Put a CAP on Cybersecurity Concerns

UL, a global safety science organization, has an answer to mitigate this concern. You can learn about it in Booth E-4135. It’s UL’s new Cybersecurity Assurance Program (UL CAP) for industrial control systems. Using the new UL 2900-2-2 standard, UL CAP is designed to provide testable cybersecurity criteria to help assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. UL CAP is intended for control system manufacturers who need support in assessing security risks while they continue to focus on product innovation to help build safer, more secure products. These steps will help protect the Industrial Internet of Things. The program should benefit OEMs, machine tool builders, system integrators and retrofitters who want to mitigate risks by sourcing products assessed by an expert third party.

“We’re aiming to support and underpin the innovative, rapidly iterating technologies that make up the Industrial Internet of Things with a security program,” says Rachna Stegall, director of connected technologies at UL. “The more industrial control systems become interconnected with other devices, the greater the potential security risks. The Cybersecurity Assurance Program’s purpose is to help manufacturers, purchasers and end users mitigate those risks via methodical risk assessments and evaluations.”

Industrial control systems that meet the requirements outlined in the standard can then be certified by UL as “UL 2900-2-2 compliant.” Additionally, since security is an ever-changing challenge, UL 2900-2-2 can be used to evaluate a vendor’s processes for design, development and maintenance of secure products and systems.