Setting the standards for cybersecurity

Due to the current state of cybersecurity hygiene across multiple industry sectors, manufacturers often inadvertently allow for critical vulnerabilities and weaknesses in product software to go unaddressed.


Underwriters Laboratories (UL) is helping manufacturers assess cybersecurity risks through the launch of the UL Cybersecurity Assurance Program (UL CAP). Based on the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products, UL said in a press release that UL CAP will help companies "Assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls, and increase security awareness."

CFE Media discussed the new standards and the current status of cybersecurity in manufacturing, with Anura Fernando, principal engineer of medical software and systems interoperability at UL.

CFE Media: Describe the UL Cybersecurity Assurance Program. What are your primary goals in launching the program?

Fernando: UL CAP is a UL certification program, based on the UL 2900 series of standards, which allow manufacturers to demonstrate that they have met a baseline of cybersecurity hygiene by satisfying the repeatable, testable requirements of:

  • UL 2900-1 (Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements)
  • UL 2900-2-1 (Outline for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems), and
  • UL 2900-2-2 (Outline for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Industrial Control Systems).

CFE Media: How serious is the issue of cybersecurity in manufacturing? And where are the threats coming from?

Fernando: The cybersecurity threats are very serious in manufacturing. The products being addressed in the first published parts of UL 2900 include key areas of our nation's critical infrastructure such as energy production and healthcare. The threats come from both those seeking to gain personal economic gains as well as nation states seeking to gain geopolitical advantage.

CFE Media: What do manufacturers in particular and network managers in general overlook when it comes to cybersecurity?

Fernando: Due to the current state of cybersecurity hygiene across multiple industry sectors, manufacturers often inadvertently allow for critical vulnerabilities and weaknesses in product software to go unaddressed. In some cases, they may even allow malware to exist in products coming off of production lines, unbeknownst to them. When such products are integrated into larger systems, the integrators and network managers are often unaware of these vulnerabilities within their systems until it is too late.

CFE Media: Are there some best practices manufacturers should adopt when explaining these threats to employees and outside vendors?

Fernando: There are many good practices for cybersecurity hygiene that can be found in a variety of standards and guidance documents such as the National Institute of Standards and Technology (NIST), Cybersecurity Framework, the FDA guidance documents on both pre- and post-market cybersecurity, and the UL 2900 standards, to name a few.

CFE Media: Moore's Law talks about the exponential growth of computing power. Are we facing a similar growth in dealing with cybersecurity?

Fernando: Computer security (i.e. cybersecurity) is clearly a function of the capabilities afforded to products by virtue of the cost-effective availability of computing power. Therefore, as computing power continues to grow, product capabilities will be increasingly enhanced by software, and unless good cybersecurity hygiene practices start to be "baked in" to all of the software-dependent products and processes now, may very well lead to commensurate increases in vulnerabilities and attack vectors.

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2015 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Safety for 18 years, warehouse maintenance tips, Ethernet and the IIoT, GAMS 2016 recap
2016 Engineering Leaders Under 40; Future vision: Where is manufacturing headed?; Electrical distribution, redefined
Strategic outsourcing delivers efficiency; Sleeve bearing clearance; Causes of water hammer; Improve air quality; Maintenance safety; GAMS preview
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Safety at every angle, Big Data's impact on operations, bridging the skills gap
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
Applying network redundancy; Overcoming loop tuning challenges; PID control and networks
Driving motor efficiency; Preventing arc flash in mission critical facilities; Integrating alternative power and existing electrical systems
Package boilers; Natural gas infrared heating; Thermal treasure; Standby generation; Natural gas supports green efforts

Annual Salary Survey

Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.

There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.

But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.

Read more: 2015 Salary Survey

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
This article collection contains several articles on the vital role of plant safety and offers advice on best practices.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.
This article collection contains several articles on strategic maintenance and understanding all the parts of your plant.
click me