UL Cybersecurity Assurance Program – evaluating network-connectable products and systems per common security requirements – Recorded Webinar


Recently, security risks have been become inherently more public and the advent of software in a manufacturer’s supply chain can drive these risks to affect both the safety and performance of the product they manufacture and the relevant systems in which the product is implemented. With the emergence of the Internet of Things (IoT) many systems are now more susceptible to security flaws that may compromise these systems and affect their true intended purpose.

To assist manufacturers who develop these products and purchasers who acquire these products; UL has developed a series of standards under UL 2900 that aims to provide a minimum set of requirements that manufacturers of network-connectable products can pursue to establish a baseline of protection against vulnerabilities and software weaknesses, along with a minimum set of security risk controls and documentation to consider relative to their existing overall product risk assessments. These requirements can apply to multiple ecosystems of products. Some examples are healthcare systems, industrial automation and SCADA systems, transportation and automotive systems, building automation systems, life safety systems (such as smoke detectors and intrusion panels), critical infrastructure, smart home & consumer devices and applications, and software applications.


Upon completion of this webinar participants will learn:

  • History of cybersecurity risk
  • Fundamentals of developing products with security in mind:
    • Assessing and addressing known vulnerabilities and malware
    • Identifying software weaknesses that are common causes of known security vulnerabilities
    • Common security controls around:
      • Access control and authentication
      • Cryptography
      • Remote communications
      • Software updates
      • Decommissioning of products
  • How to develop a robust methodology for identifying risks in a manufacturers’ software supply chain

Target Audience

  • Manufacturers
  • Vendors
  • Government
  • System Integrators
  • Retailers
  • Utilities
  • Purchasers

About the Instructor

Kenneth Modeste
Principal Engineer – Commercial & Industrial Business Unit, UL

Ken Modeste is a Principal Engineer and the Cybersecurity Technical Lead for UL’s Commercial & Industrial Business Unit (C&I). His global responsibilities cover cybersecurity, interoperability and protocol compliance. Ken works to ensure the security and interoperability of C&I programs, is UL’s cryptographic laboratory manager and its principal technical advisor, and the primary technical lead for UL’s Cybersecurity Assurance Program (UL CAP).

For UL CAP, Ken contributed to creating UL 2900 series of standards that addresses security concerns in network-connectable products and systems. He leads the test effort of application software, embedded software, firmware, drivers, middleware, and operating systems for IT systems, industrial control systems and medical devices. He also leads the test effort in penetration testing of hardened VPN communication systems, medical devices, programmable logic controllers and other products that are submitted into UL’s C&I cybersecurity program.


Click here for terms and conditions...


Time Requirement


Web-Based 60 minutes

UL and the UL logo are trademarks of UL LLC © 2019.