Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingPhysical Security

Get to know the standards advancing cybersecurity

There is a crucial need for robust cybersecurity practices.

By Max Wandera
SEC0920-Standards-Feat-slide1_900px

Eaton has the first research and testing facility approved to participate in UL›s Cybersecurity client lab validation program in Pittsburgh, Penn. 

Image courtesy of Eaton

SEC0920-Standards-slide2_900px

The IEC 62443 series of standards provides a framework to address the cybersecurity of Industrial Control Systems. 

Image courtesy of Eaton

SEC0920-Standards-slide3_900px

About the Author

Max Wandera, as director of the Cybersecurity Center of Excellence at Eaton,  provides leadership and oversight for the research, design, development and implementation of security technologies for products, systems and software applications. In his position, he is also responsible for Eaton’s Secure Product Development Lifecycle Policy and compliance. Wandera holds Global Information Assurance Certification (GIAC) Security Leadership and Certified Information Systems Security Professional (CISSP) accreditations. His expertise enables him to act as the voice of Eaton on product cybersecurity matters and lead cross-functional collaboration with corporate officers, industry leaders and government entities, including the Cybersecurity and Infrastructure Security Agency (CISA) to shape the future of cybersecurity and trusted connectivity.

SEC0920-Standards-Feat-slide1_900px
SEC0920-Standards-slide2_900px
SEC0920-Standards-slide3_900px
September 11, 2020

There are currently a multitude of different standards and regulations to address the urgent need to secure our connected world, yet it’s time to create a unified global conformance assessment.

A world with amped up connectivity and electrical demand needs confidence that connected systems are constructed with trusted products. The exponential growth of the Industrial Internet of Things (IIoT) is creating a crucial need for robust cybersecurity practices and well-defined standards that provide customers with confidence that their connected devices will operate securely throughout their entire lifecycle.

By 2025, 41.6 billion connected devices will be generating 79.4 zettabytes (ZB) of data that will need to be securely maintained and processed. Analysts forecast that this increase in connected devices and the data they generate will continue to grow exponentially. The resulting increase in critical data and computing is expected to require four times more electricity over the next decade.

These factors make cybersecurity a must-have for product development, much like safety and quality. Manufacturers need to develop connected products with security in mind by ensuring we have the right talent, are leveraging the right technologies and embedding cybersecurity best practices throughout our product development lifecycle.

 

Understanding Device-Level Cybersecurity Certifications

For power management that is digitalized and connected, UL created its 2900 Standard for Software Cybersecurity for Network-Connectable Products (UL 2900). These guidelines were the first of their kind and include processes to test devices for security vulnerabilities, software weaknesses and malware. This standard confirms that the device manufacturer meets the guidelines for:

  • Risk management processes.
  • Evaluation and testing for the presence of vulnerabilities, software weaknesses and malware.
  • Requirements for security risk controls in the architecture and product design.

UL also provides a Cybersecurity Client Lab Validation program for manufacturers, which certifies testing laboratories with the global capability to test products with intelligence or embedded logic to key aspects of its 2900 standard. By purchasing products tested in these specialized labs, customers can rest easier, knowing their devices are compliant with the industry’s highest cybersecurity requirements before they are installed in critical systems.

Similarly, the International Electrotechnical Commission (IEC) adopted the 62443 series of standards, which provides a framework to address the cybersecurity of Industrial Control Systems. These standards provide requirements for all of the principal roles across the system lifecycle – from product design and development through integration, installation, operation and support as described in the image. In 2018, the IEC added 62443-4-2 to improve the security of products.

Eaton was the first company in its industry to achieve dual certifications for rigorous IEC 62443 and UL 2900 product certifications. Our uninterruptible power supply (UPS) connectivity devices meet both IEC 62443-4-1, 62443-4-2 and UL 2900-1 cybersecurity standards. We also posses the first lab approved to participate in UL’s Cybersecurity client lab validation program – providing the capability to test Eaton products with intelligence or embedded logic to key aspects of the UL 2900 Standards.

Beyond these device-level standards, cybersecurity is essential in the overall development of a product lifecycle. Product cybersecurity certifications are needed to support trusted connectivity. It is just as important to validate that secure product development principles are applied by manufacturers. This can be confirmed by manufacturers that follow an accredited Secure Development Lifecycle (SDL), which ensures cybersecurity has been embedded throughout the entire product development process.

 

Why is Secure Development  Lifecycle (SDL) Important?

A “Defense-in-Depth” mechanism that is effective today may not be effective tomorrow because the vulnerabilities keep evolving. This is why administrators of industrial control system networks must be ever-alert to changes in the cybersecurity landscape and work to prevent any potential vulnerabilities.

SDL was created in response to an increase in virus and malware outbreaks at the turn of the twenty-first century. This approach to product development places cybersecurity front and center from inception to deployment and lifecycle maintenance. SDL can help manufacturers stay ahead of cybercriminals by managing cybersecurity risks throughout the entire lifecycle of a product or solution.

For manufacturers, adopting a SDL approach that has been validated by a third-party is critical to creating trusted environments. It’s the third-party certification that gives customers confidence in the processes and technologies they’re applying, much like safety certifications and standards in the National Electric Code.

Although SDL is not an inherent code or standard, it does dictate how cybersecurity should be integrated into processes for product procurement, design, implementation and testing teams.

IEC 62443-4-1 lays out guidelines for secure product lifecycle development in the electrical industry. The IEC guideline specifies process requirements for the secure development of products used in industrial automation and control systems. It defines a secure development lifecycle for developing and maintaining secure products. These guidelines can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products.

Third-party validation for SDL processes is important because it provides customers with confidence and helps reduce risk by confirming that the technologies and processes they’re applying comply with proven industry guidelines. At Eaton, we take SDL very seriously to proactively manage cybersecurity risks in products through a framework involving threat modeling, requirements analysis, implementation, verification and ongoing maintenance.

 

The Importance of Unifying Global Cybersecurity Standards for Connected Devices

Moving forward, advancing cybersecurity in our increasingly connected world will require industries and standards organizations to identify a unified global criterion for assessing products. To help create a more cyber-secure future through global standardization we have partnered with UL, the International Electrotechnical Commission (IEC) and other industry partners to drive for development of a global cybersecurity conformance assessment for power management products.

Think of it this way: the security of a network or system is only as strong as its weakest link. As more manufacturers and industries build and deploy IIoT devices, the security and safety of systems providing essential operations become more important and more difficult to manage. These complexities are due, in part, to a lack of a global, universally accepted cybersecurity standard and conformance assessment scheme designed to validate connected products.

The economic challenges to safeguarding IIoT ecosystems spawn from the complex manufacturing supply chain and the difficulty of assigning clear liabilities to manufacturers and system integrators for any vulnerabilities introduced. Most products and systems assemblies consist of components from different suppliers. Where should the element of trust begin and end if there is no global conformity assessment scheme to ensure that products and systems are designed to be compliant with the global standards defined by the industry?

There are currently a multitude of different standards and regulations created by various organizations, countries and regional alliances across the globe. All of these standards and regulations address the urgent need to secure our connected world; however, they also create the potential for confusion and possibility of weak links in critical infrastructure ecosystems. A unified global conformance assessment would address these challenges and more. The time to drive this singular certification is now. We are working with leaders across the industry to do just that.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Max wandera 200px

Max Wandera, as director of the Cybersecurity Center of Excellence at Eaton,  provides leadership and oversight for the research, design, development and implementation of security technologies for products, systems and software applications. In his position, he is also responsible for Eaton’s Secure Product Development Lifecycle Policy and compliance. Wandera holds Global Information Assurance Certification (GIAC) Security Leadership and Certified Information Systems Security Professional (CISSP) accreditations. His expertise enables him to act as the voice of Eaton on product cybersecurity matters and lead cross-functional collaboration with corporate officers, industry leaders and government entities, including the Cybersecurity and Infrastructure Security Agency (CISA) to shape the future of cybersecurity and trusted connectivity.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Revised NIST Cyber Security Framework - Security Magazine

    5 Things You Need to Know about the Revised NIST Cybersecurity Framework

    See More
  • 5 mins with Dr. Brumley

    5 minutes with Dr. David Brumley - Capture the Flag cybersecurity competitions and how to get started

    See More
  • Rick McElroy

    5 minutes with Rick McElroy - What CISOs should know about returning to the office

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing