HCL CAMWorks
Published

A Cybersecurity Assurance Program to Help Protect the IIoT

UL’s Cybersecurity Assurance Program for industrial control systems promises to help developers of network-connectable products test them for security weaknesses or software vulnerabilities.

Share

Leaders-In background

cyber security graphic

UL, a global safety science organization, has announced what it calls a Cybersecurity Assurance Program (UL CAP) for industrial control systems. Using the new UL 2900-2-2 standard, UL CAP for industrial control systems is designed to provide testable cybersecurity criteria to help assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. UL CAP is intended for control system manufacturers who need support in assessing security risks while they continue to focus on product innovation to help build safer, more secure products. These steps will help protect the Industrial Internet of Things (IIoT). The program should benefit OEMs, machine tool builders, system integrators, and retrofitters who want to mitigate risks by sourcing products assessed by an expert third party.

Network-connected products and systems offer capabilities that promise significant boosts in productivity to manufacturing companies. Industrial control systems, for example, are becoming more interconnected, connectable and networkable, thus making data-driven manufacturing a practical reality on the factory floor. However, there are growing risks that threaten the security, performance and financial return on these control systems and the equipment they run.

“We’re aiming to support and underpin the innovative, rapidly iterating technologies that make up the Industrial Internet of Things with a security program,” says Rachna Stegall, director of connected technologies at UL. “The more industrial control systems become interconnected with other devices, the greater the potential security risks. The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers and end-users mitigate those risks via methodical risk assessments and evaluations.”

Developers of UL CAP solicited input from major stakeholders representing the Federal government, academia and industry to elevate the security measures deployed by companies, and agencies who may have equipment and devices connected to digital networks. For example, automotive OEMs and Tier 1 suppliers, along with the many job shops and manufacturing subcontractors that support them, make up a critical supply chain that must have cybersecurity measures as a priority. UL CAP is being presented as a means for evaluating the security provisions of control systems with these supply chains.

UL’s evaluation of industrial control system security uses UL 2900-2-2, which is within the UL 2900 series of standards. This series outlines technical criteria for testing and evaluating the security of products and systems that are network-connectable. These standards form a basic set of requirements to measure, and then improve, the fitness of products and systems from a network security standpoint. UL 2900 is designed to incorporate additional technical criteria as the security needs in the marketplace evolve.

UL CAP can help vendors identify security risks in their products and systems, and it suggests methods for mitigating those risks. The UL 2900-2-2 standard can be applied to industrial control system components such as:

  • Programmable logic controllers (PLCs)
  • Remote network terminals
  • Human-machine Interfaces (HMIs)
  • Input/output (I/O) servers
  • Machine tool control units
  • Intelligent devices such as sensors
  • Fieldbus connections

Industrial control systems that meet the requirements outlined in the standard enables them
to be certified by UL as “UL 2900-2-2 compliant.” Additionally, since security is an ever-
changing challenge, UL 2900-2-2 can be used to evaluate a vendor’s processes for design, development and maintenance of secure products and systems.

Click here for more information on UL CAP, or visit Booth E-4135 at IMTS, To register for a free webinar about this program on October 11 at 10:00am CST, click here. 

HCL CAMWorks
SolidCAM
Techspex
Metal Forming Complex Parts
YCM Alliance
RazorStar
DN Solutions
IMTS+

Related Content

Measurement

Process Control — Leveraging Machine Shop Connectivity in Real Time

Renishaw Central, the company’s new end-to-end process control software, offers a new methodology for producing families of parts through actionable data.

Read More

Give Job Shop Digitalization a Customer Focus

Implementing the integrated digital technologies and automation that enhance the customer's experience should be a priority for job shops and contract manufacturers.

Read More
Automation

5 Stages of a Closed-Loop CNC Machining Cell

Controlling variability in a closed-loop manufacturing process requires inspection data collected before, during and immediately after machining — and a means to act on that data in real time. Here’s one system that accomplishes this. 

Read More
Sponsored

How this Job Shop Grew Capacity Without Expanding Footprint

This shop relies on digital solutions to grow their manufacturing business. With this approach, W.A. Pfeiffer has achieved seamless end-to-end connectivity, shorter lead times and increased throughput.

Read More

Read Next

Workforce Development

Building Out a Foundation for Student Machinists

Autodesk and Haas have teamed up to produce an introductory course for students that covers the basics of CAD, CAM and CNC while providing them with a portfolio part.

Read More

5 Rules of Thumb for Buying CNC Machine Tools

Use these tips to carefully plan your machine tool purchases and to avoid regretting your decision later.

Read More

Registration Now Open for the Precision Machining Technology Show (PMTS) 2025

The precision machining industry’s premier event returns to Cleveland, OH, April 1-3.   

Read More
HCL CAMWorks