Select your location

  • For Safety’s Sake: Product cybersecurity enables trusted IIoT connections

The importance of product cybersecurity 

By 2025, 41.6 billion connected devices will be generating 79.4 zettabytes (ZB) of data that will need to be securely maintained and processed. Analysts forecast that this increase in connected devices and the data they generate will continue to grow exponentially.

Our world is also becoming increasingly electrified. The increase in data and computing is expected to require four times more electricity over the next decade. (The Internet Cloud Has a Dirty Secret - Fortune

In a world with amped up connectivity and electrical demand, customers need confidence that their electrical power systems are constructed with trusted products. Cybersecurity is a must-have for product development, much like safety and quality. This means strict procedures and cybersecurity protocols need to be integrated at every phase of product development that involve people, processes and technologies.

Moving forward, advancing cybersecurity in our increasingly connected world will require industries and standards organizations to identify a unified global criteria for assessing products. To help create a more cyber-secure future through global standardization we have partnered with UL, the International Electrotechnical Commission (IEC) and other industry partners to drive for development of a global cybersecurity conformance assessment for power management products.

Cybersecurity is a must-have for product development, much like safety and quality.

Max Wandera, director, Product Cybersecurity Center of Excellence, Eaton

Understanding cybersecurity certifications for connected products

For power management that is digitalized and connected, UL created its 2900 Standard for Software Cybersecurity for Network-Connectable Products (UL 2900). These guidelines were the first of their kind  and  include processes to test devices for security vulnerabilities, software weaknesses and malware. This standard confirms that the device manufacturer meets the guidelines for:

  • Risk management processes
  • Evaluation and testing for the presence of vulnerabilities, software weaknesses and malware
  • Requirements for security risk controls in the architecture and product design

UL also provides a Data Acceptance Program for manufacturers, which certifies testing laboratories with the global capability to test products with intelligence or embedded logic to key aspects of the its 2900 standard. By purchasing products tested in these specialized labs, customers can rest easier, knowing their devices are compliant with the industry’s highest cybersecurity requirements before they're installed in critical systems.

Similarly, the IEC adopted the 62443 series of standards, which provides a framework to address the cybersecurity of Industrial Control Systems. These standards provide requirements for all of the principal roles across the system lifecycle – from product design and development through integration, installation, operation and support as described in the image below. In 2018, the IEC added 62443-4-2 to improve the security of products.

Eaton was the first company in its industry to achieve dual certifications for rigorous IEC 62443 and UL 2900 product certifications. Our uninterruptible power supply (UPS) connectivity devices meet both IEC 62443-4-1, 62443-4-2 and UL 2900-1 cybersecurity standards. Eaton also possesses the first lab approved to participate in UL's Data Acceptance Program for cybersecurity – providing the capability to test Eaton products with intelligence or embedded logic to key aspects of the UL 2900 Standards. We know that cybersecurity is essential in the overall development of a product lifecycle and a critical capability. Eaton’s enterprise-wide and consistent approach is unique in our industry.

Cybersecurity is essential in the overall development of a product lifecycle and a critical capability. Eaton’s enterprise-wide and consistent approach is unique in our industry.

Max Wandera, director, Product Cybersecurity Center of Excellence, Eaton

 

Unifying global cybersecurity standards for connected products

The security of a network or system is only as strong as its weakest link. Organizations should employ basic cybersecurity hygiene and continuously analyze emerging threats to ensure systems are deployed securely. Additionally, companies should take inventory of everything connected to their networks and employ a zero-trust model.

As more manufacturers and industries build and deploy IIoT devices, the security and safety of systems providing essential operations become more important and more difficult to manage. These complexities are due, in part, to a lack of a global, universally accepted cybersecurity standard and conformance assessment scheme designed to validate connected products.

The economic challenges to safeguarding IIoT ecosystems spawn from the complex manufacturing supply chain and the difficulty of assigning clear liabilities to manufacturers and system integrators for any vulnerabilities introduced. Most products and systems assemblies consist of components from different suppliers. Where should the element of trust begin and end if there is no global conformity assessment scheme to ensure that products and systems are designed to be compliant with the global standards defined by the industry?

There are currently a multitude of different standards and regulations created by various organizations, countries and regional alliances across the globe. All of these standards and regulations address the urgent need to secure our connected world, however they also create the potential for confusion and possibility of weak links in critical infrastructure ecosystems. A unified global conformance assessment would address these challenges and more. The time to drive this singular certification is now. We’re working with leaders across the industry to do just that.

Stay tuned for the next article to learn how cybersecurity process certifications build trusted environments.

More for you

View more blog posts

Return to For Safety's Sake to view all posts.