Genetec UL Cybersecurity Certificate (2900-2-3) Examined

By: Dan Gelinas, Published on Dec 19, 2018

Proving a company is cybersecure has become a major concern for security companies. But how trustworthy are these certificates?

Earlier in 2018, a false Hikvision cybersecurity certification announcement caused controversy. And Genetec itself has cast aspersions against its Chinese rivals as being untrustworthy. 

Now, Genetec has announced achieving UL's 2900-2-3 [link no longer available] Level 3 (L3) certification that Genetec claims "validates its resilience against cyber-attack."

genetec ul 3

However, does it really? What does it consist of? How much validation does it provide?

In this note, based on our discussions with Genetec, JCI, and UL we examine:

  • UL Overview
  • Cybersecurity certification process
  • Process for Genetec
  • Cost
  • Highest of 3 levels
  • Testing performed
  • UL's process
  • Others certificated

Executive *******

***** ** ************* *** guarantee * ******* ** 'invulnerable' *** '******** ****', the **** **** **** UL ************* ******** *********** source **** ******* ******** a ************* ****** ********** level **** ******* ************* certifications. 

*******, ** ** ****** expensive *** ****-********* ** many ************* *** *** find ** ***** *****. 

** ****, **** * video ************ ************* **** done ** (******* *** Tyco *** *********) ***** are **** *** *********. We ** *** **** how **** **** ***** work ** *** *** camera ************* **** ******** models.

UL ********

***** **** ****** *** 124 ******** ** ****** ****** as * ****** ** developing ********* *** ******* products ** **** **** they ******* ****** *** as ********. *******, ************ those ********* **** **** around ********** *** ********** elements, *** *************.

**’* ************* ********* ******* (UL ***),******** ** ****, ***** **-******* ******** against ******** **** ***** **** ****** ** cybersecurity *********. *** **** ****** ****** cybersecurity ** ********* ****** and *** ********* ********* including ***** ************ (****-*), healthcare ******* (****-*-*), *** industrial ******* ******* (****-*-*). UL ****-*-* ** **'* attempt ** "******* *****" for *** ********* ** security *********. 

Cybersecurity ************* *******

**********, *** ************* ******** of ******* ** *** product's ****** ********* '********** penetration *******', '****** **** analysis', *** '****** *** bytecode ********', ** *** excerpts **** ***** '******* of *************' ***** *****:

           

Process *** *******

 **** ***** **** ******* Lead ******** *********, ******* Chevalier [**** ** ****** available] ***** *** *******, what ** ******** *** what ** ***** *** Genetec's *********.

*******'* ********* **** *** process, ***** **** ****** 8 ******, *** *** easy, comparing ** ** "***** on *****." ** **** the ******* **** *** attention ** *** ****** cybersecurity **** ** *:

** *** * ******* process. *** ** ** trial *** **** ****** evidence *** **** **** that ********** ** **** for *** ***** *** then **** ********* ** in ***** ** *** people **** **. *** findings *** ******** ** that ****. ** *** a *** ** ********* information *** ****** **** everything *** ** ** should **. ** ******* lots ** **** *** my ***** ***** ****—** 5 ******.

***********, ********* **** **** UL ***** ********* ***************, they ********* *** ************ to Genetec for ******** *********** ** repair:

***** *** * ** employee *** *** *** advocate *** *** ******** to *** ****. ** presented **** ** ***** to ** *** ** needed ** ****** *** it ** ******* *** it ** **** ** is.

********* **** **** *** *** up ****** ** ****** some ******, ********* *********** in ******* ********* ******* operational **********:

**** **** ********* *** procedure, ** * *** to ********* ** ******* a ********* **** ** already ***, *** ****'* have ** ******* ****. They ****** *** *************. So: '**** *** **** vulnerabilities, *** *** *** going ** ******** **** and *** ****?'

********* ******* *** ******* helped ******* *******, ****** the *********** ** ********* and *** ********* ** new *****:

** ********** *** ****** exam **** ** **** using ****’* ******** **** problems. ********* ***** *** stronger ** ****** ** different ******. ** *** tried ***** ****—******************—******, *** **** *** improved **.

********* **** ****** *********** testing ****'* ****** *** that *** ** ************* means ******* **** ********** accountable:

**** **** *********** *******, you ***’* **** ** fix ********. **** **, we **** ** *** whatever ******** **** **** or ** ***’* *** the *************.

Cost *** *************

******* **** *** ***** certification ******* **** **** $50,000 ** *****, **** notable ********* ***** ** maintain ********** ** ** guidelines. ********* **** ***** that *** ************* ******* only ******* *** ******* version, ** **** ******* was ***** ** **** on ** ***** **** version—they *** ********* ********* version 6—they **** **** ** redo *** ************* ******* all **** *****.

Highest ** * ******

******* ******** *** ******* of *** * ******, which ******** ********** **** levels * *** * as **** ** ** assessment ** ******** ************ of *** ******* **** knowledge ** ******** ******** controls *** ** ******** practices ** ******* *** lifecycle ** *** *******, as *** ********* ******* from **'* ******* ** Investigation *** *** *************:

Testing *********

******* ******** **** **** documentation ********* ******** *********** analysis ** *** ****, explaining:

**** ********* **** *** software *** *** ** determine ** ******** **** source ********** *** ****. If **** *** **** then ** ***** ** determine *** ******* *** then ***** ** *** if **** ******* *** known ***************.

*****, ** ***** *************** of ***** ******* *** previously *******:

*** ******** ****—***** ****—** *** **** ****** used ** *** ********. Their **** ** *** I **** ***** ***** of *****************. ** ***** ****** that ***** **** ****’* flag. *** ************ ******** of ****** ***** **** false ******** *** * small ****** **** **** positive.

*** ***** ** *** scan ** ********* ** reflected ** *** ******* graphic *****:

**** **'* ***** ********** potential ***************, *** ******* was ******* ** *******'* attention *** **** **** given * ****** ** respond, ** ** **** redacted *******:

Others ************

*** *** ******** ** ******* *** UL ****-*-* ****** **** **** ***** VideoEdge ******** **** ******** Dynamics.

*** **** *** ******* process *** ****-*-* ** was ********:

***** **** ** ******* UL2900-2-3 ***** * ** was * ******** ****** of *******, ******* *** policies. *** ******* **** of *** ******** ** all *** **** ****** to ** ********. 

***********, *** **** **** the ************* ******** ** assurance ** ********* **** a ************ ******* *** doing ***** **** ** secure *** **** ********* could ***** **** *** their ********:

**’* ** *********. ** assures **** *** ************ is ***** ***** **** to **** **** ******** are ********* ************ *** mitigates *****. ** *** industry, ** ****** * level ******* ***** *** end ***** *** ******* designers, *** *** *** trust **** * ** CAP ********* ******* ***** the ************ ** ****** cybersecurity *********. ***** ***** cybersecurity ************** *** *********, the ** ****-*-* ********** standard ** ******** ** electronic ******** ******** ********.

*** *** ******* *** currently *** **** ******** companies ** ** ******* 2900-2-3

***** ******** * ***** ****** (outside *** ******** ********) that have **** **** ****** certificated (*** **** ** ** logged **** ** ******* IQ ** *** *** list ** **** ****** certificated *********) ** **** level ***** **** ****-*-*.

Vote / ****

Comments (14)

****** ****: **** ***** has **** ******* ** include *** ********* ***** from ***, ***** *** the ***** ************ ** achieve *** ******-*-* ** listing.

 

*** **** *** ******* process *** ****-*-* ** was ********:

***** **** ** ******* UL2900-2-3 ***** * ** was * ******** ****** of *******, ******* *** policies. *** ******* **** of *** ******** ** all *** **** ****** to ** ********. 

***********, *** **** **** the ************* ******** ** assurance ** ********* **** a ************ ******* *** doing ***** **** ** secure *** **** ********* could ***** **** *** their ********:

**’* ** *********. ** assures **** *** ************ is ***** ***** **** to **** **** ******** are ********* ************ *** mitigates *****. ** *** industry, ** ****** * level ******* ***** *** end ***** *** ******* designers, *** *** *** trust **** * ** CAP ********* ******* ***** the ************ ** ****** cybersecurity *********. ***** ***** cybersecurity ************** *** *********, the ** ****-*-* ********** standard ** ******** ** electronic ******** ******** ********.

* ***** ** ** a **** *****, **** at ***** ******* ** trying ** ********* * baseline *************** *** ********* for ********** * *******/******** from *** ** **********. However ***** ** ** pre ***** ******** **** will ***** ** ******* attack, ***** ******* ***** it ** ******, ***** and ********** *** *******. This ** **** ** only * ****** ***, once *** *** ** there ******* ** *** atmosphere ***** ***** ** no ******* ** * static *** **** *************, good ****. *** ***** sense ** ******** ** not ****** ** ******'* terms *** *** *** user/corporation ******* ** ***** up *** ***. **** cert ** * **** in *** ****** ******* if **** ***** *********** as ** ***** ******** is ********* ****** ** the ******* ****** **** love ** ***** ******* fail, **** **** **** another ***** ******. ** far ** ***, * just *******, ***** ** all ** ** ******* Suse, ******* **** ****, mongo, ****** *** ******. All *** ***** ******* know *** ** ******** *nix *******, * *** see *** *** ******** in *** **** ******* murmuring *** ****, ** we ***** **** ** can *** **** *************. Ezpz.

** * ******** **** pay **** ***, **** ipc *******, **** ** cert ***** *** ********** inform *** ********* **** year **** *** ****** they ***.

******** ** * ****** breathing ****** ***** *** white **** *** ****** and *** ***** **** are *******. **** ** what ***** ** ****.

***** *****,  ***

**** ** *****! ** hikvision ****** ****, ***** they ** ** ***** secure ** *******?

* **** **** **** people *** ***** **-****** to *** ** ** you **** * *****, but *********** ******** * believe *** ***** ** right.

** **** *** *** point ** **? ******* the ************* ******** ***** you ****** ** ** least ** **** ** the ****** ***'** *** the ********.

*** * ***'* ******* HIK ****** ***** ** through **** ****.

**** ******. ***** ** slap ** *** **** "ish". *** ***** **** it * ****:

- ********* ** **** as ***** ****** ** Genetec
- ******* ** **** as ***** ****** ** Hikvision (******** **** ******* Hikvision ** *** **** UL *********, *** **** also **** * **** show)

- ******* ** **** as ***** ****** ** Hikvision (******** **** ******* Hikvision ** *** **** UL *********, *** **** also **** * **** show)

**, ****, ***'** *** best!

***** ********* ********* **** to **** ***** ************* certificate, ****, *** **** do **. ** *****, this *** ***** **** some **** ** ****** product *******.

*** ** *************, ******, only ***** *** ****** flaws / ******, ** while **'* **** *** 'coding ******' ** ********* like ** ***, ** would ** **** ******** to **** *** ********** backdoors **** **** *** place *** ***** *****, the ******* **********.

**** ** *** ***** about * ************* *** being '**** ** ************* government *******'?

****** **** *** ******** one ***** *** **** a ***-*****.

 

** ******* **** *** certification, **** *** *********, locked ****, *** **** knox ** ***** ********.

** ********* **** *** certification, **** ***** ******** theoretically **** ***** ****** back ***** *** ***** by ** *******, **** aim ** ***** *** rights ** ****** *** spy ** ****** ******* americans. *** ** ******* their ******* ******** ********* is ******** ***** ** spawn *** ******.

** ******* **** *** certification, **** *** *********, locked ****, *** **** knox ** ***** ********.

***, ** *** **** read *** ******* ** just **** **** ** troll *** **** ******* Hikvision?

******** ** **** **********, here ** **** ** said ***** *******'* *************:

***** ** ************* *** guarantee * ******* ** 'invulnerable' *** '******** ****', the **** **** **** UL ************* ******** *********** source **** ******* ******** a ************* ****** ********** level **** ******* ************* certifications.

**** ***** **** ** silly, ** ****:

** ********* **** *** certification, **** ***** ******** theoretically **** ***** ****** back ***** *** ***** by ** *******

** ****** *** **** not ***** *** ******** being **** **** ****. If ******* ****** ** put ** * ******** that ** ***** *** find, **** *****. ** ********* wanted ** *** ** a ******** **** ** could *** ****, **** could. 

*** ********** ** - one ** * ******* Canadian ******* *** ******** democracy *** *** **** world *** *** ***** is ********** ** ** authoritarian ********** *** ************** conducts ************** *** **** concentration *****. *** ***** is **** ******** *******.

******* ****** ** *** in * ******** **** UL ***** *** ****, they *****. ** ********* wanted ** *** ** a ******** **** ** could *** ****, **** could.

* ******* ***** **** you **** *****-******** ********, theoretically ********* *** ******* are *** **** ******** wise.

* ******* ***** **** you **** *****-******** ********, theoretically ********* *** ******* are *** **** ******** wise.

***, **** ** **** fine ********. *** *** record, **** ** ******* not ** ********.

***'* ** **** **********:

  • *'** ******* ********* ****** them ** **** *** in ******* ** ******* this ** *************. ** or **** **** ******* I **** ****** ****.
  • ** ********* ***** **** certification, ** **** **** a ******** ******* ***** / ** ********* ** it ****** ** **** clear ***** ** ************* work.
  • ** **** *** ********* the ********* / ******* problem *** ** **** certainly ** ******* ********** in ******** **** **** year's ******** **** *** happen *****.

******* ** ****** ******* with ************* ** **** in ******* **** **** undergone ** ******* **** level. **** ** ***********. 

**** *** *********** *** even ** *********** **** thier ******** ******** ******* as **** ** **** thier ************ ** *** field *** ***** ** be ******** ** **** a ***** ** ********* cyber ******** ********* ** do ******** **** ******* customers...............nice ** *** ** bring ************* ** *** cyber ******** ********** *********** 

** **** ***** ** contact ** *** ************* ** ********... *** suggestions?

*'** ******* *** ** my ******* ** ** and **** *** **** to *** ****, **#*.

Read this IPVM report for free.

This article is part of IPVM's 6,538 reports, 881 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Kentix SmartXcan Fever Screening Device Tested on Jun 22, 2020
German manufacturer Kentix has declared "FEVER-SCREENING REINVENTED" with its...
Dogs For Coronavirus Screening Examined on Aug 06, 2020
While thermal temperature screening is the surveillance industry's most...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Gait Recognition Examined on Sep 14, 2020
Facial recognition faces increasing ethical and political criticisms while...
K7 Wall Mounted IR Temp Gun Tested on Jun 26, 2020
The original K3 model was missing a number of important features but the...
TVT Temperature Measurement Terminal Tested on Jul 23, 2020
While Dahua and Hikvision get the most attention for China temp products,...
Avigilon Face Mask Detection Tested on Jun 24, 2020
Face mask detection or, more specifically not wearing a face mask, is an...
Free Online NFPA, IBC, and ADA Codes and Standards 2020 on Sep 03, 2020
Finding applicable codes for security work can be a costly task, with printed...
Hanwha 8K / 33MP Camera Tested on Sep 14, 2020
Hanwha Techwin has released an 8K / 33MP resolution camera, the TNB-9000 with...
Clinton Public View Monitor (PVM) Mask Detection Tested on Jul 09, 2020
Face mask detection, or more specifically not wearing one, is expanding...
K3 Pro Wall Mounted IR Gun Tested on Aug 28, 2020
The original K3 model was lacking in features that the K7 model had and was...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an...
Dahua, Hikvision, ZKTeco Face Mask Detection Shootout on Jun 19, 2020
Temperature tablets with face mask detection are one of the hottest trends in...
The Future of H.266 For Video Surveillance Examined on Aug 17, 2020
First H.264, now H.265, is H.266 next? H.266 was recently announced amid...

Recent Reports

Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
New Products Show Fall 2020 Starts Tomorrow! on Sep 27, 2020
Tomorrow, IPVM's sixth online show will feature New Products from over 25...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...