Cybersecurity Risks Associated with Smart Lighting
Could your lighting system give hackers what they need to steal your personal information…and more? Yes, can be the answer, depending on the design of the specific system involved and the quality of the installation. So says a panel of lighting-and-cybersecurity experts assembled by the National Lighting Bureau for its Annual Lighting Forum – this year titled “Shedding Light on Light” – produced in conjunction with the EdisonReport.
One of the panelists, Bureau Vice Chair Mark S. Lien, LC, CLEP, CLMC, LEED BD&C, OSRAM SYLVANIA’s Government and Industry Relations Director, discussed a variety of systems that, among other things, have permitted hackers to gain control of the door locks of homes and hotel rooms located hundreds of miles away. He also discussed Wi-Fi-enabled light-emitting diode (LED) lamps that hackers can use to identify a home’s router password and then gain access to just about anything else connected to the home’s network. Mr. Lien added that some new products have been developed specifically for negative purposes, such as an LED lamp that picks up confidential conversations that it then converts to text that it live tweets to those signed on.
Bureau Chair James Yorgey P.E., LC, CTS, Lutron Electronics Company’s Technical Applications Manager, discussed some of the new approaches being used to enhance cybersecurity. In the case of his company, for example, lighting controls are treated as a separate system so it cannot be used as a pathway to other building systems and the systems they are connected to, such as point-of-sale systems where customers’ credit-card information often is stored. He commented that approaches such as that create new roles and responsibilities for electrical contractors. Whereas, historically, they focused almost exclusively on electrical systems, today’s best-equipped contractors also are responsible for a building’s electronic infrastructure.
Marty Riesberg, director of curriculum development for the Electrical Training Alliance, also addressed the issue of contractors’ roles, underscoring the need to prequalify contractors to help ensure they know what they’re doing. He also pointed out how the installation-planning function had changed, given that, today, planning a lighting system should also involve an organization’s IT department. That depth of involvement also affects lighting designers, Mr. Yorgey said, in that they now require more than just a passing knowledge of IT security issues.
Riesberg said that meeting the cybersecurity challenge requires more reliance on teamwork than ever before, in that those responsible for a building’s lighting system need to communicate directly with their counterparts involved in HVAC design, because of their shared responsibility for the IT systems involved. Riesberg also commented that an owner’s best defense against problems is to invest in quality, name-brand products and installers. Mr. Lien concurred, emphasizing the fact that an astute installer would be in the best position to help ensure that nothing has been tampered with, as in an effort to create an IT “mole” of some sort, that could be used for ill intents months or even years after an installation is complete.
The panel discussion is available for viewing free of charge on the National Lighting Bureau website. The Bureau is an independent, IRS-recognized not-for-profit, educational foundation that has served as a trusted lighting-information source since 1976. The Bureau’s services are made possible by the generous funding of its sponsors; professional societies, trade associations, manufacturers, and agencies of the U.S. government, including:
· GE Lighting;