IOT, Cyber Security, Data Privacy of Smart Lighting Systems

Share on facebook
Share on google
Share on twitter
Share on linkedin

Overview

Connecting a programmable lighting system can unlock many new capabilities, make your life easier, save you money and energy now that you can command and control your assets. Whether from your home, your business or even your city, connected and smart lighting systems bring excitement, the ability to understand more about where and when you need lighting, control how much lighting you need, but they can also raise a sense of security as well, which is the area we are going to dive into.

I will dive into a few of these areas in future lighting blog posts as they are very comprehensive topics, however wanted to start to discuss the importance of this topic as well as give you an understanding of where this matters to consumer products (i.e. smart home lighting products) as well as larger, more enterprise level systems (i.e. cities, multi-business systems). What policies and standards that are in place and what should you be looking for you system.

Cyber Security

In a nutshell (and speaking for all audiences here), cyber security requirements for controls, lighting and lighting control systems are always evolving. For example, from a professional perspective, lighting in buildings is tied into the overall building management system or in a city it can be on a city-wide management platform. In a consumer world, there are standalone systems, tied into your Wi-Fi or Bluetooth networks.

Where We Are

  • We are still facing many challenges today. From encryption to commissioning to design to authentication, these are all topics that need to be taken (as well as others) when utilizing lighting systems. Craig Dilouie published a great piece here outlining the problem on where we are and how we can prepare ourselves for tomorrow.

Consumer

  • There are many smart led lighting products that can connect and allow you to manage your lighting at home. From turning your lighting on and off to allowing you to manage your temperature (i.e. Google Nest). More and more lighting products and systems are entering the market everyday. Research the company and make sure companies are putting out quality, have tested and connect to valid and reputable companies. If you have a Wi-Fi based system, make sure you have secure connection on (password protected). Hackers have in the past been able to access lighting system through “sniffing” which is when sniffing is when a hacker intercepts data between devices and assumes control of the device.IOT connected lighting

State & Local and Federal

  • Cyber security is of the utmost importance to cities and the federal government. Hackers are constantly targeting cities, holding assets for ransom (see New York Times article on Lake City Florida). Threats are constant and many cities do not always have the luxury, especially smaller cities, to be able to afford top level cyber security experts, to constantly monitor their systems. Also the demand for experts is so high as well as the pay that cities cannot afford cyber analysts (according to Digital Guardian, entry-level Analyst starts at $54,045 per year and an IT Security Specialist starts at $113,990).
  • Follow best practices. Many cities, specifically outdoor streetlights, such as Los Angeles, Chicago, Madrid, Jakarta, San Diego have all been updating their streetlights to a connected systems. See what they have been doing, lessons learned and how it can work in your city.IOT connected lighting

FEDRAMP

  • Want to make sure you are considering a connected lighting system for your city or installation, make sure that it is FEDRAMP compliant! The Federal Risk and Authorization Management Program (FEDRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. a key component and necessary step to making sure any and all connected lighting systems that connect to the cloud are secure and cannot be compromised. FEDRAMP is used for more than just lighting systems, they have a full list of products and systems that are required to go through their process if their end user (Federal Government Agencies) are interested in connecting to their platform. There is an authorization process, timeline, and more, as well as cloud service providers they work with. While I’m only giving you just a taste (a taste!) of what FEDRAMP is about, I would highly highly recommend when considering an enterprise lighting system that it FEDRAMP compliant.
  • There is a significant cost associated with FEDRAMP and the process that goes into it. Federal News Radio details the costs, phases and myths that people might think.
  • Many connected lighting systems might have been through other or “similar”  security assessments to FEDRAMP. These can include 3rd party evaluations or in-house evaluations and claim that their evaluations are just as good as FEDRAMP. I would recommend asking for FEDRAMP compliance or if they are a cloud service provider (CSP) asking for their certification.
  • If you are a city manager or facility manager, having FEDRAMP in your specifications will make your project costs go up significantly, however you will be getting quality projects, companies that have been vetted and blessed by the Federal Government, so your also look at your costs over the entire length of the project.

Where Should I Start? What Should I Know

  • Education
    • This doesn’t mean you have to become an expert in cyber security. My recommendation here covers two areas. If you upgrading your home, gain a basic understanding of what you are planning on using.
    • If you are upgrading your business or city, get professional advice on the type of security you would need, best practices, what system would work best for you. If you are a government customer, look into local and federal standards to see what systems you are allowed and want to install. This can go all the way down to seeing where you information is stored, where the system is bought, who has access or can work on your system.
  • Compliance
    • NIST IoT Cybersecurity Framework
      • https://www.nist.gov/topics/internet-things-iot
      • This framework is the gold standard here in the United States for understanding what systems need to be following. IOT connected lighting
    • Qualified Products List – DesignLights Consortium (DLC)
      • Check out here if you are installing high quality products or if you are putting out to bid the right products that will be beneficial for your upcoming project.
      • “The DLC promotes high-quality, energy-efficient lighting products in collaboration with utilities and energy efficiency program members, manufacturers, lighting designers, and federal, state, and local entities.” – DesignLights Consortium – About Us

What Do I Need to Look For

  • Connectivity (Bluetooth, Wi-Fi, Li-Fi)
    • How do you want your lighting to be connected? How important is security to you? Many consumer led lighting systems operate on both a Wi-Fi or Bluetooth Mesh system, so this is a personal preference.
    • I’ll be discussing Li-Fi in an upcoming post as it is exciting stuff and I think can have great market penetrating especially during this pandemic. Li-Fi allows data transfer securely through communication devices, this specifically would be through LED light bulbs as the semiconductors can do the transmitting of information. LED Magazine covered a recent bit on the current market on Li-Fi and how the market is shaping up, next steps and issues that are currently being mitigated.
  • Network (Mesh, Cellular) – NOTE: I will go into more detail on this subject in further blogs!
    • Two of the most popular types of lighting networks (forms of how lights communicate with each other) are through a Bluetooth mesh network or through a cellular based connection.
      • Bluetooth Mesh
        • Want to reconfigure an existing area? Mesh can be done room by room and you can have remote access to what lighting you need when and where.
        • Check out Alf Helge Omre’s blog on the importance of Bluetooth Mesh lighting, he provides a deep look into where Bluetooth is going and how you can leverage existing and new construction: Bluetooth mesh in lighting: What comes next?
      • Cellular
        • Will need to be working with communication carriers to build your lighting control system. Are you in an area where carriers (i.e. Spring, AT&T, Verizon) can be utilized? You can have more independence and can control each individual lightpoint.
  • Lighting Products/Systems
    • Quality
      • If you are working on a large project, my recommendation is that you choose products that are a DLC qualified product list, follow that NIST Framework. If you are the End User (City Manager, Facility Manager, Specs, etc.), you want to make sure you do have control over what products are specified into your project. General Contractor or Distributors will sometime put in cheaper products to be able to make more margin. Pay special attention that you have the right products specified in!
    • Country of Origin
      • Trade Agreement Act (TAA) Compliance
        • If you are dealing with the public sector business, especially federal business, products must be manufactured within the United States or specific TAA countries. You can check out more specifics here:
          • https://govconsvcs.com/blog/understanding-gsa-policies-taa-compliant/

Lots to digest and I wanted to start off talking about each area and you can get lost in each area very quickly! In a nutshell, if you are upcoming your home, don’t always buy the cheapest connected lighting system you see because of the price, check out how it connects, where it’s made, does the company have a reputation (Google Search) before you pull the trigger. If you are going bigger for your business, city or military installation, do all the same steps you would for your home but bring in experts, do a pilot program and get a feel for this. Lighting control and lighting manufacturers, as well as FEDRAMP compliant companies are here to make your project a success!

The more education and understanding can greatly help consumers find the proper system they are looking for! Make sure you check out our products here.IOT connected lighting