Skip to main content
  • Feature Story

Risky Business: Evaluating the Cybersecurity of Network-Connectable Products and Systems

UL CAP/UL 2900 standard,

May 2, 2016

With a record 6.4 billion connected devices currently in use around the globe, and that number forecasted to reach 11.4 billion by 2018, it comes as no surprise that significant cybersecurity threats increase by the hour for both public and private networks and devices.

IDC Research suggests that two-thirds of all networks will have a security breach by 2018, leading to unplanned network downtime, loss of production, harm to business and personal assets, and damage to overall brand reputations.

Furthermore, a recent Gartner report estimates that worldwide spending on Internet of Things (IoT) security will rise to $840 million by 2020, with a strategic focus on combating growing enterprise malware attacks.

Without proper security measures built into IoT devices, personal consumer information, from medical conditions and medications sent by connected wearables to driver’s data stored in connected cars, will remain vulnerable.

The continued innovation and acceptance of IoT can only move forward if safety is addressed during the early phases of product development.

“To help ensure connected devices meet cybersecurity safety standards during the development phase, you must have testable technical criteria that is transparent and allows for mass repetition,” said Ken Modeste, principal engineer and cybersecurity technical lead at UL. “Once those standards were developed, testing can easily be reproduced across all industries to help validate cybersecurity.”

To balance these growing IoT safety concerns and challenges with the rapid pace of innovation, UL has developed a Cybersecurity Assurance Program (CAP) in accordance with its UL 2900 standard. CAP aims to provide a set of requirements that manufacturers of network-connectable products can use voluntarily to establish a baseline of protection against vulnerabilities and software weaknesses.

As part of this program, UL helps manufacturers identify malware and potential weaknesses in products and performs penetration testing on devices. A risk analysis of products can determine whether or not flaws must be addressed or not. While there is no silver bullet to tackle manufacturers’ cybersecurity needs, UL 2900 is designed to evolve and incorporate additional technical criteria as the security needs in the marketplace change.

“Adhering to a third-party’s IoT security standard will not only give manufacturers a competitive advantage in innovation, but will also produce a superior product having been assessed for IoT vulnerabilities and exploits, software weaknesses and security controls,” explained Modeste.