Eight Tips for Lighting Cybersecurity

Cyber Security

Mar 18, 2019

By Craig DiLouie

Connectivity enables LED lighting to go far beyond illumination and energy savings to offer revolutionary new capabilities and value for occupants, cost reduction, quality lighting, and business process improvement.

By networking luminaires and lighting control points in a centralized architecture, the lighting system becomes programmable and able to generate data. These data can be applied to strategies like optimizing space utilization, tracking inventory, and providing location-based services. These strategies in turn can produce tangible impacts on cost reduction, process efficiency, branding, and occupant satisfaction.

While connecting devices for various business purposes can produce extraordinary value, it can also impose data privacy and security risks. These risks may take several forms, with two notable attacks being sniffing and vectoring. Sniffing is when a hacker intercepts data between devices and assumes control of the device. A vectoring attack is when a hacker uses a building system network to penetrate a more secure connected corporate network for data theft.

Cybersecurity is a major challenge for the Internet of Things (IoT) as a whole (and corporate information networks beyond that), and lighting is not immune. The challenge is serious enough that it is now being targeted by legislation such as California’s SB-327, which requires manufacturers of connected devices to design them with certain security features by January 1, 2020.

Meanwhile, several IoT-related bills have been introduced in the U.S. Congress, such as the IoT Cybersecurity Improvement Act of 2017 (minimum security standards for connected devices acquired by the government), IoT Consumer TIPS Act of 2017 (directs the Federal Trade Commission to educate consumers), and the Smart IoT Act (requires the Department of Commerce to study the state of the industry). None of these bills have yet made it to a vote, however.

While the cybersecurity industry has a deep well of expertise and experience dealing with potential threats, it’s a new issue for many building industry, including the lighting industry, which is now working hard to ensure networked lighting systems are a strong link in the IoT.

While all this is developing, specifiers and designers should evaluate connected lighting systems with some basic knowledge of cybersecurity. In terms of security, what constitutes a “good” system for a given application depends on how it’s designed (security features) and configured (how it communicates) as well as the owner’s risk tolerance and level of technical knowledge.

For example, while IP-based systems enable lighting devices to be connected, monitored, and controlled in an Internet-based network, which can facilitate remote support, ability to access data, and an enhanced role for lighting in the IoT, they may require stronger security.

Many major manufacturers are prioritizing the issue with initiatives, drawing on standards and best practices such as ANSI/UL 2900-1, IEC standards, ISO 27000, and the NIST IoT Cybersecurity Framework. Over time, manufacturers ideally will streamline methodologies around best practices and design products with good cybersecurity tools built in, making security transparent for professionals wanting to focus on lighting.

It is possible the IoT will drive demand for standards-based security in connected lighting because it brings different stakeholders like IT professionals into the decision-making process.

Watch for 8 tips on how you can help your clients manage the data privacy and security risks in the April 9 issue of EIN.

Craig DiLouie, LC, is Education Director for the Lighting Controls Association. Reprinted with permission of the Lighting Controls

Association, www.lightingcontrolsassociation.org
Photo by jaydeep_ on Pixabay

Related Articles


Latest Articles


Changing Scene

  • Intralec Named New Sales Agency Partner for IDEAL Electrical in Central & Southwestern Ontario

    Intralec Named New Sales Agency Partner for IDEAL Electrical in Central & Southwestern Ontario

    July 7, 2025 Intralec Electrical Products is proud to announce our new partnership with IDEAL Electrical as their sales agency for the Central & Southwestern Ontario regions. As a Canadian manufacturer with over 60 years of experience producing quality products—many of which, like the Can-Twist wire connector and Yellow 77 lubricant, are made in Ajax,… Read More…

  • City of Winnipeg Continues to Improve Online Permits System

    City of Winnipeg Continues to Improve Online Permits System

    July 4, 2025 The City of Winnipeg has launched an improved Permits Online web portal. This upgrade aims to make the permit process more convenient for customers. Permits Online is a one-stop shop to manage the permit process. Now, the web portal is easier to use because customers can navigate it using their mobile device. The portal… Read More…

  • Schneider Electric Launches Chapter 3 of Sustainability School

    Schneider Electric Launches Chapter 3 of Sustainability School

    July 4, 2025 Schneider Electric, the leader in the digital transformation of energy management and automation, has launched Chapter 3 of its online Sustainability School, a free training program designed to empower its channel ecosystem partners to become leaders in sustainability. This chapter will focus on teaching businesses how to decarbonize and unlock the competitive… Read More…

  • United Chargers Launches Grizzl-E Club Charger-as-a-Service Subscription Model

    United Chargers Launches Grizzl-E Club Charger-as-a-Service Subscription Model

    July 4, 2025 United Chargers Inc., known for the Grizzl-E line of EV chargers, announces Grizzl-E Club, a first-of-its-kind charger as a service that provides a free EV Charger and pays drivers back for charging. Grizzl-E Club is designed to make EV ownership more rewarding, accessible, and future-ready. Beginning July 1st, Canadians can join the Grizzl-E… Read More…