Is your LED lighting system vulnerable to cyber intruders? One of the hottest issues right now regarding the Internet of Things (IoT) is security. As more things become connected, new levels of exposure are discovered.
Smart lighting is a good example. Other terms for “smart” might be connected, IoT, Industrial Control System, and Operational Technology (OT), all of which are similar, although not entirely synonymous.
It is important to note that connected lighting systems without an IP address communicate only with devices within the building. They pose a relatively low-security threat because a person has to be in the building to attack the system.
However, devices with an Internal Protocol (IP) address communicate outside the building and are most at risk. Connected LEDs with security flaws can be hijacked by a bad actor who is not even in the building. Today, there is a comparatively small number of these devices in use. However, Persistence Market Research forecasts that globally, consumers will spend over $125 billion on LED lighting by 2025.
So, can your LED lighting system get hacked?
Depending upon the quality of installation and the type of design your system has, the answer could be yes. Smart bulbs are among the most popular automated products on the IoT. According to TechTarget:
A smart bulb is an Internet-capable LED light that can be customized, scheduled, and controlled remotely.
However, a smart office could be vulnerable to hackers through its light bulbs if the system is infrared enabled. Attackers can use the invisible infrared light emitted from smart bulbs to steal personal data as delineated above.
Murtura Jadliwala, a research expert at the University of Texas, San Antonio (UTSA, says):
Think of the bulb as another computer. These bulbs are now poised to become a much more attractive target for exploitation even though they have very simple chips.
What types of attacks should I look for?
Hacking activity on connected lighting systems often takes the form of these three attack methods: Distributed Denial of Service, Sniffing, and Vectoring.
Distributed Denial of Service (DDoS)
In a DDoS attack, an online service system is flooded with traffic from multiple sources. This type of attack happens most often in residential lighting products, such as Wi-Fi-enabled light bulbs.
Solution: Suggest that the IT department test any devices with an IP address before it is used.
In sniffing, the intruder listens into a network’s data traffic to capture a unit of data (called a packet). Because the packet is not encrypted, it can be changed by the hacker (e.g., seizing a lighting bulb output valve and turning off all the lights in an office).
Solution: Try to use only encrypted systems. For non-encrypted systems, a virtual LAN (VLAN) can be integrated between the light fixtures or network switches.
In vectoring, an attacker enters an unsecured network system to secure access to other systems via the network.
Solution: Secure systems. Use encryption, authentication, and air gaps between crucial systems.
Best Practices for LED Lighting System Security
While the cybersecurity industry has a great depth of knowledge and experience in this field, for the lighting industry, security is a relatively new issue. However, ensuring that networked lighting systems are a strong and secure link to the IoT is a major focus of the lighting industry these days.
As lighting system security continues to develop, it is essential to be as informed as possible. Let’s take a look at best practices for lighting system professionals that can enhance LED lighting system security:
1. Familiarize yourself with cybersecurity “hygiene.”
Make sure you know about basic concepts and protocols.
2. Discuss cybersecurity with your client.
Make sure your client knows about the security needs of the product. Be ready to talk to IT department personnel. Be able to answer questions. For challenging questions, help your client contact the manufacturer.
3. Ensure adequate encryption.
In a May 2018 bulletin entitled Cyber Security for Lighting Systems, the Department of Energy’s Federal Energy Management Program (FEMP) recommends AES 128-bit encryption.
4. Provide an adequate authentication method.
The essence of authentication is to make sure only devices that trust each other can share data. The FEMP recommends the use of both a public and private key.
5. Protect the lighting network.
Provide a firewall. A virtual local area network (VLAN) should be added if the lighting and corporate networks touch.
6. Articulate client responsibilities.
Clients should be advised about administrator permission delineation, the importance of software update installations, changing passwords, etc.
7. Secure after commissioning.
It is a FEMP recommendation that any radios used to commission the system to be turned off after use. However, if the radios are needed for ongoing system operation, they should at least be secured.
8. Research products.
Educate yourself. Learn to evaluate products. Be able to compare products/manufacturers that have similar security features but implement them differently. Discover suppliers that use vigorous security features, can explain them, and will support you when needed.
The lighting industry’s new connected LED lighting systems present compelling advances in energy and operational efficiencies. However, the integrity and security of these innovative devices must be guarded.
The bottom line: Cybersecurity takes diligence, dynamic management, and monitoring, as well as the selection of the right product.
With a VX-GPU2626 (V2) L2+ 24-Port Managed GbE UPOE Switch (2000W), you have access to advanced security features:
- VLAN: Support for up to 4K VLANS simultaneously.
- IGMP v1/v2/v3 Snooping: Limits bandwidth-intensive multicast traffic to only the requesters.
- MLD v1/v2 Snooping: Delivers IPv6 multicast packets only to the required receivers.
- Traffic Monitoring: Displays a visual chart of network traffic of all devices and monitors every port at any time from switches.
- IP Source Guard: Prevents illegal IP addresses from accessing specific ports on the switch.
- DHCP Snooping: Acts like a firewall between untrusted hosts and trusted DHCP servers.