UL and Codenomicon have collaborated to develop and perform security testing on network connected devices.
Initial testing will be on industrial automation equipment and services and medical devices, with planned expansion into security testing in other industries. Codenomicon and UL will work together to provide Fuzz and Binary Analysis testing services. Fuzz Testing is a mechanism in which the communication protocols of the device under test are subjected to random exception messages to discover coding and security errors. The Binary Analysis identifies known vulnerabilities found in compiled software that could possibly be deployed in a production environment.
These services will support UL’s customers’ needs in addressing security concerns in the evolving industrial automation and medical equipment industries.
UL believes that developing security testing and certification programs for industrial and medical systems that utilize either proprietary or third-party components would add value to all stakeholders, increase safety and begin to form a baseline security-test by which a device’s level of security can be measured and rated. UL and Codenomicon will create a program that manufacturers and system operators can submit their products and systems for evaluation. Upon test and evaluation, the results would be communicated to the manufacturers and system operators and UL and Codenomicon may make policy recommendations to track and remediate any known and unknown vulnerabilities in the tested device.
“Codenomicon’s goals and principals are well-aligned with those of UL. We are committed to working with any organization that can help identify known vulnerable and unknown vulnerable software components in the critical systems we all rely on today, to fulfill the role of a trusted resource for those who are concerned with cybersecurity of devices.” said Mike Ahmadi, global director of Critical Systems Security, Codenomicon.
”Our collaboration with Codenomicon is founded on our mutual commitment to discover and solve the safety and security concerns of cyber-capable devices before they become integrated into new systems,” said Lisa Salley, vice president and general manager of UL Energy & Power Technologies. “We are confident this joint effort will fulfill that shared mission.”
Codenomicon’s tools are currently used by the U.S. Food and Drug Administration (FDA) to increase their understanding of vulnerabilities affecting medical systems and devices, as part of their ongoing development of their cybersecurity analysis lab. UL will leverage the tools to conduct similar testing and analysis for industrial and medical devices.
“Testing and Certification Security Solutions tools like these will allow us to become an even closer partner with both the manufacturers of healthcare products as well as product regulators. We are looking forward to new opportunities to promote innovation in the market by helping these manufacturers demonstrate the steps they’ve taken in doing their part to improve security in the overall healthcare ecosystem. UL’s mission is founded on protecting patient safety and opportunities like this allow new ways to administering health care and bring confidence to the patients, manufactures and regulators” echoes Anil N. Patel, Director of Global Markets and Regulatory strategy.
“Codenomicon is very pleased to be in collaboration with UL. Our tools, combined with the vast testing experience UL brings to the table, will combine to create a testing environment where security can be evaluated and measured by an internationally trusted source,” said David Chartier, CEO of Codenomicon.
>> For more information, click here