• Continued adoption of devices connected to ‘Internet of Things’ increases chances of exposure to sophisticated cyber attacks
  • UL’s global team of experts offer comprehensive advice and safety standards that can protect companies from falling victim to cybercriminals

Dubai: UL, the global independent safety science company, has issued a warning to businesses in the Middle East of the dangers posed by increasingly sophisticated cyberattacks that target unsecured internet-accessible devices and building control systems (BCS).
An increasing number of companies are connecting to the Internet of Things (IoT) to run an ever- increasing network of life safety and security products. By doing so, they are leaving themselves open to attack by hackers who can access secure and sensitive systems via a web-connected BCS such as security alarm control panels, access control systems, intrusion detection units, smoke and fire alarm control units, and mass notification systems.

Louis Chavez, principal engineer for life safety and security products within UL’s Building and Life Safety Technologies division, said: “Introducing proper security measures can help to reduce any vulnerabilities in a company’s cybersecurity network and prevent hackers from using a BCS to remotely disarm security systems, take control of CCTV cameras or access essential fire and smoke alarm systems.

“IoT devices can expose a BCS to attacks that would otherwise require local on-site access. These can emanate from anywhere and can potentially lead to broader systems being compromised.”

Implementing proper security measures and controls can help mitigate the cybersecurity vulnerabilities of web-connected BCS products. These include viewing a building’s system holistically, and not as a series of separate products.

Chavez added: “It is important to analyze and test how products securely communicate with each other once they are connected to the larger system. All devices connected to the internet should be considered being at risk as even the most secure life safety and security products can be hacked if they are sharing an internet connection with less secure devices.”

Another simple way to protect from cyberattack is to change default passwords, such as “1234” or “admin,” set by the manufacturer before a new product is connected.

Remote connectivity is also an area of vulnerability. The rise in smartphones means many building systems can be controlled remotely. However, if a remote connection is not secure then such a network is highly susceptible to attack.

The UL 2900 series of cybersecurity standards have been developed to address cybersecurity for life safety and security products, providing a foundational set of criteria that manufacturers of network-connectable products can use to establish a baseline of protection against known vulnerabilities, weaknesses and malware.

Hamid Syed, vice president and general manager in the Middle East for UL, said: “The increasing use of and dependence on devices that are connected to the internet exposes users to sophisticated attacks. Whereas in the recent past these would require on-site access, nowadays they can be launched from anywhere.

“This is a worrying proposition for companies who depend on building control systems and other life safety and security products. “However, this need not be the price we pay for the ‘always on’ environment we now take for granted in the 21st century. Effective measures, some of which are relatively simple, can protect buildings and
companies from attack by cyber criminals and hackers,” said Mr Syed.

“As a global safety science company, UL is ideally placed to offer the most up-to-date systems, procedures, compliance to the prevailing, certification and global market access that can protect a business or a building from a potentially costly cyberattack.”

About UL
UL fosters safe living and working conditions for people everywhere through the application of science to solve safety, security and sustainability challenges. The UL Mark engenders trust enabling the safe adoption of innovative new products and technologies. Everyone at UL shares a passion to make the world a safer place. We test, inspect, audit, certify, validate, verify, advise and train and we support these efforts with software solutions for safety and sustainability. To learn more about us, visit UL.com 

© Press Release 2019

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.