What certifications do you need for cybersecurity


Cybersecurity in the Industrial Internet of Things (IoT):
How to set up an efficient risk management system and increase cybersecurity.

IT and OT Cybersecurity is becoming a critical success factor in digital transformation. Industrial plants, robots and machines as parts of cyber-physical systems have long been the target of hacker attacks. It is only a matter of time before a cyber attack paralyzes an entire production facility or critical infrastructure. What can companies do to help Cyber ​​risks to minimize?

More aggressive and technically more complex: the threat posed by cyber attacks is increasing

Cyber ​​attacks are now part of day-to-day business worldwide - with enormous effects. The Mirai botnet was just the beginning. In October 2016, three young IT experts from Alaska took control of unsecured security cameras, refrigerators and other networked household appliances and used them to attack game servers. At times, 500,000 IoT devices were connected in their botnet.

This shows what is in store for companies. If millions of IoT devices can be merged into one platform, they can develop enormous clout. At the same time, the number of cyber attacks has risen sharply in recent years. A survey by the VDE showed: 71 percent of member companies with more than 5,000 employees admit that they have already been victims of cyber attacks.

How should companies react? The Federal Ministry for Economic Affairs and Energy (BMWi) gives a central recommendation in its study "IT security for Industry 4.0": consistently establish good basic protection with the help of security technologies available today. As a means of doing this, the BMWi suggests, among other things, introducing minimum standards for IT security and using certified products in digital value-added networks.

Industry 4.0 requires dynamic certification

So far, a single certification process has been sufficient in the industry. Because it was customary to make a device and then not touch it anymore.

Today, however, inexpensive standard hardware is used to enable networking. This entails continuous software updates. How these updates affect security can no longer be answered with a one-time classic certification.

In addition, IoT components are so critical that they require a consistent lifecycle. What happens if a component is considered compromised due to an attack and has to be replaced? Companies need a secure successor product, after all, the component can be used millions of times. A responsible component manufacturer should therefore define processes and certification of components must of course control these processes.

Such considerations mean a transition from static to dynamic certification for UL. Dynamic certification requires tried and tested processes in order to be able to react if something changes in the product.

The UL Cybersecurity Assurance Program (UL CAP)

The UL Cybersecurity Assurance Program (UL CAP) is based on the UL 2900 Series of standards developed with the help of government, university and industry stakeholders. Both UL CAP and UL 2900 build on UL's longstanding expertise in safety science, standards development, testing and certification.

UL offers cybersecurity solutions in the following areas:

  • Appliances and HVAC / R
  • Consumer technology
  • Industrial control systems
  • Electronically secured access
  • lighting
  • medicine
  • robotics
  • Software product testing and validation
  • Software and application security

The UL CAP is an immediately applicable solution package that identifies and assesses software vulnerabilities, combats known malware and checks security controls. These services include:

  • consultation - Cybersecurity compliance audits and guidance, as well as planning and design services for companies looking to secure their brand and business operations
  • training - Training courses for safety awareness in product design and in the procurement of components from third-party providers
  • exam - Fuzzing, vulnerability analysis, code and binary analysis, penetration tests and malware checks
  • Certification - Certification of components, products, processes and systems for cybersecurity according to the UL 2900 standards and / or IEC 62443

Cyber ​​security in industrial control systems (ICS)

Manufacturers or plant owners can minimize cyber risks by using control systems that are tested and certified according to IEC 62443 or UL 2900-2-2. As part of the UL Cybersecurity Assurance Program (UL CAP), the new standard UL 2900-2-2 offers verifiable criteria for cybersecurity with which software vulnerabilities can be assessed, their exploitability minimized, known malware combated, security mechanisms checked and security awareness increased in general.

The UL cybersecurity solutions contribute to the transparency and validation of components from suppliers. Because cybersecurity starts at the component level. With its ready-to-use, scalable cybersecurity consulting, testing and certification solutions, UL can help manufacturers or system integrators of industrial control systems (ICS) demonstrate their cyber readiness - both in terms of their organizational security practices and their system security.

UL CAP offers trustworthy, neutral support and the possibility of assessing the security of products that are connected to the network and systems, as well as of supplier processes for the development and maintenance of products and systems with regard to their security. The program supports companies in meeting the increasing demands of the market.

Research project for the US Department of Defense

Our engineers continuously test new IoT products and systems and research processes that efficiently eliminate weak points. For example, in a current research project commissioned by the US Department of Defense, UL is examining the cyber risks in industrial IoT gateways.


UL Cybersecurity eBook

In order to create new protective measures in a constantly changing landscape of threats, transparency is also crucial. The UL Cybersecurity eBook shows how this can be achieved.

Find out in this eBook, among other things:

  • How to identify potential vulnerabilities and cyber threats in the software supply chain.
  • How you can use the standardized criteria of the UL 2900 series of standards to implement an efficient overall concept for assessing cybersecurity in your company.
  • How to check cybersecurity in industrial control systems (ICS) by testing or certifying IEC 62443 and or UL 2900-2-2 increase.
  • How to set up or operate risk management efficiently and be well prepared for the upcoming European regulation on cybersecurity.

If you would like to find out more about how we can support you in the area of ​​cybersecurity, please contact our experts.

More UL cybersecurity solutions: