US Insurance Underwriters Launch Cyber Security Program

Uploaded on 2015-09-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

900303.gif

Underwriters Laboratories (UL) is the largest and best known independent, not-for-profit U.S testing laboratory. 

It appears the White House's vision of an Underwriters Laboratories-type certification for Internet of Things products could become a reality: a UL official says the organization is involved with the US government's initiative to promote such security certification standards.
"We are involved with those initiatives," says Maarten Bron, director of innovations at UL, of the White House's interest in coming up with a UL-type program for increasingly Internet-connected consumer devices. "The White House is trying to achieve is to foster collaboration between private and government sectors to come up with these standards … Plans are still in the making from the White House" side, he says, so he can't share any additional details at this time.

UL, meanwhile, also is putting the final touches on a test and certification program of its own for IoT products, Bron says. "For us, cybersecurity and IoT have been on the radar screen for a long time already. We are prepared to release a test and certification program for this" that draws from its customers' needs and concerns, he says.
"While many details of The White House initiative are still in development at this early stage, UL is prepared to align with the initiative in its goal to bring the public and private sectors closer together in fighting cybercrime," UL's Bron says.
The White House has been mulling a UL "seal" model for IoT security: Michael Daniel, special assistant to the President and the nation's cybersecurity coordinator, in an interview in April with Dark Reading, said the Obama administration considers an Underwriters Laboratories-type certification model a good fit for driving vendors to secure their increasingly Internet-connected consumer products.
"We are very much interested in voluntary models" for this, Daniel said in the interview. "A nonprofit consortium that would rate products … I find that model very intriguing and similar in the development" of IoT security and safety, he said.
Rumblings that the White House may be ready to take action on a cybersecurity UL emerged last week after Peiter C. Zatko, aka Mudge, tweeted that he was leaving Google's ATAP group to create a "#CyberUL." "Goodbye Google ATAP, it was a blast. The White House asked if I would kindly create a#CyberUL, so here goes!"

No official word from the White House nor details yet from Zatko, but UL's Bron confirmed that his organization was aware of and involved with the administration's initiative. UL's traditional role has been testing and certifying appliances for electrical safety, but it also created a cyber security division about four years ago. "It's about security in the virtual world," Bron says, including transaction-oriented electronic payments, namely certification of chip and PIN technologies, he says.
"We developed automated testing tools that … retrieve those settings from bank card chips and cross-validate against Visa best practices," for instance, he says. "In our labs, we accredit and certify components on behalf of Visa and MasterCard," for instance.

As for IoT, UL is looking at health and industrial controls systems, for example. "We're very much focused on trying to detect and mitigate known vulnerabilities … in devices such as for health and industrial control systems. We really see a strong need in the market."
Dark Reading: http://ubm.io/1KMNefT

 

« Countdown: 10 Things Cyber Crooks Could Do To Your Computer, Without Even Touching It
Assange Advised Snowden To Go to Russia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Global Cyber Risk (GCR)

Global Cyber Risk (GCR)

Global Cyber Risk is a technology and advisory services firm that provides first tier cybersecurity services to both large corporations and small and mid-sized businesses.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

Cymune

Cymune

At Cymune we help businesses to fight against cybercrime, protect patented data and diminish security risks.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Ibento Global

Ibento Global

Ibento organises the CyberX series of cybersecurity conferences.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.