US Insurance Underwriters Launch Cyber Security Program

Uploaded on 2015-09-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

900303.gif

Underwriters Laboratories (UL) is the largest and best known independent, not-for-profit U.S testing laboratory. 

It appears the White House's vision of an Underwriters Laboratories-type certification for Internet of Things products could become a reality: a UL official says the organization is involved with the US government's initiative to promote such security certification standards.
"We are involved with those initiatives," says Maarten Bron, director of innovations at UL, of the White House's interest in coming up with a UL-type program for increasingly Internet-connected consumer devices. "The White House is trying to achieve is to foster collaboration between private and government sectors to come up with these standards … Plans are still in the making from the White House" side, he says, so he can't share any additional details at this time.

UL, meanwhile, also is putting the final touches on a test and certification program of its own for IoT products, Bron says. "For us, cybersecurity and IoT have been on the radar screen for a long time already. We are prepared to release a test and certification program for this" that draws from its customers' needs and concerns, he says.
"While many details of The White House initiative are still in development at this early stage, UL is prepared to align with the initiative in its goal to bring the public and private sectors closer together in fighting cybercrime," UL's Bron says.
The White House has been mulling a UL "seal" model for IoT security: Michael Daniel, special assistant to the President and the nation's cybersecurity coordinator, in an interview in April with Dark Reading, said the Obama administration considers an Underwriters Laboratories-type certification model a good fit for driving vendors to secure their increasingly Internet-connected consumer products.
"We are very much interested in voluntary models" for this, Daniel said in the interview. "A nonprofit consortium that would rate products … I find that model very intriguing and similar in the development" of IoT security and safety, he said.
Rumblings that the White House may be ready to take action on a cybersecurity UL emerged last week after Peiter C. Zatko, aka Mudge, tweeted that he was leaving Google's ATAP group to create a "#CyberUL." "Goodbye Google ATAP, it was a blast. The White House asked if I would kindly create a#CyberUL, so here goes!"

No official word from the White House nor details yet from Zatko, but UL's Bron confirmed that his organization was aware of and involved with the administration's initiative. UL's traditional role has been testing and certifying appliances for electrical safety, but it also created a cyber security division about four years ago. "It's about security in the virtual world," Bron says, including transaction-oriented electronic payments, namely certification of chip and PIN technologies, he says.
"We developed automated testing tools that … retrieve those settings from bank card chips and cross-validate against Visa best practices," for instance, he says. "In our labs, we accredit and certify components on behalf of Visa and MasterCard," for instance.

As for IoT, UL is looking at health and industrial controls systems, for example. "We're very much focused on trying to detect and mitigate known vulnerabilities … in devices such as for health and industrial control systems. We really see a strong need in the market."
Dark Reading: http://ubm.io/1KMNefT

 

« Countdown: 10 Things Cyber Crooks Could Do To Your Computer, Without Even Touching It
Assange Advised Snowden To Go to Russia »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO Cooperative Cyber Defence Centre (CCDCOE)

NATO CCDCOE's mission is to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence.

Certification Europe

Certification Europe

Certification Europe (now Amtivo Ireland) is an accredited certification body which provides ISO management system certification, including ISO 27001.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

DarkLight

DarkLight

DarkLight Cyio is an AI-powered cyber risk solution that applies real-time threat intelligence and business context to risk prioritization.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

Universal Technical Resource Services (UTRS)

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.

Attura

Attura

Atturra is one of Australia's leading advisory and IT solutions providers, focused on providing end-to-end transformation services to its clients.