Electrical Engineers, Engineering Consultants and Lighting Designers are on notice to ensure the lighting control systems they select are secure, to mitigate risk and minimise brand and reputation damage from cyber attacks in 2018.
Federal Parliament passed the Privacy Amendment (Notifiable Data Breaches) Act 2017, last year. This means that from February
Essentially what this means is that businesses (and Government Departments) generating revenue of $3,000,000 AUD per annum must comply, as must some that do not meet this revenue benchmark but are in particular industries that collect personal information.
Data breaches are not just an IT problem anymore and now pose significant reputational and financial risk to any consumer-facing brands and public companies.
Preparation and response need to be driven by the top of the
“It was the building management systems that jumped out
as the most vulnerable. In all cases, pretty much without fail, these systems had been procured without thought to how to make them secure. I was absolutely shocked.”
As lighting control systems now share integrated communication networks and infrastructure with a range of other services when they are not secure they are an open invitation to cybercriminals to access the IT infrastructure.
Additionally, the lighting control system is integrated to a range of critical building service such a BMS, security access, HVAC and more.
Whilst hacking lighting control systems do have some very real dangers associated such as impacting human safety and productivity, operating costs and physical building security; its these connected systems and the networks on which they reside where the greater concern lies due to the increased threat surface.
Legacy lighting control systems that are older than 10 years are not prepared for the current reality or the future of security and they cannot be retrograded to fix this weakness.
Knowingly specifying and installing these old systems is to not work in your client’s best security interests, especially considering these new declaration requirements under the legislation, when an attack happens.
- unauthorised control of the system;
- preventing legitimate use of the system;
- unauthorised monitoring of the system;
- unauthorised modifications to the system
Further, the security protocols of the lighting control system should be capable of preventing and limiting the risks associated with the following attack vectors:
- Impersonation attacks,
- Replay attacks,
- Man in the Middle (MITM) attacks,
- DoS / DDoS attacks,
- Site-wide field bus attacks
Tools To Protect Yourself and Your Clients
Specification of the lighting control system is only one very small part of the activity undertaken by electrical engineers, consulting engineering firms and lighting designers so expecting a migration away from now obsolete and old (unsecured) lighting control systems typically ranks low on their ‘must-do’ lists.
This new legislation skyrockets these reviews and changes to the top of these lists to do best by their clients and protect their organization from potential damage when an attack occurs through an unsecure system they specified.
Engineers and lighting designers can spend minimal time in achieving this protection, simply by adopting a lighting control system that is secure-out-of-the-box such as RAPIX and updating their lighting control specifications provided below.
Alternatively, electrical engineers and lighting designer who are reviewing and updating their existing lighting control specifications can do so easily with the Lighting Control Specification Security Addendum as a way to publish a more agnostic lighting control specification and demand the lighting control system encompasses best practice security implementations.
With standards such as DALI, lighting dimming, and control performance is
With this new legislation, secure systems are the only viable future for specified lighting control systems in Australia.