UL and Codenomicon have collaborated to develop and perform security testing on network connected devices. Initial testing will be on industrial automation equipment and services and medical devices, with planned expansion into security testing in other industries. Codenomicon and UL will work together to provide fuzz and binary analysis testing services. Fuzz testing is a mechanism in which the communication protocols of the device under test are subjected to random exception messages to discover coding and security errors. Binary analysis identifies known vulnerabilities found in compiled software that could possibly be deployed in a production environment.
UL believes that developing security testing and certification programs for industrial and medical systems that utilize either proprietary or third-party components would add value to all stakeholders, increase safety, and begin to form a baseline security-test by which a device’s level of security can be measured and rated. UL and Codenomicon will create a program that manufacturers and system operators can submit their products and systems to for evaluation. Upon security testing and evaluation, the results would be communicated to the manufacturers and system operators and UL and Codenomicon may make policy recommendations to track and remediate any known and unknown vulnerabilities in the tested device.
“Codenomicon’s goals and principals are well-aligned with those of UL,” said Mike Ahmadi, Codenomicon global director of critical systems security. “We are committed to working with any organization that can help identify known vulnerable and unknown vulnerable software components in the critical systems we all rely on today, to fulfill the role of a trusted resource for those who are concerned with cybersecurity of devices.”
“Our collaboration with Codenomicon is founded on our mutual commitment to discover and solve the safety and security concerns of cyber-capable devices before they become integrated into new systems,” said Lisa Salley, UL vice president and general manager of energy and power technologies. “We are confident this joint effort will fulfill that shared mission.”
Codenomicon’s tools are currently used by the U.S. Food and Drug Administration to increase their understanding of vulnerabilities affecting medical systems and devices, as part of their ongoing development of their cybersecurity analysis lab. UL will leverage the tools to conduct similar security testing and analysis for industrial and medical devices.
“Testing and certification security solutions tools like these will allow us to become an even closer partner with both the manufacturers of healthcare products as well as product regulators,” said Anil N. Patel, UL director of global markets and regulatory strategy. “We are looking forward to new opportunities to promote innovation in the market by helping these manufacturers demonstrate the steps they’ve taken in doing their part to improve security in the overall healthcare ecosystem. UL’s mission is founded on protecting patient safety and opportunities like this allow new ways to [administer] health care and bring confidence to the patients, manufactures, and regulators.”
“Codenomicon is very pleased to be in collaboration with UL,” said David Chartier, Codenomicon CEO. “Our tools, combined with the vast testing experience UL brings to the table, will combine to create a testing environment where security can be evaluated and measured by an internationally trusted source.”
For more on UL’s security testing, visit ul.com.