Nov 12, 2019
A little over a decade ago, the introduction of LED lighting seemed to transform commercial lighting overnight. Now we’re seeing it happen again. This time, connectivity and big data are driving the change, creating a profound shift in how new commercial lighting is evaluated, specified and approved.
Suddenly everyone is talking and writing about connected lighting, networked lighting, smart lighting controls and the Internet of Things (IoT). As more companies explore networkable lighting and connected smart controls, a new player will be sitting at the table: the corporate IT department. And they’re going to be asking a lot of serious questions about cybersecurity.
In general, the more extensively a lighting network is connected to other networks, the greater the exposure to cybersecurity threats. Consider Gartner’s observation in its 2019 review of cybersecurity trends: “Companies have made a ‘smart’ version of basically everything you can think of, but many of those products have glaring security holes.” In fact, according to McAfee, 70% of IoT devices have such security flaws.
What’s worse, cybersecurity and IT experts point out, is that instead of “baking in” security measures as an essential ingredient of product development, many IoT device manufacturers are “bolting on” security after the fact. Which is a bit like constructing an office building without plumbing and electricity. Adding it later is expensive and difficult, if not impossible.
Leading us to the bad news: the security measures protecting the networkable products of many lighting vendors and their customers are almost non-existent or already years out of date.
But doesn’t almost every LED lighting vendor use 128-bit AES encryption and meet the National Institute of Standards and Technolog’s (NIST) FIPS 140-2, Level 1 requirements? In a word, yes. But encryption isn’t the only issue in smart lighting security, and unless encryption is consistently applied as part of a larger cybersecurity strategy, it won’t satisfy enterprise-level IT departments because it won’t protect the network from a myriad of other vulnerabilities.
Here’s the good news: Cree Lighting developed their smart lighting control networks from the ground up with an IT-grade cybersecurity strategy that has proactively excelled in rigorous independent security evaluations.
Cree Lighting recognized from the beginning that its SmartCast Technology would ultimately serve as an open and interoperable IoT platform. With that in mind, Cree Lighting set out to create a secure architecture to protect data and access. Our benchmark isn’t the best practices of the lighting industry; it’s those of the IT industry.
To ensure the security of the platform, Cree Lighting engaged independent cybersecurity consultants to intentionally attempt to hack the SmartCast Intelligence Platform. After extensive penetration testing, this global firm subsequently ranked the cybersecurity measures of the SmartCast Intelligence Platform in the top 10% of all technology companies they’ve tested, which includes leading technology companies that you use every day.
So what’s the way forward?
Today, anyone involved in commercial lighting projects needs to be guided by four basic assumptions:
1. Every lighting control network will eventually be connected to other enterprise networks and/or the Internet.
2. Any lighting control network that doesn’t provide enterprise-level cybersecurity may compromise the company and put valuable assets and resources at risk.
3. Not all lighting manufacturers give cybersecurity the same priority.
4. Since every IoT-enabled lighting network will require the blessing of the corporate IT department, you’ll want to choose a lighting vendor with cybersecurity that will earn IT department approval.
Welcome to the new reality of commercial lighting. Given the stakes, it’s worth the time to learn a little more about IoT security issues and their solutions.
For additional information, download Cree Lighting’s FAQ on IoT security, developed for lighting designers and specifiers, or our new Position Paper for IT professionals outlining key security features of the SmartCast Intelligence Platform.