Eight Tips for Lighting Cybersecurity

Cyber Security

Apr 14, 2019

By Craig DiLouie

Connectivity enables LED lighting to go far beyond illumination and energy savings to offer revolutionary new capabilities and value for occupants, cost reductions, quality lighting, and business process improvement. By networking luminaires and lighting control points in a centralized architecture, the lighting system becomes programmable and able to generate data. While connecting devices for various business purposes can produce extraordinary value, it can also impose data privacy and security risks. Part 1 of this article explored the nature of the risks, and what manufacturers are doing. Here in Part 2: eight tips on how you can help your clients manage the risks.

1. Become conversant in cybersecurity “hygiene.” While lighting professionals need not become cybersecurity experts, they can benefit from education about basic concepts and practices.

2. Engage with the client about cybersecurity. It can be beneficial to engage the client about security needs during the project programming phase. This may require talking to client IT departments, which vary in how they’re composed. The IT department may have questions and requirements that will affect how the project is designed.

After product selection, it can be beneficial to include security documentation as part of the project documents. For challenging questions, the manufacturer should be able to provide support.

3. Ensure good encryption. Encryption is encoding data between devices to prevent them from being intercepted and manipulated. In a May 2018 bulletin, Cyber Security for Lighting Systems, the U.S. Department of Energy’s Federal Energy Management Program (FEMP), recommends AES 128-bit encryption.

AES 256-bit encryption is available, but there is a trade-off between power draw (and latency) and encryption in wireless lighting devices, resulting in a majority of devices using 128 instead of 256.

4. Choose an appropriate method of authentication. Authentication is about ensuring only devices that trust each other can share data. The FEMP recommends good authentication, with possibly the most secure authentication method being use of both a public and private key. The device initiating communication does so using a public key, and the responding device answers with a private key.

5. Safeguard the lighting network. If security is a concern, the network should be protected by a firewall. If the lighting network will touch the corporate network, as an added security measure, FEMP recommends segmenting it using a virtual local area network (VLAN). With a VLAN, a portion of a network is partitioned and run separately as a subnet with its own functionality and security.

6. Advise client on their responsibilities. The client should be advised about delineating administrator permissions (who will have access to the network and what powers they will have inside), the importance of installing vendor software updates (which may include important security enhancements) and changing passwords, and so on.

7. Secure after commissioning. FEMP recommends that any radios used to commission the control system be turned off after use. Or, if the radios are needed for ongoing system operation, they should be secured.

8. Scrutinize products. Look for suppliers that use a strong security methodology, are able to explain it, and can support you when needed. Here, education can go a long way in evaluating products with comparable security features but where the manufacturer implements them very differently.

One resource for evaluating products is the DesignLights Consortium (DLC), which lists networked control systems in a Qualified Products List that utilities in turn use to qualify products for their rebate programs. The Qualified Products List allows manufacturers to report compliance with certain security standards, and will require standards compliance in 2020.

Networked lighting and the IoT are a new world, presenting exciting opportunities for end-users but requiring new skillsets and creating new potential risks. Savvy building professionals will become educated on the basic issues, demand good security methodology from manufacturers, and engage with the right people at the customer to ensure all requirements are satisfied.

Read Part 1 here.

Craig DiLouie, LC, is Education Director for the Lighting Controls Association. Reprinted with permission of the Lighting Controls Association.

Photo by jaydeep_ on Pixabay

Related Articles


Latest Articles

  • Industry Optimism and Growth: Looking Back on the Hong Kong International Outdoor and Tech Light Expo

    Industry Optimism and Growth: Looking Back on the Hong Kong International Outdoor and Tech Light Expo

    December 2, 2024 By Elle Bremmer Attracting more than 50,000 buyers from around the world, the 26th Hong Kong International Lighting Fair (Autumn Edition) and the 9th Hong Kong International Outdoor and Tech Light Expo was by all definitions, a success. The twin fair events, which were organized by the Hong Kong Trade Development Council… Read More…

  • What Is Corrosion and Why Does VpCI® Help?

    What Is Corrosion and Why Does VpCI® Help?

    December 2, 2024 Rust is a familiar sight for most of us. Rusty cars, rusty nails, rusty locks, and other forms of corrosion are part of everyday life, causing assets to lose their value and functionality. But while the problem is obvious, the cause and the solution are less apparent to most. However, understanding the… Read More…

  • IHSA: Workplace Mental Health Toolkits

    IHSA: Workplace Mental Health Toolkits

    December 1, 2024 IHSA is committed to supporting employers and workers with their occupational health and safety needs. That includes psychological health and safety—a growing and critically important area for workplaces to address. In the sections below, you will find tools, resources, education, and supports from IHSA and our health and safety system partners. They… Read More…

  • New Research on Smart Home Trends & Technology Adoption

    New Research on Smart Home Trends & Technology Adoption

    December 1, 2024 Entertainment systems are becoming a common entry point for smart home technology, with 61% of adopters using smart TVs, displays, or speakers. So says a new consumer research report from the Association for Smart Homes & Buildings (ASHB) that explores the perceptions, preferences, pain points, and challenges of residential renters and owners… Read More…


Changing Scene