The growth of digitization in manufacturing and critical infrastructure demands that products become smarter and more interconnected. As a result, they also become more vulnerable to cyber threats. Network segmentation and firewalls for these components are no longer a sufficient means to address cyber threats. This is due to the increased use of standardized hardware and software components in networked automation and control systems.

Greater connectivity has added significant benefits to production, such as data analytics, predictive and preventive maintenance, remote management and interoperability of systems. With these benefits also comes the added challenge of security of the control infrastructure from cyber threats that can cause:

  • Unplanned downtime
  • Loss of data
  • Costly harm to assets
  • Health risks or loss of life
  • Reputational damage

The Need for Strong Security Practices

Today, asset owners of plants or critical infrastructure are demanding suppliers of industrial automation systems to provide evidence of their security diligence in their practices and supply chain management. The IEC 62443 family of standards provides guidance for manufacturers and system integrators to build strong security measures into their processes to help mitigate these security risks for asset owners.

System integrators can take advantage of aligning organizational security practices with IEC 62443-2-4 or security functions with IEC 62443-3-3. Manufacturers can provide security assurance to customers of their secure software development lifecycle process utilizing IEC 62443- 4-1 and security functions in IEC 62443-3-3.

Leverage UL cybersecurity expertise and integrity to gain transparency and validation of supply chain security for a more secure and robust operating environment. UL can help any industrial control system (ICS) manufacturer or system integrator earn customer confidence in the cyber readiness of both their organizational secuirty practices and system security.

Practical & Scalable Cybersecurity Services

Create brand differentiation and strengthen product preference with UL’s practical and scalable cybersecurity training, advisory, testing and certification services. Through the implementation of criteria within IEC 62443, Industrial Communication Networks – Network and System Security, or UL 2900-2-2, Standard for Software Cybersecurity for Network-Connectable Devices, it is possible to reinforce brand trust through cybersecurity market leadership.

UL offers flexible cybersecurity services for factory automation and industrial control systems to meet customers’ needs:

  • Testing: penetration testing, source code analysis, vulnerability analysis, fuzz testing
  • Certification: IEC 62443-2-4, IEC 62443-3-3, IEC 62443-4-1, IEC 62443-4-2 (pending publication) or UL 2900-2-2
  • Training: IEC 62443, security best practices, threat analysis
  • Advisory: Gap assessment

Find the right service within the UL offering and learn how it meets your particular needs.

View the scope and table of contents for the UL Standard that applies to your regulatory or engineering needs.