Securing connected devices in “Internet of Things” environments
From medical devices, to smart home equipment, to industrial applications, the Internet of Things marks a trend where today there are over 6 billion connected devices, increasing to 20+billion connected devices by 2020, or around 3 connected devices per person globally.
IoT devices are potential entry points to wider IoT ecosystems. For example, the term “thingsbots,” has already been coined to point at the risk that these devices may become part of wider botnets, making it harder to detect spam attacks or deflect other denial-of-service attacks.
Through different IoT devices, smart connected devices and more traditional network equipment, unauthorized access to wider networks, databases, and systems can be obtained, therefore increasing an attack vector, for hackers that moreover grow more sophisticated breaking in.
The effects of a successful attack executed against a device or a system might effect in:
- Theft of confidential, stored or used information by the device or system
- Use the device or system as stepping stone for further penetrating into the network
- Privacy breach on end-user devices or systems
To address IoT security threats, UL has introduced our Cybersecurity Assurance Program (UL CAP). UL CAP uses the new UL 2900 series of standards to offer testable cybersecurity criteria for network-connectable products and systems to:
- Assess software vulnerabilities and weaknesses
- Minimize exploitation
- Address known malware
- Review security controls and increase security awareness
Examples of devices that can be submitted for UL CAP testing and evaluation include smart home equipment, consumer electronics, wearables/medical devices and network equipment.
UL CAP is third party validation that can help you mitigate safety and performance risks. Our program can assess security risks for network–connected products and systems as well as the vendor processes for developing and maintaining products and systems.
Next to UL CAP, UL also offers customized software testing services, or can perform testing against customer requirements:
- Web / mobile application testing
- Code review
- Wider secure SDLC and/or supply chain assurance support