Lighting Security

Having worked as an application engineer designing outdoor lighting some years ago, security lighting is something I remain interested in and understand. However, there is now a new term called "lighting security" that means something very different. In today's world, lighting security involves the stream of digital data that is an integral part of a growing number of lighting products and systems. If this sounds more like cybersecurity, which involves steps taken to protect a computer or data system against unauthorized access or attack, you are correct. We are in the early stages of learning how to secure the data flowing into or out of our lighting systems. It is part of what is called "connected lighting," or the Internet of Things (IoT). These days, no lighting conference is complete without the topic of IoT. During LightFair in San Diego recently, there were more than a dozen IoT sessions.

The security concern is that the electronic data being used, generated or transmitted by a lighting system may be improperly or illegally accessed and used for something other than its intended purpose. Also, part of that concern is that once "hackers" or data intruders gain access to a residential network via a lighting system, they could also access computers, security systems and other devices connected to that network as well. Residential lighting systems that are connected through a router to the Internet or accessible via smart phone are particularly vulnerable. How can such systems be easy to set up and connect together for flexibility and ease of use, yet still be secure?

Cybersecurity 

As I mentioned in my Technology Newsletter this January, the ALA is a member of a standards committee on lighting systems (ANSI/NEMA C-137), and is participating in the work of the security sub-group. Currently, this group is developing a security approach modeled on the NIST Industrial Control Systems Security Documents and with knowledge of the work of the IEC Lighting Cybersecurity Group, which is developing global standards. However, such standards take time to develop and more than a standards infrastructure is needed. Therefore, others have moved to establish and implement other parts of the security effort, such as programs to evaluate, test and certify networked lighting products. In early April, for example, UL launched a cybersecurity assurance program (UL CAP) based upon the recently developed UL-2900 series of standards. These standards outline technical criteria for testing and evaluating the security of products and systems that are capable of being connected to networks. You can find more information at the  UL Cybersecurity website.

Of course, lighting product manufacturers, and especially those who provide networked control systems, are already aware of the security issue. Some manufacturers have established their own platforms and protocols for interconnected devices that include security - often of a proprietary design. This is the front line of lighting cybersecurity right now, and any evaluation of smart or networked lighting should include questions about the security of the system.

2016 Engineering Meeting

Connected lighting and cybersecurity will be on the agenda for our annual ALA Engineering Committee Meeting this year. Thanks to an invitation from the CSA Group, we will meet at the CSA Group headquarters in Toronto (178 Rexdale Blvd.), near Toronto's Pearson International Airport. The meeting dates are Aug. 23-24, and all ALA members interested in standards and other technical matters related to residential lighting are invited to attend. There is no registration charge.

Contact me if you would like more information about the annual ALA Engineering Committee Meeting and do not hesitate to suggest technical topics you would like to see included on the program. I will be developing the agenda over the next few weeks and seeing some of you at the June Market in Dallas to get your input.

And, as always, your comments are welcome.

Sincerely, 

Terry McGowan, FIES, LC

Director of Engineering & Technology

[email protected]

P.S. The New Energy Star® Luminaires V2.0 Specification is effective June 1, 2016. On that date, the fixture certifications to the previous version of Energy Star's Luminaires standard expire. However, the new V2.0 requirements have been streamlined and simplified. Fixtures with screw-base sockets may now be certified and most testing requirements may be satisfied by packing an Energy Star certified lamps with the fixture. See a summary of the new fixture requirements here.