Cybersecurity Assurance for IoT Lighting Systems

CEW 2 Lighting Controls Association 400

Jan 14, 2022

By Jared Morello, VP of Specification Sales, Legrand North America.

We live in a world of connected, intelligent devices referred to as the Internet of Things (IoT), and each year new products are brought online to solve modern-day challenges.
Connected devices communicate to share information with other devices and systems within a network and are often implemented into the environments of companies in diverse sectors such as manufacturing, healthcare, education, and commercial offices. When equipped and installed correctly with a building’s large-scale automation system, IoT devices and systems help to warrant safe and secure facilities for occupants while reducing operational expenses (OPEX) by optimizing and automating many services, including lighting and HVAC controls.

During a commercial building’s planning and development phase, its lighting system is often a more extensive discussion. IoT lighting systems, which generally include digital sensors, communication interfaces, and actuator drivers, are programmed using advanced control algorithms and can be organized into lighting networks to operate remotely. This not only eliminates the need for the overall system to work in manual mode and reduces costs, but increases energy efficiency, occupant comfort and productivity, as well as cybersecurity assurance.

Understanding Risks

Unfortunately, as the demand for integrated technology such as lighting systems in commercial buildings increases and the flow of data travelling through buildings becomes more complex, potential exposure to cyber threats increases. In recent years there have been multiple instances of hackers entering a corporate network through a compromised device, often tracing back to poorly implemented security. The results are expensive and problematic — leading to loss of revenue and productivity, theft of private information, and erosion of occupant confidence.

In many cases, these cybersecurity attacks, including sniffing and vectoring, and man-in-the-middle (MIT) threats, are caused by poor commission technology, the security features integrated within a device or system at the time of manufacturing that is automatically activated when powered on. MIT attacks are most associated with lighting systems as they are used as an avenue to access a building’s larger network.

When commissioning a new smart lighting system, facility managers must first investigate national and regional requirements and then evaluate a system’s commission technology components. This process includes understanding the system’s device authentication, zero-touch encryption provisions, and lighting network isolation ahead of installation.

The Importance of Encryption

All wireless lighting control systems rely on encryption to protect communication between devices on the network. Although encryption is necessary, it is not sufficient on its own, as it only prevents eavesdropping rather than identifying whom one is communicating with, which is where device authentication comes into play. Identity-based authentication ensures that a device only communicates with another authorized device and prevents it from downloading malicious software (malware) and becoming a security risk. Mutual authentication, encryption, and the ability to securely download firmware are fundamental building blocks of device security.

Network-layer encryption is the first line of defence to prevent an attacker from reading or breaking into the network. Encryption provides a structure for private communication by translating the communication between devices into a code. The device receiving the information can decrypt if the two devices share the same “key.” In wireless systems, the shared keys often must be set or “provisioned” on every device or every zone of devices. During commissioning, this can be an enormous task that is time-consuming, prone to errors, and often unmanageable over the system’s lifetime. More troublingly, it exposes the security keys to the installer’s commissioning tools and sometimes to the installer themselves. Without using key pairs to prove identity, devices that receive the public key are assumed to be authentic and there’s no way for another device or commissioning tool to challenge their authentication. Here is where zero-touch encryption comes into play.

Zero-touch encryption is a type of encryption provisioning that provides a preloaded digital identity and security profile, making the system automatically secure. The contractor never has to set up security keys for the facility manager — this happens automatically, which is why it’s called “zero-touch.” However, it’s important to note that this software can be insufficient by itself — if an attacker discovers a system’s preloaded identity, they then have access to the entire network. To combat this, lighting control systems should proactively replace the pre-existing profile with a new one upon commissioning. This step allows each (sub)network to have unique encryption, and should be handled by the system without the user’s interaction to ease the commissioning process. Embedding strong security into commercial lighting controls and building systems makes it possible for an install of a wireless lighting system to be completed in a matter of hours, compared to several weeks for traditional wired systems or older wireless systems without this technology.

Regarding network isolation, a key component in ensuring that Operational Technology (OT) network vulnerabilities do not lead to vulnerabilities on the Information Technology (IT) network, it’s of great importance to understand the need for this separation. In late 2013, during the peak of the retail season, hackers breached Target’s private network and accessed credit card data for thousands of consumers. The hackers gained entry using network credentials stolen from a provider of refrigeration and HVAC equipment to Target. Incidents like this makes it essential to maintain separation from a building’s network and seek out a lighting system designed to operate on a parallel network that never intersects with a private network.

After the installation and commissioning process is complete of a chosen security integrated IoT lighting system, the benefits and values of a secure system become much more apparent to facility managers, including ease of maintenance and lighting quality.

Protection Starts with Specification

Many centralized, networked lighting systems provide excellent monitoring and control capabilities. For example, the system may set off alarm notifications via email, text, or other methods about issues requiring immediate attention. The system may also provide the facility manager with daily reports on equipment, making operations more responsive and efficient.

Additionally, an IoT lighting system provides a tool for facility managers to guarantee comfortable visual conditions of building occupants working on completing tasks efficiently and safely. These systems support quality lighting by enabling control of light level, spatial brightness, and colour output. Ease of monitoring ensures lighting is provided without interruption while delivering data to the facility manager, which they can leverage to gain insight into user preferences. This information can also be valuable for future lighting designs.

As for cybersecurity assurance, a secure lighting system solution offers a facility manager a way to combat and track vulnerabilities with technology already built within before it’s too late and internal communications and data are shared.

More devices are connected to building networks every day, and it’s of the utmost importance that building owners work together with facility managers and building operators to understand that the opportunities for security threats are also increasing within all building systems. IBM cybersecurity experts analyzing past breaches noted that 20 percent of attacks are initially caused by compromised credentials in a 2021 report. Hackers often exploit a less well-known security hole in IoT devices, including holes within lighting systems connected to a building’s larger network. Thus, educating and understanding the security assurance within IoT devices is paramount and relatively intuitive with the right strategy and system in place.

As specialists in electrical and digital building infrastructures, Legrand highly encourages those evaluating a new networked lighting system to ensure that the chosen manufacture adheres to all government requirements. In addition, all selected products within the system have been extensively tested its security capabilities through third-party certifications, such as the ioXt Alliance Certification program or other programs meeting DesignLights Consortium (DLC) Networked Lighting Control System Technical Requirements (Version 5), also known as NLC5.

Published with the written permission of Lighting Control Association

Source

Related Articles

Latest Articles

  • ESA 2025 Annual Licence Holder Meeting

    ESA 2025 Annual Licence Holder Meeting

    December 8, 2025 This year marked ESA’s 20th Annual Licence Holder Meeting — a milestone celebrating two decades of collaboration, innovation and safety leadership made possible by Ontario’s licence holder community. The meeting was held on Wednesday, November 26, 2025 Agenda Highlights Watch a recording of the 2025 Licence Holder Meeting. Read More…

  • BC Hydro’s Updated Business Energy-Saving Incentives, Limited Time Bonus Offer

    BC Hydro’s Updated Business Energy-Saving Incentives, Limited Time Bonus Offer

    December 8, 2025 Get funding from BC Hydro for businesses upgrading eligible equipment with energy-efficient models. Funding rates vary depending on the equipment being upgraded, with past participants receiving an average of 30% for upfront costs. Incentives are available for: Bonus offer BC Hydro is currently offering a 30% bonus incentive on all business energy-saving incentives projects… Read More…

  • Mastering Advanced Bidding Strategies in Electrical Contracting

    Mastering Advanced Bidding Strategies in Electrical Contracting

    December 1, 2025 By Melvin Newman, Patabid CEO & Ian Paterson, Patabid Client Success Manager and journeyman electrician with 30+ years of experience In the competitive world of electrical contracting, knowing how to estimate electrical jobs effectively can make the difference between winning profitable projects and watching opportunities slip away. For electrical contractors, mastering advanced… Read More…

  • Why Choosing the Right USB Charger Matters

    Why Choosing the Right USB Charger Matters

    December 1, 2025 Not all USB Chargers are Created Equal As the number of devices used daily increases, so does the need for a charger that delivers safe speeds and maximum charging potential. A high-quality USB charger delivers efficient charging without risk of damage, but the sea of USB chargers and outlets available on online… Read More…

Changing Scene

  • BC’s Bill 20 – The Construction Prompt Payment Act Receives Royal Assent

    BC’s Bill 20 – The Construction Prompt Payment Act Receives Royal Assent

    December 8, 2025 As the BC Legislature wraps up the final week of the Fall session, BCCA is very pleased to see Bill 20 receive Royal Assent and officially become the Construction Prompt Payment Act, SBC 2025, c 24. This marks a significant milestone for BC’s construction sector. This achievement reflects decades of consistent, principled… Read More…

  • Federal Government Announces New Measures to Support Steel and Lumber

    Federal Government Announces New Measures to Support Steel and Lumber

    December 8, 2025 The world is changing rapidly. The United States, the world’s largest economy, is fundamentally reshaping all its trade relationships, causing major disruption and upheaval for Canadians. It is time to transform our economy from one that is reliant on a single trade partner to one that is stronger, more self-sufficient, and resilient… Read More…

  • Skills Ontario Celebrates the Expansion of Trades & Tech Truck Program

    Skills Ontario Celebrates the Expansion of Trades & Tech Truck Program

    December 1, 2025 Skills Ontario is expanding its fleet of Trades & Tech mobile unit thanks to support from the Ontario Government. The government announced this morning it’s investment in Skills Ontario to expand experiential opportunities for Ontario’s future workforce.    “Ontario’s future relies on a strong, skilled workforce,” said David Piccini, Minister of Labour, Immigration,… Read More…

  • BC’s Canadian Mutual Recognition Agreement aims to Facilitate Interprovincial Trade

    BC’s Canadian Mutual Recognition Agreement aims to Facilitate Interprovincial Trade

    December 1, 2025 A new agreement signed by all provinces, territories, and the federal government will break down interprovincial trade barriers, making it easier for B.C. businesses to sell products across Canada, and for people to buy Canadian-made goods.   “When threats to Canada’s economic security land at our doorstep, we’re at our best when we work together as… Read More…