Mitigating Risk in Lighting Control Systems

risk mitigation

Mitigating risk in Lighting Control Systems is top of mind for developers, facility managers and consultants in 2015 and beyond.

Projects which are specified today may not be installed for 2-3 (or more) years so the lighting control systems being specified now need to be future ready for the potential security risks in 3 years.

Unfortunately lighting control systems, many of which developed their closed protocols 25 years ago (yes last century!),  have no or very poor security and typically broadcast messages across custom bus networks without encryption or access authentication.

At the same time more and more of these lighting control systems are connecting to Ethernet backbones and with this connectivity increasing risk of intrusion.

Additionally, modern office buildings are implementing ICN (Integrated Communications Networks) where all building services are connected on a single Ethernet platform.

The sustainability trend of connecting lighting control systems to Ethernet is on the rise and makes fiscal sense with a reduction in cabling and removal of labour and cabling duplication. With this integrated connectivity comes connection to the other systems and integration with these system at a high level.

However, as these ageing lighting control systems have no encryption, authentication or methods designed to guard against script replay, these systems represent the weakest link in the ICN and an easy target for an intruder to use as a pivot point to these other systems.

Recommended Risk Mitigation Strategies in Lighting Controls

 

  1. Ensure the lighting control system provides 128 bit encrypted communications and authentication with script replay guards.
  2. Select open standards such as DALI and ensure DALI compliance – not compatibility. DALI Compliance provides a minimum performance guarantee and mitigates risk of single vendor supply.
  3. Avoid systems which transmit unsecured IR or RF communications. For example infrared does not typically provide data encryption. Because data is sent in plaintext, it is vulnerable to packet sniffing attacks.

Other Lighting Control Systems at Risk

Not all systems require or operate in the connected world. Systems such as those using unsecured RF or infra red based communications for example, but the potential security risks for these systems is no less jarring.

Systems using unsecured RF or infra red based communication protocols are possibly at the highest risk with the lowest capacity for protection. The infra red technology for example does provide some ‘built in’ physical security due to to its inability to transmit through glass or walls and these IR based systems use these physical barriers for pseudo zoning.

Likewise with unsecured RF systems, implementing basic security measures is quite simple but if domestic products are being offered as the router or gateway to provide this security, without enterprise grade firewall capabilities, or poor security practices by installers with respects to obfuscated passwords, these RF systems preset a trivial hurdle for intruders.

Security through obscurity is only part of a security regime and by no means an appropriate stand alone security solution for a commercial building with interconnected systems.

This risk is amplified when the unsecured RF or infra red communication systems work to track the movement of people through a space. In the infra red instance some system’s signals can deploy a message relay to all nearby and selected components, it may be possible to walk into a building’s lobby area where these systems are installed, set the maximum output light level to very low – or possibly off – with  a free mobile application and /or simple IR transmission dongle or universal remote.

IR-transmission-out-of-date-unsecure-communications

IR Transmission does not typically provide data encryption and can be vulnerable to packet sniffing attacks.

This can potentially be done without needing to enter any secured space –  anonymously – due to the ubiquity of mobile phones and their capability to connect to RF networks and utilise 3rd party accessories such as dongles – and people burying their heads in these devices. The hypothetical attacker would look like a normal mobile phone user.

This risk of this scenario in hospitals, financial institutions and other mission critical applications is significant and the ‘fault’ would not be immediately obvious or easy to identify for facility managers.

Developers, facility managers and consultants wishing to create lasting future focused structures when armed with a proper understanding of these potential security risks are encouraged to exercise caution when considering any of these lighting control systems without full knowledge of security vulnerabilities.

Selecting unsecured lighting control systems today for projects that will be completed in 2-3 years is like sharing your ATM pin number and expecting no-one to try it out.

Mitigating risk in lighting control systems requires a comprehensive understanding of both the risks and outcomes.

These security risks are lighting controls dirty little secret.