UL is a company providing testing and safety certifications with electrical, building, fire, mechanical and other codes to ensure products sold to consumers and companies are as safe as possible, and follow their UL standards. For example, you should probably look for the UL logo on any 100~240V electrical appliances, power supplies, etc… to make sure you purchase safe products, and also in order to avoid voiding any insurance you may have in case of fire. The company is now getting into cybersecurity, specifically for IoT security, with UL 2900 standard.
The standard is currently divided into three parts:
- UL 2900-1 – Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements
- UL 2900-2-1 – Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems
- UL2900-2-2 – Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 2-2: Particular Requirements for Industrial Control Systems
The standards were published just over 3 months ago, which means so far no products has been certified. EETimes interviewed some IoT industry players as well as UL themselves about the new standard. Silicon vendors are aware of UL 2900, and while Silicon Labs have not had request from customers yet, they mentioned some are going “hardcore” on security. NXP representatives explained that “it’s more important to build security from the get go”, but certifications still help differentiating good products from bad. UL is not that well-know in the cybersecurity spaces, but they’ve been in the field for over 20 years, for example developing FIPS 140 standard for cryptographic modules, and around 100 products, mostly critical infrastructure, medical device, healthcare system and automotive components, are in the pipe to become UL 2900 certified in Q3 2016 and beyond.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.