Eight Tips for Lighting Cybersecurity

Cyber Security

Mar 18, 2019

By Craig DiLouie

Connectivity enables LED lighting to go far beyond illumination and energy savings to offer revolutionary new capabilities and value for occupants, cost reduction, quality lighting, and business process improvement.

By networking luminaires and lighting control points in a centralized architecture, the lighting system becomes programmable and able to generate data. These data can be applied to strategies like optimizing space utilization, tracking inventory, and providing location-based services. These strategies in turn can produce tangible impacts on cost reduction, process efficiency, branding, and occupant satisfaction.

While connecting devices for various business purposes can produce extraordinary value, it can also impose data privacy and security risks. These risks may take several forms, with two notable attacks being sniffing and vectoring. Sniffing is when a hacker intercepts data between devices and assumes control of the device. A vectoring attack is when a hacker uses a building system network to penetrate a more secure connected corporate network for data theft.

Cybersecurity is a major challenge for the Internet of Things (IoT) as a whole (and corporate information networks beyond that), and lighting is not immune. The challenge is serious enough that it is now being targeted by legislation such as California’s SB-327, which requires manufacturers of connected devices to design them with certain security features by January 1, 2020.

Meanwhile, several IoT-related bills have been introduced in the U.S. Congress, such as the IoT Cybersecurity Improvement Act of 2017 (minimum security standards for connected devices acquired by the government), IoT Consumer TIPS Act of 2017 (directs the Federal Trade Commission to educate consumers), and the Smart IoT Act (requires the Department of Commerce to study the state of the industry). None of these bills have yet made it to a vote, however.

While the cybersecurity industry has a deep well of expertise and experience dealing with potential threats, it’s a new issue for many building industry, including the lighting industry, which is now working hard to ensure networked lighting systems are a strong link in the IoT.

While all this is developing, specifiers and designers should evaluate connected lighting systems with some basic knowledge of cybersecurity. In terms of security, what constitutes a “good” system for a given application depends on how it’s designed (security features) and configured (how it communicates) as well as the owner’s risk tolerance and level of technical knowledge.

For example, while IP-based systems enable lighting devices to be connected, monitored, and controlled in an Internet-based network, which can facilitate remote support, ability to access data, and an enhanced role for lighting in the IoT, they may require stronger security.

Many major manufacturers are prioritizing the issue with initiatives, drawing on standards and best practices such as ANSI/UL 2900-1, IEC standards, ISO 27000, and the NIST IoT Cybersecurity Framework. Over time, manufacturers ideally will streamline methodologies around best practices and design products with good cybersecurity tools built in, making security transparent for professionals wanting to focus on lighting.

It is possible the IoT will drive demand for standards-based security in connected lighting because it brings different stakeholders like IT professionals into the decision-making process.

Watch for 8 tips on how you can help your clients manage the data privacy and security risks in the April 9 issue of EIN.

Craig DiLouie, LC, is Education Director for the Lighting Controls Association. Reprinted with permission of the Lighting Controls

Association, www.lightingcontrolsassociation.org
Photo by jaydeep_ on Pixabay

Related Articles


Latest Articles


Changing Scene

  • Mario Mongrain of  Delta Transformers appointed EFC Chair of the Dry-Type Transformer Section

    Mario Mongrain of Delta Transformers appointed EFC Chair of the Dry-Type Transformer Section

    February 3, 2025 Delta Transformers is pleased to announce the appointment of Mario Mongrain, National Sales Manager, as Chair of the Dry-Type Transformers Section of Electro-Federation Canada (EFC). This Section represents manufacturers of dry-type transformers that are voltage changing or isolation devices, which are air-cooled rather than liquid cooled. As part of his role, Mario Mongrain will be focusing on: “I… Read More…

  • CES Announces New Location for Dartmouth Branch

    CES Announces New Location for Dartmouth Branch

    February 2, 2025 City Electric Supply has announced the grand opening of the new location for their Dartmouth, Nova Scotia branch to better serve the community. New location: 10 Morris Dr. Unit 34, Dartmouth, NS B3B 1KB You can join them on February 5th to help celebrate. Read More…

  • Canada Tests a New Prototype Building that was Constructed in Eight Days

    Canada Tests a New Prototype Building that was Constructed in Eight Days

    February 2, 2025 The Minister of Transport and Internal Trade, the Honourable Anita Anand, announced the successful construction of a new prototype building at the drones and robotics test field on the grounds of the former Killaloe Airport. The small, 380 square foot building was built in only eight days, which can be seen in… Read More…

  • Electrozad Announces Wheatland and Northwinds as their GPS Supplier of the Year 2024

    Electrozad Announces Wheatland and Northwinds as their GPS Supplier of the Year 2024

    February 2, 2025 Electrozad is proud to recognize Wheatland and Northwinds as the GPS Supplier of the Year for 2024. Wheatland’s exceptional support and high-quality product offerings have been instrumental in driving growth and securing significant project wins across Electrozad’s markets. One of the highlights of this year was Wheatland’s pivotal role in securing major… Read More…