A Cybersecurity Assurance Program to Help Protect the IIoT

Just posted on the Modern Machine Shop BLOG by Mark Albert, is an article about an exciting development in the IIoT space - UL Labs creating an industrial Cybersecurity Assurance Program (UL CAP).

Here is an excerpt from the article:

"UL, a global safety science organization, has announced what it calls a Cybersecurity Assurance Program (UL CAP) for industrial control systems. Using the new UL 2900-2-2 standard, UL CAP for industrial control systems is designed to provide testable cybersecurity criteria to help assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. UL CAP is intended for control system manufacturers who need support in assessing security risks while they continue to focus on product innovation to help build safer, more secure products. These steps will help protect the Industrial Internet of Things (IIoT). The program should benefit OEMs, machine tool builders, system integrators, and retrofitters who want to mitigate risks by sourcing products assessed by an expert third party...

...  Network-connected products and systems offer capabilities that promise significant boosts in productivity to manufacturing companies. Industrial control systems, for example, are becoming more interconnected, connectable and networkable, thus making data-driven manufacturing a practical reality on the factory floor. However, there are growing risks that threaten the security, performance and financial return on these control systems and the equipment they run."


Click here for more information on UL CAP, or visit Booth E-4135 at IMTS, To register for a free webinar about this program on October 11 at 10:00am CST, click here.

I think that this is a great and timely initiative - one that the growing IIoT sector needs to make sure we don't create more harm than good. It is also good that a dedicated ongoing effort is in place to address cybersecurity as its' challenges will not go away - in fact I think a whole new security sector has been created.

Read the whole article at:

http://www.mmsonline.com/blog/post/a-cybersecurity-assurance-program-to-protect-the-iiot

Also...


UL 2900 series of Cybersecurity Outlines are essential element of UL’s newly announced Cybersecurity Assurance Program, UL CAP

UL’s Press Release issued April 5, 2016 announced UL’s new Cybersecurity Assurance Program (UL CAP). UL CAP uses the newly published UL 2900 series of outlines to offer testable cybersecurity criteria for network-connectable products and systems to assess software vulnerabilities and weaknesses, minimize exploitation, address known malware, review security controls and increase security awareness. The outlines form a baseline set of technical requirements to measure, and then elevate, the security posture of products and systems, and by design the requirements will evolve to incorporate additional technical criteria as the security needs in the marketplace mature.

The new requirements published on March 30, 2016 are available to UL’s certification customers via the Standards Certification Customer Library (SCCL) and can be purchased by visiting UL’s Standards Catalog or the UL Standards Sales Site.

• UL 2900-1, Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements
• UL 2900-2-1, Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems 
• UL 2900-2-2, Software Cybersecurity for Network-Connectable Products, Part 2-2: Particular Requirements for Industrial Control Systems

Check out: http://ulstandards.ul.com/downloads/news-announcing-ul-2900-outlines/

Siemens Opens IIoT Cyber Security Centers in Ohio & Germany

While scanning Automation.Com yesterday, I noticed what I think is a first in the Industrial Internet of Things (IIoT) and perhaps the CIM world... 

Siemens has opened Cyber Security Operations Centers in both North America and Europe. This need for a cyber security has been predicted here and I am happy to see the commitment from our friends at Siemens in this area. Their press release is below.

I know that Cisco and IBM are also looking at this area as Cloud, Mobile and Wireless IIoT are dependent upon robust and secure connectivity. 

I liken the time now to what we had in the late 1990's when everybody knew that e-Commerce would be a major internet app, but many didn't trust it with their credit card. It really to indemnification from the banks and good security practices (SSL, HTTPS, CAPTCHA, etc) to make our comfort level high enough to grow the business side. Today we all use it and it has allowed eBay and Amazon to flourish. I predict that IIoT will be pervasive in less than 5 years like these e-commerce technologies and apps we enjoy today. We are moving closer every day - thanks Siemens!   

Press Release:

March 17, 2016 - Siemens opened Cyber Security Operation Centers (CSOC) for the protection of industrial facilities in Lisbon, Munich and Milford, Ohio. Siemens industrial security specialists based at these sites monitor industrial facilities all around the world for cyber threats, warn companies in the event of security incidents and coordinate proactive countermeasures. These protective measures are part of Siemens' extensive Plant Security Services with which the enterprise supports companies in the manufacturing and processing industry in encountering constantly changing security threats and increasing plant availability.

The increased networking of industrial infrastructures ("Internet of Things", "Industrie 4.0") calls for appropriate protective action for the automation environment. This is where the Siemens Plant Security Services enter the picture: these services range from Security Assessments and the installation of protective measures, such as firewalls and virus protection (Security Implementation), through to the continuous surveillance of plants with the Managed Security Services, which is now offered by the CSOCs themselves. If the Siemens experts detect an increased risk, they give the customer an early warning, issue recommendations for proactive countermeasures and coordinate their implementation.

The countermeasures are based on the criticality of the incident and the likely impact on the customer's business. They include modifying firewall rules or providing updates for closing gaps in security. In addition, Siemens provides forensic analyses of security incidents. Companies are then in a position to prepare reports that comply with international standards such as ISO 27002 or IEC 62443. And that is not all – companies also receive a transparent view of their plants' security status. Siemens' Plant Security Services use products from the company's collaboration partner, Intel Security. These include: McAfee VirusScan, McAfee Application Control, McAfee ePolicy Orchestrator (ePO) as well as McAfee Enterprise Security Manager with Security Information and Event Management.

Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and inter-nationality for more than 165 years. The company is active in more than 200 countries, focusing on the areas of electrification, automation and digitalization. In fiscal 2015, which ended on September 30, 2015, Siemens generated revenue of €75.6 billion and net income of €7.4 billion. At the end of September 2015, the company had around 348,000 employees worldwide. 

Source URL @ Automation.Com