Cybersecurity Assurance for IoT Lighting Systems

CEW 2 Lighting Controls Association 400

Jan 14, 2022

By Jared Morello, VP of Specification Sales, Legrand North America.

We live in a world of connected, intelligent devices referred to as the Internet of Things (IoT), and each year new products are brought online to solve modern-day challenges.
Connected devices communicate to share information with other devices and systems within a network and are often implemented into the environments of companies in diverse sectors such as manufacturing, healthcare, education, and commercial offices. When equipped and installed correctly with a building’s large-scale automation system, IoT devices and systems help to warrant safe and secure facilities for occupants while reducing operational expenses (OPEX) by optimizing and automating many services, including lighting and HVAC controls.

During a commercial building’s planning and development phase, its lighting system is often a more extensive discussion. IoT lighting systems, which generally include digital sensors, communication interfaces, and actuator drivers, are programmed using advanced control algorithms and can be organized into lighting networks to operate remotely. This not only eliminates the need for the overall system to work in manual mode and reduces costs, but increases energy efficiency, occupant comfort and productivity, as well as cybersecurity assurance.

Understanding Risks

Unfortunately, as the demand for integrated technology such as lighting systems in commercial buildings increases and the flow of data travelling through buildings becomes more complex, potential exposure to cyber threats increases. In recent years there have been multiple instances of hackers entering a corporate network through a compromised device, often tracing back to poorly implemented security. The results are expensive and problematic — leading to loss of revenue and productivity, theft of private information, and erosion of occupant confidence.

In many cases, these cybersecurity attacks, including sniffing and vectoring, and man-in-the-middle (MIT) threats, are caused by poor commission technology, the security features integrated within a device or system at the time of manufacturing that is automatically activated when powered on. MIT attacks are most associated with lighting systems as they are used as an avenue to access a building’s larger network.

When commissioning a new smart lighting system, facility managers must first investigate national and regional requirements and then evaluate a system’s commission technology components. This process includes understanding the system’s device authentication, zero-touch encryption provisions, and lighting network isolation ahead of installation.

The Importance of Encryption

All wireless lighting control systems rely on encryption to protect communication between devices on the network. Although encryption is necessary, it is not sufficient on its own, as it only prevents eavesdropping rather than identifying whom one is communicating with, which is where device authentication comes into play. Identity-based authentication ensures that a device only communicates with another authorized device and prevents it from downloading malicious software (malware) and becoming a security risk. Mutual authentication, encryption, and the ability to securely download firmware are fundamental building blocks of device security.

Network-layer encryption is the first line of defence to prevent an attacker from reading or breaking into the network. Encryption provides a structure for private communication by translating the communication between devices into a code. The device receiving the information can decrypt if the two devices share the same “key.” In wireless systems, the shared keys often must be set or “provisioned” on every device or every zone of devices. During commissioning, this can be an enormous task that is time-consuming, prone to errors, and often unmanageable over the system’s lifetime. More troublingly, it exposes the security keys to the installer’s commissioning tools and sometimes to the installer themselves. Without using key pairs to prove identity, devices that receive the public key are assumed to be authentic and there’s no way for another device or commissioning tool to challenge their authentication. Here is where zero-touch encryption comes into play.

Zero-touch encryption is a type of encryption provisioning that provides a preloaded digital identity and security profile, making the system automatically secure. The contractor never has to set up security keys for the facility manager — this happens automatically, which is why it’s called “zero-touch.” However, it’s important to note that this software can be insufficient by itself — if an attacker discovers a system’s preloaded identity, they then have access to the entire network. To combat this, lighting control systems should proactively replace the pre-existing profile with a new one upon commissioning. This step allows each (sub)network to have unique encryption, and should be handled by the system without the user’s interaction to ease the commissioning process. Embedding strong security into commercial lighting controls and building systems makes it possible for an install of a wireless lighting system to be completed in a matter of hours, compared to several weeks for traditional wired systems or older wireless systems without this technology.

Regarding network isolation, a key component in ensuring that Operational Technology (OT) network vulnerabilities do not lead to vulnerabilities on the Information Technology (IT) network, it’s of great importance to understand the need for this separation. In late 2013, during the peak of the retail season, hackers breached Target’s private network and accessed credit card data for thousands of consumers. The hackers gained entry using network credentials stolen from a provider of refrigeration and HVAC equipment to Target. Incidents like this makes it essential to maintain separation from a building’s network and seek out a lighting system designed to operate on a parallel network that never intersects with a private network.

After the installation and commissioning process is complete of a chosen security integrated IoT lighting system, the benefits and values of a secure system become much more apparent to facility managers, including ease of maintenance and lighting quality.

Protection Starts with Specification

Many centralized, networked lighting systems provide excellent monitoring and control capabilities. For example, the system may set off alarm notifications via email, text, or other methods about issues requiring immediate attention. The system may also provide the facility manager with daily reports on equipment, making operations more responsive and efficient.

Additionally, an IoT lighting system provides a tool for facility managers to guarantee comfortable visual conditions of building occupants working on completing tasks efficiently and safely. These systems support quality lighting by enabling control of light level, spatial brightness, and colour output. Ease of monitoring ensures lighting is provided without interruption while delivering data to the facility manager, which they can leverage to gain insight into user preferences. This information can also be valuable for future lighting designs.

As for cybersecurity assurance, a secure lighting system solution offers a facility manager a way to combat and track vulnerabilities with technology already built within before it’s too late and internal communications and data are shared.

More devices are connected to building networks every day, and it’s of the utmost importance that building owners work together with facility managers and building operators to understand that the opportunities for security threats are also increasing within all building systems. IBM cybersecurity experts analyzing past breaches noted that 20 percent of attacks are initially caused by compromised credentials in a 2021 report. Hackers often exploit a less well-known security hole in IoT devices, including holes within lighting systems connected to a building’s larger network. Thus, educating and understanding the security assurance within IoT devices is paramount and relatively intuitive with the right strategy and system in place.

As specialists in electrical and digital building infrastructures, Legrand highly encourages those evaluating a new networked lighting system to ensure that the chosen manufacture adheres to all government requirements. In addition, all selected products within the system have been extensively tested its security capabilities through third-party certifications, such as the ioXt Alliance Certification program or other programs meeting DesignLights Consortium (DLC) Networked Lighting Control System Technical Requirements (Version 5), also known as NLC5.

Published with the written permission of Lighting Control Association

Source

Related Articles


Latest Articles

  • Declines in Ontario and Manitoba Construction Intentions Push Down the Non-Residential Sector

    Declines in Ontario and Manitoba Construction Intentions Push Down the Non-Residential Sector

    December 16, 2024 The total value of building permits issued in Canada decreased by $399.1 million (-3.1%) to $12.6 billion in October. This comes on the heels of a strong September, during which construction intentions rose by $1.3 billion to the second-highest level in the series. Despite the monthly decline in October, the total value of building permits… Read More…

  • Lighting Control Basics for Home Automation

    Lighting Control Basics for Home Automation

    By Matthew Biswas Do your eyes roll when you hear terms like Smart home technology?  Or are you a true believer?  As it turns out controlling electrical devices via low-voltage technology can be easier to implement and use than many of us thought. The Lutron Caseta system uses the internet and Radio Frequency to instantly… Read More…

  • Grounded in Ontario: The Future of Energy Storage Systems

    Grounded in Ontario: The Future of Energy Storage Systems

    December 16, 2024 Technical Advisor Trevor Tremblay explains why following best practices and relying on licensed professionals will ensure a smooth and secure transition when integrating this exciting new technology. Energy Storage Systems (ESS) are revolutionizing the way individuals and businesses manage energy, providing cost-saving opportunities, increased energy reliability, and a pathway toward sustainability. In… Read More…

  • 4 in 5 Canadians See Electrifying Public Transit as Key to Advancing Climate Action, Schneider Electric Survey Finds

    4 in 5 Canadians See Electrifying Public Transit as Key to Advancing Climate Action, Schneider Electric Survey Finds

    December 13, 2024 Schneider Electric has released new survey findings showing Canadians are increasingly concerned about the environmental impact of traditional public transit emissions. According to the survey, 83 per cent of Canadians recognize the need for electrified transit to support a sustainable future and are seeking actionable and innovative solutions to ease the nation’s… Read More…


Changing Scene