Cybersecurity Assurance for IoT Lighting Systems

CEW 2 Lighting Controls Association 400

Jan 14, 2022

By Jared Morello, VP of Specification Sales, Legrand North America.

We live in a world of connected, intelligent devices referred to as the Internet of Things (IoT), and each year new products are brought online to solve modern-day challenges.
Connected devices communicate to share information with other devices and systems within a network and are often implemented into the environments of companies in diverse sectors such as manufacturing, healthcare, education, and commercial offices. When equipped and installed correctly with a building’s large-scale automation system, IoT devices and systems help to warrant safe and secure facilities for occupants while reducing operational expenses (OPEX) by optimizing and automating many services, including lighting and HVAC controls.

During a commercial building’s planning and development phase, its lighting system is often a more extensive discussion. IoT lighting systems, which generally include digital sensors, communication interfaces, and actuator drivers, are programmed using advanced control algorithms and can be organized into lighting networks to operate remotely. This not only eliminates the need for the overall system to work in manual mode and reduces costs, but increases energy efficiency, occupant comfort and productivity, as well as cybersecurity assurance.

Understanding Risks

Unfortunately, as the demand for integrated technology such as lighting systems in commercial buildings increases and the flow of data travelling through buildings becomes more complex, potential exposure to cyber threats increases. In recent years there have been multiple instances of hackers entering a corporate network through a compromised device, often tracing back to poorly implemented security. The results are expensive and problematic — leading to loss of revenue and productivity, theft of private information, and erosion of occupant confidence.

In many cases, these cybersecurity attacks, including sniffing and vectoring, and man-in-the-middle (MIT) threats, are caused by poor commission technology, the security features integrated within a device or system at the time of manufacturing that is automatically activated when powered on. MIT attacks are most associated with lighting systems as they are used as an avenue to access a building’s larger network.

When commissioning a new smart lighting system, facility managers must first investigate national and regional requirements and then evaluate a system’s commission technology components. This process includes understanding the system’s device authentication, zero-touch encryption provisions, and lighting network isolation ahead of installation.

The Importance of Encryption

All wireless lighting control systems rely on encryption to protect communication between devices on the network. Although encryption is necessary, it is not sufficient on its own, as it only prevents eavesdropping rather than identifying whom one is communicating with, which is where device authentication comes into play. Identity-based authentication ensures that a device only communicates with another authorized device and prevents it from downloading malicious software (malware) and becoming a security risk. Mutual authentication, encryption, and the ability to securely download firmware are fundamental building blocks of device security.

Network-layer encryption is the first line of defence to prevent an attacker from reading or breaking into the network. Encryption provides a structure for private communication by translating the communication between devices into a code. The device receiving the information can decrypt if the two devices share the same “key.” In wireless systems, the shared keys often must be set or “provisioned” on every device or every zone of devices. During commissioning, this can be an enormous task that is time-consuming, prone to errors, and often unmanageable over the system’s lifetime. More troublingly, it exposes the security keys to the installer’s commissioning tools and sometimes to the installer themselves. Without using key pairs to prove identity, devices that receive the public key are assumed to be authentic and there’s no way for another device or commissioning tool to challenge their authentication. Here is where zero-touch encryption comes into play.

Zero-touch encryption is a type of encryption provisioning that provides a preloaded digital identity and security profile, making the system automatically secure. The contractor never has to set up security keys for the facility manager — this happens automatically, which is why it’s called “zero-touch.” However, it’s important to note that this software can be insufficient by itself — if an attacker discovers a system’s preloaded identity, they then have access to the entire network. To combat this, lighting control systems should proactively replace the pre-existing profile with a new one upon commissioning. This step allows each (sub)network to have unique encryption, and should be handled by the system without the user’s interaction to ease the commissioning process. Embedding strong security into commercial lighting controls and building systems makes it possible for an install of a wireless lighting system to be completed in a matter of hours, compared to several weeks for traditional wired systems or older wireless systems without this technology.

Regarding network isolation, a key component in ensuring that Operational Technology (OT) network vulnerabilities do not lead to vulnerabilities on the Information Technology (IT) network, it’s of great importance to understand the need for this separation. In late 2013, during the peak of the retail season, hackers breached Target’s private network and accessed credit card data for thousands of consumers. The hackers gained entry using network credentials stolen from a provider of refrigeration and HVAC equipment to Target. Incidents like this makes it essential to maintain separation from a building’s network and seek out a lighting system designed to operate on a parallel network that never intersects with a private network.

After the installation and commissioning process is complete of a chosen security integrated IoT lighting system, the benefits and values of a secure system become much more apparent to facility managers, including ease of maintenance and lighting quality.

Protection Starts with Specification

Many centralized, networked lighting systems provide excellent monitoring and control capabilities. For example, the system may set off alarm notifications via email, text, or other methods about issues requiring immediate attention. The system may also provide the facility manager with daily reports on equipment, making operations more responsive and efficient.

Additionally, an IoT lighting system provides a tool for facility managers to guarantee comfortable visual conditions of building occupants working on completing tasks efficiently and safely. These systems support quality lighting by enabling control of light level, spatial brightness, and colour output. Ease of monitoring ensures lighting is provided without interruption while delivering data to the facility manager, which they can leverage to gain insight into user preferences. This information can also be valuable for future lighting designs.

As for cybersecurity assurance, a secure lighting system solution offers a facility manager a way to combat and track vulnerabilities with technology already built within before it’s too late and internal communications and data are shared.

More devices are connected to building networks every day, and it’s of the utmost importance that building owners work together with facility managers and building operators to understand that the opportunities for security threats are also increasing within all building systems. IBM cybersecurity experts analyzing past breaches noted that 20 percent of attacks are initially caused by compromised credentials in a 2021 report. Hackers often exploit a less well-known security hole in IoT devices, including holes within lighting systems connected to a building’s larger network. Thus, educating and understanding the security assurance within IoT devices is paramount and relatively intuitive with the right strategy and system in place.

As specialists in electrical and digital building infrastructures, Legrand highly encourages those evaluating a new networked lighting system to ensure that the chosen manufacture adheres to all government requirements. In addition, all selected products within the system have been extensively tested its security capabilities through third-party certifications, such as the ioXt Alliance Certification program or other programs meeting DesignLights Consortium (DLC) Networked Lighting Control System Technical Requirements (Version 5), also known as NLC5.

Published with the written permission of Lighting Control Association

Source

Related Articles

Latest Articles

  • Mastering Advanced Bidding Strategies in Electrical Contracting

    Mastering Advanced Bidding Strategies in Electrical Contracting

    December 1, 2025 By Melvin Newman, Patabid CEO & Ian Paterson, Patabid Client Success Manager and journeyman electrician with 30+ years of experience In the competitive world of electrical contracting, knowing how to estimate electrical jobs effectively can make the difference between winning profitable projects and watching opportunities slip away. For electrical contractors, mastering advanced… Read More…

  • Why Choosing the Right USB Charger Matters

    Why Choosing the Right USB Charger Matters

    December 1, 2025 Not all USB Chargers are Created Equal As the number of devices used daily increases, so does the need for a charger that delivers safe speeds and maximum charging potential. A high-quality USB charger delivers efficient charging without risk of damage, but the sea of USB chargers and outlets available on online… Read More…

  • How Homebuilding Incentives Can Pay Off for Cities, Homeowners and Local Economies: New Concordia Study

    December 1, 2025 A new study from Concordia University’s John Molson School of Business finds that improving housing affordability isn’t just a social good — it’s an economic growth opportunity. Build and Benefit: How Homebuilding Incentives Can Pay Off for Cities, Homeowners and Local Economies reframes housing policy reform as a sustainable fiscal growth strategy, demonstrating meaningful… Read More…

  • The Importance of HazLoc LED Lighting for Safe Workplaces

    The Importance of HazLoc LED Lighting for Safe Workplaces

    November 30, 2025 By CSC LED In Canada’s industrial lighting sector, one of the most critical yet often overlooked safety components is lighting designed specifically for hazardous locations, otherwise known as HazLoc (hazardous location) LED lighting. For workplaces dealing with flammable gases, vapours, combustible dust, or ignitable fibres, standard LED fixtures simply don’t cut it…. Read More…

Changing Scene

  • Skills Ontario Celebrates the Expansion of Trades & Tech Truck Program

    Skills Ontario Celebrates the Expansion of Trades & Tech Truck Program

    December 1, 2025 Skills Ontario is expanding its fleet of Trades & Tech mobile unit thanks to support from the Ontario Government. The government announced this morning it’s investment in Skills Ontario to expand experiential opportunities for Ontario’s future workforce.    “Ontario’s future relies on a strong, skilled workforce,” said David Piccini, Minister of Labour, Immigration,… Read More…

  • BC’s Canadian Mutual Recognition Agreement aims to Facilitate Interprovincial Trade

    BC’s Canadian Mutual Recognition Agreement aims to Facilitate Interprovincial Trade

    December 1, 2025 A new agreement signed by all provinces, territories, and the federal government will break down interprovincial trade barriers, making it easier for B.C. businesses to sell products across Canada, and for people to buy Canadian-made goods.   “When threats to Canada’s economic security land at our doorstep, we’re at our best when we work together as… Read More…

  • EB Horsman’s Commitment to Giving Back – A Year in Recap 2024/2025

    EB Horsman’s Commitment to Giving Back – A Year in Recap 2024/2025

    December 1, 2025 EB Horsman Cares is the company’s community engagement program that supports local children’s hospitals, communities, and non-profit initiatives with donations, fundraising, volunteering, and scholarships.  Since 1993, BC Children’s Hospital has been the primary recipient of EB Horsman & Son’s fundraising. However, as EB Horsman has continued to expand its businesses across Western… Read More…

  • Build Canada Homes Introduces Policy Framework to Guide its Investments in Affordable Housing

    Build Canada Homes Introduces Policy Framework to Guide its Investments in Affordable Housing

    December 1, 2025 Central to that work, the Government of Canada is stepping up with the recently launched Build Canada Homes, new federal agency with a mandate to scale up the supply of affordable housing across Canada. Build Canada Homes will also help fight homelessness by building transitional and supportive housing – working with provinces,… Read More…