Setting the standards for cybersecurity

Due to the current state of cybersecurity hygiene across multiple industry sectors, manufacturers often inadvertently allow for critical vulnerabilities and weaknesses in product software to go unaddressed.


Underwriters Laboratories (UL) is helping manufacturers assess cybersecurity risks through the launch of the UL Cybersecurity Assurance Program (UL CAP). Based on the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products, UL said in a press release that UL CAP will help companies "Assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls, and increase security awareness."

CFE Media discussed the new standards and the current status of cybersecurity in manufacturing, with Anura Fernando, principal engineer of medical software and systems interoperability at UL.

CFE Media: Describe the UL Cybersecurity Assurance Program. What are your primary goals in launching the program?

Fernando: UL CAP is a UL certification program, based on the UL 2900 series of standards, which allow manufacturers to demonstrate that they have met a baseline of cybersecurity hygiene by satisfying the repeatable, testable requirements of:

  • UL 2900-1 (Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements)
  • UL 2900-2-1 (Outline for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems), and
  • UL 2900-2-2 (Outline for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Industrial Control Systems).

CFE Media: How serious is the issue of cybersecurity in manufacturing? And where are the threats coming from?

Fernando: The cybersecurity threats are very serious in manufacturing. The products being addressed in the first published parts of UL 2900 include key areas of our nation's critical infrastructure such as energy production and healthcare. The threats come from both those seeking to gain personal economic gains as well as nation states seeking to gain geopolitical advantage.

CFE Media: What do manufacturers in particular and network managers in general overlook when it comes to cybersecurity?

Fernando: Due to the current state of cybersecurity hygiene across multiple industry sectors, manufacturers often inadvertently allow for critical vulnerabilities and weaknesses in product software to go unaddressed. In some cases, they may even allow malware to exist in products coming off of production lines, unbeknownst to them. When such products are integrated into larger systems, the integrators and network managers are often unaware of these vulnerabilities within their systems until it is too late.

CFE Media: Are there some best practices manufacturers should adopt when explaining these threats to employees and outside vendors?

Fernando: There are many good practices for cybersecurity hygiene that can be found in a variety of standards and guidance documents such as the National Institute of Standards and Technology (NIST), Cybersecurity Framework, the FDA guidance documents on both pre- and post-market cybersecurity, and the UL 2900 standards, to name a few.

CFE Media: Moore's Law talks about the exponential growth of computing power. Are we facing a similar growth in dealing with cybersecurity?

Fernando: Computer security (i.e. cybersecurity) is clearly a function of the capabilities afforded to products by virtue of the cost-effective availability of computing power. Therefore, as computing power continues to grow, product capabilities will be increasingly enhanced by software, and unless good cybersecurity hygiene practices start to be "baked in" to all of the software-dependent products and processes now, may very well lead to commensurate increases in vulnerabilities and attack vectors.

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Safer human-robot collaboration; 2017 Maintenance Survey; Digital Training; Converting your lighting system
IIoT grows up; Six ways to lower IIoT costs; Six mobile safety strategies; 2017 Salary Survey
2016 Top Plant; 2016 Best Practices on manufacturing progress, efficiency, safety
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Big Data and bigger solutions; Tablet technologies; SCADA developments
Automation modernization; Predictive analytics enable open connectivity; System integration success; Automation turns home brewer into brew house
Commissioning electrical systems; Designing emergency and standby generator systems; Paralleling switchgear generator systems
Natural gas for tomorrow's fleets; Colleges and universities moving to CHP; Power and steam and frozen foods

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
Compressed air plays a vital role in most manufacturing plants, and availability of compressed air is crucial to a wide variety of operations.
Maintenance Manager; California Oils Corp.
Associate, Electrical Engineering; Wood Harbinger
Control Systems Engineer; Robert Bosch Corp.
click me