Genetec UL Cybersecurity Certificate (2900-2-3) Examined

By: Dan Gelinas, Published on Dec 19, 2018

Proving a company is cybersecure has become a major concern for security companies. But how trustworthy are these certificates?

Earlier in 2018, a false Hikvision cybersecurity certification announcement caused controversy. And Genetec itself has cast aspersions against its Chinese rivals as being untrustworthy. 

Now, Genetec has announced achieving UL's 2900-2-3 [link no longer available] Level 3 (L3) certification that Genetec claims "validates its resilience against cyber-attack."

genetec ul 3

However, does it really? What does it consist of? How much validation does it provide?

In this note, based on our discussions with Genetec, JCI, and UL we examine:

  • UL Overview
  • Cybersecurity certification process
  • Process for Genetec
  • Cost
  • Highest of 3 levels
  • Testing performed
  • UL's process
  • Others certificated

******* * ******* ** cybersecure *** ****** * major ******* *** ******** companies. *** *** *********** are ***** ************?

******* ** ****, ****** ********* ************* ************* announcement****** ***********. ********** ****** *** **** aspersions ******* *** ******* rivals** ***** *************. 

***,******************* ***********'* ****-*-* [**** ** longer *********] ***** * (L3) ************* **** ******* claims "********* *** ********** against *****-******."

genetec ul 3

*******, **** ** ******? What **** ** ******* of? *** **** ********** does ** *******?

** **** ****, ***** on *** *********** **** Genetec, ***, *** ** we *******:

  • ** ********
  • ************* ************* *******
  • ******* *** *******
  • ****
  • ******* ** * ******
  • ******* *********
  • **'* *******
  • ****** ************

[***************]

Executive *******

***** ** ************* *** guarantee * ******* ** 'invulnerable' *** '******** ****', the **** **** **** UL ************* ******** *********** source **** ******* ******** a ************* ****** ********** level **** ******* ************* certifications. 

*******, ** ** ****** expensive *** ****-********* ** many ************* *** *** find ** ***** *****. 

** ****, **** * video ************ ************* **** done ** (******* *** Tyco *** *********) ***** are **** *** *********. We ** *** **** how **** **** ***** work ** *** *** camera ************* **** ******** models.

UL ********

***** **** ****** *** 124 ******** ** ****** ****** as * ****** ** developing ********* *** ******* products ** **** **** they ******* ****** *** as ********. *******, ************ those ********* **** **** around ********** *** ********** elements, *** *************.

**’* ************* ********* ******* (UL ***),******** ** ****, ***** **-******* ******** against ******** **** ***** **** ****** ** cybersecurity *********. *** **** ****** ****** cybersecurity ** ********* ****** and *** ********* ********* including ***** ************ (****-*), healthcare ******* (****-*-*), *** industrial ******* ******* (****-*-*). UL ****-*-* ** **'* attempt ** "******* *****" for *** ********* ** security *********. 

Cybersecurity ************* *******

**********, *** ************* ******** of ******* ** *** product's ****** ********* '********** penetration *******', '****** **** analysis', *** '****** *** bytecode ********', ** *** excerpts **** ***** '******* of *************' ***** *****:

           

Process *** *******

 **** ***** **** ******* Lead ******** *********, ******* Chevalier [**** ** ****** available] ***** *** *******, what ** ******** *** what ** ***** *** Genetec's *********.

*******'* ********* **** *** process, ***** **** ****** 8 ******, *** *** easy, comparing ** ** "***** on *****." ** **** the ******* **** *** attention ** *** ****** cybersecurity **** ** *:

** *** * ******* process. *** ** ** trial *** **** ****** evidence *** **** **** that ********** ** **** for *** ***** *** then **** ********* ** in ***** ** *** people **** **. *** findings *** ******** ** that ****. ** *** a *** ** ********* information *** ****** **** everything *** ** ** should **. ** ******* lots ** **** *** my ***** ***** ****—** 5 ******.

***********, ********* **** **** UL ***** ********* ***************, they ********* *** ************ to Genetec for ******** *********** ** repair:

***** *** * ** employee *** *** *** advocate *** *** ******** to *** ****. ** presented **** ** ***** to ** *** ** needed ** ****** *** it ** ******* *** it ** **** ** is.

********* **** **** *** *** up ****** ** ****** some ******, ********* *********** in ******* ********* ******* operational **********:

**** **** ********* *** procedure, ** * *** to ********* ** ******* a ********* **** ** already ***, *** ****'* have ** ******* ****. They ****** *** *************. So: '**** *** **** vulnerabilities, *** *** *** going ** ******** **** and *** ****?'

********* ******* *** ******* helped ******* *******, ****** the *********** ** ********* and *** ********* ** new *****:

** ********** *** ****** exam **** ** **** using ****’* ******** **** problems. ********* ***** *** stronger ** ****** ** different ******. ** *** tried ***** ****—******************—******, *** **** *** improved **.

********* **** ****** *********** testing ****'* ****** *** that *** ** ************* means ******* **** ********** accountable:

**** **** *********** *******, you ***’* **** ** fix ********. **** **, we **** ** *** whatever ******** **** **** or ** ***’* *** the *************.

Cost *** *************

******* **** *** ***** certification ******* **** **** $50,000 ** *****, **** notable ********* ***** ** maintain ********** ** ** guidelines. ********* **** ***** that *** ************* ******* only ******* *** ******* version, ** **** ******* was ***** ** **** on ** ***** **** version—they *** ********* ********* version 6—they **** **** ** redo *** ************* ******* all **** *****.

Highest ** * ******

******* ******** *** ******* of *** * ******, which ******** ********** **** levels * *** * as **** ** ** assessment ** ******** ************ of *** ******* **** knowledge ** ******** ******** controls *** ** ******** practices ** ******* *** lifecycle ** *** *******, as *** ********* ******* from **'* ******* ** Investigation *** *** *************:

Testing *********

******* ******** **** **** documentation ********* ******** *********** analysis ** *** ****, explaining:

**** ********* **** *** software *** *** ** determine ** ******** **** source ********** *** ****. If **** *** **** then ** ***** ** determine *** ******* *** then ***** ** *** if **** ******* *** known ***************.

*****, ** ***** *************** of ***** ******* *** previously *******:

*** ******** ****—***** ****—** *** **** ****** used ** *** ********. Their **** ** *** I **** ***** ***** of *****************. ** ***** ****** that ***** **** ****’* flag. *** ************ ******** of ****** ***** **** false ******** *** * small ****** **** **** positive.

*** ***** ** *** scan ** ********* ** reflected ** *** ******* graphic *****:

**** **'* ***** ********** potential ***************, *** ******* was ******* ** *******'* attention *** **** **** given * ****** ** respond, ** ** **** redacted *******:

Others ************

*** *** ******** ** ******* *** UL ****-*-* ****** **** **** ***** VideoEdge ******** **** ******** Dynamics.

*** **** *** ******* process *** ****-*-* ** was ********:

***** **** ** ******* UL2900-2-3 ***** * ** was * ******** ****** of *******, ******* *** policies. *** ******* **** of *** ******** ** all *** **** ****** to ** ********. 

***********, *** **** **** the ************* ******** ** assurance ** ********* **** a ************ ******* *** doing ***** **** ** secure *** **** ********* could ***** **** *** their ********:

**’* ** *********. ** assures **** *** ************ is ***** ***** **** to **** **** ******** are ********* ************ *** mitigates *****. ** *** industry, ** ****** * level ******* ***** *** end ***** *** ******* designers, *** *** *** trust **** * ** CAP ********* ******* ***** the ************ ** ****** cybersecurity *********. ***** ***** cybersecurity ************** *** *********, the ** ****-*-* ********** standard ** ******** ** electronic ******** ******** ********.

*** *** ******* *** currently *** **** ******** companies ** ** ******* 2900-2-3

***** ******** * ***** ****** (outside *** ******** ********) that have **** **** ****** certificated (*** **** ** ** logged **** ** ******* IQ ** *** *** list ** **** ****** certificated *********) ** **** level ***** **** ****-*-*.

Vote / ****

Comments (14)

****** ****: **** ***** has **** ******* ** include *** ********* ***** from ***, ***** *** the ***** ************ ** achieve *** ******-*-* ** listing.

 

*** **** *** ******* process *** ****-*-* ** was ********:

***** **** ** ******* UL2900-2-3 ***** * ** was * ******** ****** of *******, ******* *** policies. *** ******* **** of *** ******** ** all *** **** ****** to ** ********. 

***********, *** **** **** the ************* ******** ** assurance ** ********* **** a ************ ******* *** doing ***** **** ** secure *** **** ********* could ***** **** *** their ********:

**’* ** *********. ** assures **** *** ************ is ***** ***** **** to **** **** ******** are ********* ************ *** mitigates *****. ** *** industry, ** ****** * level ******* ***** *** end ***** *** ******* designers, *** *** *** trust **** * ** CAP ********* ******* ***** the ************ ** ****** cybersecurity *********. ***** ***** cybersecurity ************** *** *********, the ** ****-*-* ********** standard ** ******** ** electronic ******** ******** ********.

* ***** ** ** a **** *****, **** at ***** ******* ** trying ** ********* * baseline *************** *** ********* for ********** * *******/******** from *** ** **********. However ***** ** ** pre ***** ******** **** will ***** ** ******* attack, ***** ******* ***** it ** ******, ***** and ********** *** *******. This ** **** ** only * ****** ***, once *** *** ** there ******* ** *** atmosphere ***** ***** ** no ******* ** * static *** **** *************, good ****. *** ***** sense ** ******** ** not ****** ** ******'* terms *** *** *** user/corporation ******* ** ***** up *** ***. **** cert ** * **** in *** ****** ******* if **** ***** *********** as ** ***** ******** is ********* ****** ** the ******* ****** **** love ** ***** ******* fail, **** **** **** another ***** ******. ** far ** ***, * just *******, ***** ** all ** ** ******* Suse, ******* **** ****, mongo, ****** *** ******. All *** ***** ******* know *** ** ******** *nix *******, * *** see *** *** ******** in *** **** ******* murmuring *** ****, ** we ***** **** ** can *** **** *************. Ezpz.

** * ******** **** pay **** ***, **** ipc *******, **** ** cert ***** *** ********** inform *** ********* **** year **** *** ****** they ***.

******** ** * ****** breathing ****** ***** *** white **** *** ****** and *** ***** **** are *******. **** ** what ***** ** ****.

***** *****,  ***

**** ** *****! ** hikvision ****** ****, ***** they ** ** ***** secure ** *******?

* **** **** **** people *** ***** **-****** to *** ** ** you **** * *****, but *********** ******** * believe *** ***** ** right.

** **** *** *** point ** **? ******* the ************* ******** ***** you ****** ** ** least ** **** ** the ****** ***'** *** the ********.

*** * ***'* ******* HIK ****** ***** ** through **** ****.

**** ******. ***** ** slap ** *** **** "ish". *** ***** **** it * ****:

- ********* ** **** as ***** ****** ** Genetec
- ******* ** **** as ***** ****** ** Hikvision (******** **** ******* Hikvision ** *** **** UL *********, *** **** also **** * **** show)

- ******* ** **** as ***** ****** ** Hikvision (******** **** ******* Hikvision ** *** **** UL *********, *** **** also **** * **** show)

**, ****, ***'** *** best!

***** ********* ********* **** to **** ***** ************* certificate, ****, *** **** do **. ** *****, this *** ***** **** some **** ** ****** product *******.

*** ** *************, ******, only ***** *** ****** flaws / ******, ** while **'* **** *** 'coding ******' ** ********* like ** ***, ** would ** **** ******** to **** *** ********** backdoors **** **** *** place *** ***** *****, the ******* **********.

**** ** *** ***** about * ************* *** being '**** ** ************* government *******'?

****** **** *** ******** one ***** *** **** a ***-*****.

 

** ******* **** *** certification, **** *** *********, locked ****, *** **** knox ** ***** ********.

** ********* **** *** certification, **** ***** ******** theoretically **** ***** ****** back ***** *** ***** by ** *******, **** aim ** ***** *** rights ** ****** *** spy ** ****** ******* americans. *** ** ******* their ******* ******** ********* is ******** ***** ** spawn *** ******.

** ******* **** *** certification, **** *** *********, locked ****, *** **** knox ** ***** ********.

***, ** *** **** read *** ******* ** just **** **** ** troll *** **** ******* Hikvision?

******** ** **** **********, here ** **** ** said ***** *******'* *************:

***** ** ************* *** guarantee * ******* ** 'invulnerable' *** '******** ****', the **** **** **** UL ************* ******** *********** source **** ******* ******** a ************* ****** ********** level **** ******* ************* certifications.

**** ***** **** ** silly, ** ****:

** ********* **** *** certification, **** ***** ******** theoretically **** ***** ****** back ***** *** ***** by ** *******

** ****** *** **** not ***** *** ******** being **** **** ****. If ******* ****** ** put ** * ******** that ** ***** *** find, **** *****. ** ********* wanted ** *** ** a ******** **** ** could *** ****, **** could. 

*** ********** ** - one ** * ******* Canadian ******* *** ******** democracy *** *** **** world *** *** ***** is ********** ** ** authoritarian ********** *** ************** conducts ************** *** **** concentration *****. *** ***** is **** ******** *******.

******* ****** ** *** in * ******** **** UL ***** *** ****, they *****. ** ********* wanted ** *** ** a ******** **** ** could *** ****, **** could.

* ******* ***** **** you **** *****-******** ********, theoretically ********* *** ******* are *** **** ******** wise.

* ******* ***** **** you **** *****-******** ********, theoretically ********* *** ******* are *** **** ******** wise.

***, **** ** **** fine ********. *** *** record, **** ** ******* not ** ********.

***'* ** **** **********:

  • *'** ******* ********* ****** them ** **** *** in ******* ** ******* this ** *************. ** or **** **** ******* I **** ****** ****.
  • ** ********* ***** **** certification, ** **** **** a ******** ******* ***** / ** ********* ** it ****** ** **** clear ***** ** ************* work.
  • ** **** *** ********* the ********* / ******* problem *** ** **** certainly ** ******* ********** in ******** **** **** year's ******** **** *** happen *****.

******* ** ****** ******* with ************* ** **** in ******* **** **** undergone ** ******* **** level. **** ** ***********. 

**** *** *********** *** even ** *********** **** thier ******** ******** ******* as **** ** **** thier ************ ** *** field *** ***** ** be ******** ** **** a ***** ** ********* cyber ******** ********* ** do ******** **** ******* customers...............nice ** *** ** bring ************* ** *** cyber ******** ********** *********** 

** **** ***** ** contact ** *** ************* ** ********... *** suggestions?

*'** ******* *** ** my ******* ** ** and **** *** **** to *** ****, **#*.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Security Sales Course January 2020 - Last Chance on Jan 02, 2020
Notice: This is the last chance to register for the course. This sales course is customized for the current needs and challenges specific to...
2020 IP Networking Book Released on Jan 06, 2020
The new IP Networking Book 2020 is a 280 page in-depth guide that teaches you how IT and telecom technologies impact modern security systems,...
No Genetec Major Releases In Over A Year on Feb 06, 2019
Annual VMS licenses are a controversial practice in the video surveillance industry, with many questioning their need or value. However, enterprise...
Milestone Launches Marketplace Where Nothing Is For Sale on Feb 26, 2019
The central announcement at Milestone's annual conference MIPS is Marketplace, which Milestone compared to Uber and Match.com for its ability to...
Milestone "GDPR-ready" Certification Claim Critiqued on Aug 12, 2019
Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'. However, our investigation raises significant...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
Top Ways Security Integrators Improve Their Careers on Sep 03, 2019
With DIY products expanding and the future of integration debated, how do integrators stay sharp so they are not left behind? 180+ integrators...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
Stop Blaming Your Employee, Wyze on Dec 30, 2019
Wyze management is at fault for its massive data leak, not its 'employee', as it has centered the blame on. While blaming an employee is clever...

Most Recent Industry Reports

Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...
IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with disabilities. Most countries have codes to mandate safe building access for those...
ISC West 2020 Removes China Pavilion, No Plans To Cancel Or Postpone on Feb 17, 2020
ISC West plans to go on next month, amidst concerns over coronavirus. However, the Asia / China Pavilion has been removed, show organizers...
Hanwha Wisenet X Plus PTRZ Tested on Feb 14, 2020
Hanwha has released their PTRZ camera, the Wisenet X Plus XNV-6081Z, claiming the "modular design allows for easy installation". We bought and...
PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body. The hackers...