The Burden of Cybersecurity: Within the Strategic Collaboration of Eaton and Underwriters Laboratories (UL)

please send your inquiries to us

Contact Us


  The Burden of Evidence in Cybersecurity: Inside Strategic Collaboration between Eaton and Underwriters Laboratories (UL)

By Bill Lydon, Editor, Automation.com

It's one thing for a business to say that a device is cyber secure ; A company that tries to prove it. With that in mind, February has brought news that Eaton has entered into a strategic cybersecurity partnership with Underwriters Laboratories (UL) to drive the development of new cybersecurity standards for power management products. This was a fascinating development. As automation systems include more connected devices, there is a higher risk of cyber security vulnerabilities. Recent security breaches have demonstrated the continued dynamic evolution of cybersecurity as software and hardware vulnerabilities continue to be identified. As a result, cybersecurity is becoming more and more important to integrate with system components and the overall design … and people want proof.

Very intrigued by these developments, I turned to Max Wanderer, Director of the Eaton Cybersecurity Center of Excellence, to learn more. He explained how Eaton and Underwriters Laboratories (UL) entered into a collaboration to provide a line of defense for industrial customers in today's networked environments. With this collaboration, the two organizations aim to:

  • Advanced Cyber ​​Security for Energy Management Technologies
  • Help establish measurable cyber security standards for network-enabled products and systems for energy management

One of the first fruits of the collaboration was the news that Eaton's Cybersecurity Research and Testing Facility in Pittsburgh was the first lab to be approved for participation in the UL Cyber ​​Security Data Acceptance Program – an initiative designed to address emerging cybersecurity risks. In the interest of providing evidence, products in this specialized lab are tested for compliance with industry cybersecurity requirements before being installed in critical systems.

Wandera – a CISSP, GSLC and director of Eaton's Cybersecurity Center of Excellence – is responsible for overseeing and overseeing the strategic planning, development and evaluation of Eaton products. He is responsible for the Safe Product Development Policy and its compliance; including research, design, development and implementation of security technologies for products, systems and software applications. His role works cross-functional with executives of companies, companies and officials. He serves as Eaton's voice on product safety issues and works with various government agencies, including the Department of Homeland Security, clients, industry forums, and other industrial security organizations.

I was able to work with Wanda on the challenges of cyber security in power management and UL's efforts to help industrial customers overcome them. "It's critical that companies take comprehensive cybersecurity measures to keep pace with evolving cybersecurity deficiencies," said Wandera. "Our goal is to ensure that our product meets cyber security standards and is safe when used in the customer environment from the beginning of the product development lifecycle." I kept asking him a series of questions and included his answers below: [19659004]

Max Wanderera – a CISSP, GSLC, and director of The Cybersecurity Center of Excellence at Eaton

Why is third-party cybersecurity certification important?

Last year, companies spend an estimated $ 964 billion on IoT devices The data they generate will continue to grow exponentially: By 2020, an estimated 31 billion devices will be connected to the Internet of these intelligent and connected solutions It is important to trust and verify that the technologies they rely on are engineered and tested using proven engineering practices – and industry guidelines such as the UL 2900 Cybersecurity Standard

More Products  IDS Imaging releases uEye LE USB 3.1 Gen 1 single-board cameras

Are your products certified for compliance with cyber security standards? If so, what standards for cybersecurity devices?

In summer 2017, the general requirements for the UL 2900 Software Cybersecurity Standard for Networkable Products (UL 2900) were released. These policies include processes for testing devices for vulnerabilities, software vulnerabilities, and malware. To meet this standard, Eaton has demonstrated a comprehensive understanding of the scale of standards and the ability to meet them throughout the product development cycle.

Powered by a test methodology that meets UL requirements, Eaton's Power Xpert Dashboard was the first device management product certified to the UL 2900-2-2 standard for cybersecurity in industrial control systems. This Eaton switchgear user portal allows customers to monitor, diagnose, and control equipment beyond the arc boundary.

The Power Xpert Dashboard is the first of many power management devices to receive UL 2900 certification. Additionally, because Eaton has the first lab to be eligible for the UL Cyber ​​Security Data Acceptance Program, we can test products with intelligence or embedded logic on key aspects of the UL 2900-1 and 2900-2-2 standards. In the coming months, contact Eaton for additional devices certified to UL cyber security standards.

What are the goals of this cybersecurity partnership in terms of automation and digital factories?

In digital factories, intelligent power management technologies can provide the required real-time visibility to proactively reduce unplanned downtime and inefficiencies. The annual cost of unplanned downtime for manufacturers is $ 50 billion. Digitizing factories to create a unified network of smart and connected devices can deliver actionable predictive maintenance, training, production planning, quality, and more.

Ultimately, these results can lead to significant productivity improvements in throughput and reduction in power consumption and downtime, as well as measurable quality improvements. However, a digital factory needs more than connectivity. Customers are looking for ways to reduce cybersecurity risk and optimize their investment by reducing the cybersecurity risk by relying on proven engineering and design industry knowledge. Eaton's collaboration with UL helps to develop common criteria for evaluating products to ensure that they meet industry standards and reduce the risk of cybersecurity. Through our rigorous cyber security processes and approval of the first lab to participate in the UL Data Acceptance Program, Eaton develops products that meet the strictest standards and expectations for safe energy management.

In addition, this collaboration with UL will help establish measurable cybersecurity criteria for network-enabled products and energy management systems. As we introduce smarter and more connected systems and use these technologies to support digital factories, our work with UL will help build trust and support validated claims that provide the highest level of defense against emerging cyber security threats.

More Products  NovaTech releases D / 3 Version 16 software for distributed control systems

Why is Eaton Partnering with UL important?

Digital factories are able to collect real-time data from power management devices such as circuit breakers, frequency converters, meters, controllers, relays, and other systems, reducing the risks It's critical to rely on the industry's know-how , This collaboration helps deliver and drive standards, testing and technology to build confidence that Eaton devices and devices are secure and in line with industry cyber security standards. Through our cybersecurity processes and the approval of the first laboratory to participate in the UL Data Acceptance Program, Eaton develops products that meet the strictest industry standards and expectations for safe energy management.

As we introduce smarter and more connected systems, and our customers use these technologies to support electrical energy management, this collaboration will demonstrate the investment that Eaton has made in cybersecurity and build trust in our products.

Eaton has entered into a cybersecurity collaboration with UL, expanding its commitment to developing smarter technologies and processes that enable trusted environments in a hyper-connected world. Image courtesy of Eaton.

What are the shortcomings of existing cyber security standards in power management that require new standards?

UL has established the industry's first common criteria for evaluating networked products to ensure that they meet industry cybersecurity standards. Of course, there are a number of cybersecurity standards and regulations. To date, however, there is no other organization in the US that provides a mandatory guide to third-party cyber security certification for power management technologies as a UL-2900 standard.

Which other international standards should be considered?

The American National Standards Institute (ANSI) and the International Society of Automation (ISA) have also developed safety standards for industrial automation. The standard ANSI / ISA-99.00.01-2007 Safety for industrial automation and control systems is the basis for the standard IEC 62443 of the International Electrotechnical Commission (IEC). The IEC 62443 series of standards generally specifies requirements for safety functions. These skills can be technical skills related to security mechanisms or process capabilities that are human in nature. We also have ISO / IEC 27001, which can be used in any form of organization to meet cybersecurity requirements for setting up, deploying, operating, monitoring, auditing, maintaining and improving documented information security management systems and many others.

UL2900 Standard provides common criteria for evaluating products to ensure that they conform to industry standards.

Does compliance with this UL standard mean that a product is not prone to known malware that can disrupt industrial processes?

It is important to point out that cybersecurity also depends, technologically, on how technology is used as a threat to evolve. For example, if I have a smartphone and the manufacturer releases an update, it is my responsibility as the end user to update my device. If I do not, my device may be more vulnerable to an attack than an updated device.

More Products  Fluke Introduces DS701 and DS703 Videoscopes

The same is true of how a customer applies technology and what updates and upgrades make sense for their system and environment. As threats continue to evolve, Eaton continues to identify where the risk lies, works to eliminate the risk, and regularly updates our products. An important part of the process is to ensure that our customers are aware of these upgrades and can leverage the latest technologies, best practices and available versions. Our cybersecurity website is a resource for getting news about new security holes, emerging threats, or product update information.

What is the goal of product safety at Eaton? What do you want to achieve?

Software and communications technologies are changing the face of the power system. Traditionally, electrical systems have been controlled by serial devices connected to computers via dedicated transceivers with proprietary protocols. In contrast, today's control systems are increasingly associated with larger enterprise networks that can expose these systems to vulnerabilities typically found in IT systems.

The main goals of Eaton's approach to product safety are to improve safety and protect availability. Integrity and Confidentiality of Electrical Systems

Organizations should take cybersecurity threats seriously and proactively protect them with a defensive approach that is tailored to enterprise needs, using the latest technologies.

There is no protection method that is completely safe. A "defense-in-depth" mechanism that is effective today may not be effective tomorrow – as the methods and means of cyber attacks are constantly changing. It is critical that administrators remain aware of changes in cybersecurity and continue to work to prevent potential security vulnerabilities in their managed systems.

Is the test facility in Pittsburgh the only facility of its kind? If not, what makes it unique?

Eaton has approved the first lab to participate in the UL Cyber ​​Security Data Acceptance Program. And we are now able to test Eaton products with intelligence or embedded logic for key aspects of the UL 2900-1 and 2900-2-2 standards. Our customers do not want to take any risks with their systems. With products tested in our specialty labs, customers can rest assured that Eaton devices meet industry safety requirements before being installed in their critical systems.

In a hyper-connected world, trusted environments are a must. Eaton's commitment to defending these environments comes to life in our lab in Pittsburgh, where our experts are finding new ways to protect products and systems from cyber-attacks, provide in-house training, and help customers deliver and maintain secure solutions.

Security in many organizations This is an afterthought, as illustrated by the number of updates used to correct process errors. But at Eaton, cybersecurity is an integral part, as the people, processes, and technologies in our Secure Development LifeCycle (SDLC) process are rigorously enforced protocols that incorporate cyber security into our product development.

Related Articles

Leave a Reply