Eaton Earns Cybersecurity Certifications from IEC and UL to Limit Cyber Attacks

November 11, 2020 by Seth Price

In an industry first, Eaton has achieved cybersecurity certifications from both the International Electrotechnical Commission (IEC) and UL.

Both of the third party organizations are well-known in the industry and have stringent requirements to be certified.


IEC and UL Certification

The specifics can be found in IEC 64223-4-1 and UL 2900-1, respectively. These certifications cover automation and engineering controls used in manufacturing, medical and industrial devices, encompassing the physical devices, the software, and network security. 

The announcement came during the Cybersecurity Perspectives online conference hosted last month. Cybersecurity Perspectives is a global educational forum with informational sessions and panel discussions about case studies, trends, and the latest network security and cyberattacks developments.


Eaton's Cybersecurity Perspectives is a global educational forum with informational sessions and panel discussions. Image courtesy of Eaton


Eaton is a power distribution company that manufactures electrical, hydraulic, robotics, and other motion control equipment. Any time energy needs to be transported or transformed, Eaton offers a solution. Their catalog includes everything from hydraulic pumps to cylinder deactivation controls in diesel engines to lighting solutions. 


Why Eaton Pursued Both Standards

While many companies pursue one of these standards, Eaton felt that pursuing both would boost customer confidence in their products. Also, by certifying with more than one organization, there is another set of eyes to check for weaknesses in their equipment. While highly unlikely, one certification may miss a detail that could be a security weakness. By having a second, independent certification, the likelihood of a security hole is very slim. No other company has earned both certifications thus far, due in part to the rigor associated with each certification.

Cybersecurity has become a chief concern in all industrial applications. With the expansion of the IIoT, more devices are controlled wirelessly. While this has added benefits for system management, data collection, and rapid control decisions, it leaves an open opportunity for cyberattacks.

Cyberattacks can be from hackers, looking for the challenge or the fun of manipulating equipment from afar, from competitors performing industrial espionage, or from cyberterrorists, who can hold the equipment at ransom or do unsafe or damaging acts to people, equipment, and facilities.


Eaton Limiting Cybersecurity Attacks

When installing and configuring such devices, the temptation is to use default passwords, or no password at all, as a temporary means of testing the device. However, those temporary fixes are often left in place for far too long. Users also underestimate the threat of cyberattacks when installing some simple devices, such as a valve or a sensor.


A graphic from Eaton that visually represents their cybersecurity assessment process. Image courtesy of Eaton


Instead of asking, “why would anyone attack this valve?” the better question to ask is, “What would happen if someone attacked this valve?”

Eaton goes further than limiting simple attacks with the IEC and UL certifications. These certifications require device security to be examined throughout their development, coding, response to attacks, patch management, defect management, end-of-life security, and so on. This means the devices used will be safe and up-to-date, limiting the potential from a cyberattack. 

Earning both of these certifications shows Eaton’s commitment to producing high-end, secure solutions for automation and engineering controls. This commitment aims to keep its customers safe from the physical, safety-related, and financial damages caused by cyberattacks.