For more than 120 years Underwriters Laboratories (UL) has made our technological world safer. The public has learned to have trust and confidence in the organization’s product/service testing and certification services.
I wanted to highlight a few recent UL activities in our industry. First, a short story from my past as to how one can be deceitful with the public’s confidence in the UL brand.
A competitor of mine had designed and fabricated a self-contained alarm system that was promoted to detect the “sounds burglars make.” While it was an impressive demo, he would further give the customer confidence of reliability as it was promoted as a “UL-Listed system.”
The only problem with this declaration was that only the AC plug and cord were UL Listed, not the whole system.
Cybersecurity Assurance Program Tests Vulnerabilities
Moving ahead to present time, I have noticed recently some interesting endeavors by UL. Everywhere you turn you hear of the public’s concern for cybersecurity.
On the one hand, everyone is excited with the latest trends of Internet of Things (IoT) connectivity in security products; on the other, their concerns of cyber-hacking increase with every report of another breach.
International Data Corporation (IDC) research forecasts that 66% of networks will have an IoT security breach by 2018.UL has taken its 20 years of experience in financial security and cryptography, along with committing more than 400 skilled security engineers, to setting up a new Cybersecurity Assurance Program (CAP) standards series, UL 2900.
UL realized the need for technical criteria that would provide transparent, repeatable, reproducible testing across industry verticals. Understanding that product software is the main cybersecurity culprit, companies can choose the UL CAP service to fit their needs.
Some primary elements of UL 2900 are:
- Fuzz Testing — Main method of finding unknown defects.
- Known Vulnerabilities — Understanding where software was sourced and identifying known malware on products.
- Penetration Testing — Ethical hacking to identify vulnerabilities; trying to circumvent existing security measures.
- Code & Binary Analysis — Evaluating the source code.
- Access Control & Authentication — Observing how one accesses and authenticates a product.
- Cryptography — Does the product contain encryption? Here’s where encryption practices are tested.
- Remove Communications — Testing the security in the communication of IoT devices.
- Software Update — Ensuring that product updates are complete and original, and not from scrupulous sources.
More information on the UL CAP program can be found in an hour-long on-demand webinar connect.ul.com as well as a UL 2900 overview document, “UL Global Cybersecurity Services and Standards,” downloadable here.
Video Category Gets Boost From Camera Test Kit
Arguably the most popular security technology today is video. Yet, since most video is digital, there can be a large range of performance factors. UL realized this some time ago and came out with UL 2802, First Edition of the Standard for Performance Testing of Camera Image Quality.
The program can differentiate a camera’s capabilities by independently validating the image quality attributes of a camera. I have some good and bad news on this standard. The bad news is that it appears only a handful of companies have taken advantage of being tested and evaluated on UL 2802.
The good news is that I recently noticed UL is offering a UL 2802 Camera Resolution Test Kit. This test kit is based on the same spatial frequency response (SFR) method as that in ISO 12233. The kit includes test target, test software, and a USB key to run the software.