.
Each device connected to the cloud or internet becomes a new attack point for cybercriminals. Cyber-attacks have become more sophisticated, harder to protect against and more costly than ever — security precautions have become critical to consumers and businesses alike. A system is only as strong as its weakest link.
UL’s Cybersecurity Assurance Program (UL CAP) aims to minimize cybersecurity risks by assessing software vulnerabilities and weaknesses, minimizing exploitation, addressing known malware, reviewing security controls and increasing security awareness.UL CAP is for vendors looking for trusted support in assessing security risks while they continue to focus on product innovation to help build safer more secure products, as well as for purchasers of products who want to mitigate risks by sourcing products validated by a trusted third party.
The UL CAP helps identify security risks in products and systems and suggests methods for mitigating those risks in a wide range of industry functions: industrial control systems, medical devices, automotive, HVAC, lighting, smart home, appliances, alarm systems, fire systems, building automation, smart meters, network equipment, and consumer electronics. For increased flexibility, vendors can select the UL CAP services best suited for their current needs.
Our work is based on security science, employing a holistic view of security, from product security and secure system integration to security of entire infrastructures. Our aim is to give our customers the peace of mind that comes from knowing that they have performed the necessary due diligence to mitigate cybersecurity risks.
Asset owners from critical infrastructure can see the benefits of UL CAP as a means for evaluating the security posture of their supply chain. “The availability and integrity of critical infrastructure is crucial to the safety and well-being of society. A comprehensive program that measures critical systems against a common set of reliable security criteria is helpful,” states Terrell Garren, CSO, Duke Energy. UL CAP offers trusted third party support with the ability to evaluate both the security of network-connectable products and systems and the vendor processes for developing and maintaining products and systems with a security focus.
Asset owners know the significance of UL CAP being developed with Open Source technologies in mind as it aligns and simplifies their network-connectable products and systems, architectures, and cyber security strategies. “In the coming years, UL’s role will be transformative in that it will provide cyber insurers with a common approach to evaluate and more efficiently price cyber risk for companies that adopt and promote the UL certified technologies and processes. In the short term, we expect the UL 2900 to become central to businesses delivering a more secure Internet of Things and Government a more secure U.S. critical infrastructure. We believe that UL certification will carry significant weight, and differentiate our offering in the marketplace,” states David Wallace Cox, President, Developer and Chief Architect at Reprivata, Corp.
A significant and often overlooked element of a company’s defense against data breaches is the role of individual employees. UL also offers online training to help employees play a more active role in their company’s cyber security strategy, helping to prevent data breaches, and effectively react in the event of a breach.