Will Hackers Cast Their Eye on Smart Lighting?

Lighting might be the platform for big data, but it may also become a tempting target for cyber criminals. That was the message of Jerry Plank’s “Product Safety” column in the September issue of LD+A. Plank cites the ominous words of Kevin Mitnick, an American author, computer consultant and convicted hacker, in the excerpt from his column that follows here.

Mitnick states that “hackers are becoming more sophisticated in conjuring up new ways to hijack your system by exploiting technical vulnerabilities or human nature. Don’t become the next victim of unscrupulous cyberspace intruders.” Why should lighting professionals be concerned? Simply put, our LED sources and systems are getting integrated more and more with building automation controls and wireless devices. And today, we just don’t know how deep this integration into building energy systems will go.

Exciting technology is quickly approaching that uses LED systems to communicate information, as well as provide light for various tasks. Yet everyday, we hear of hackers disrupting computer systems, and international computer espionage is clearly here to stay. Unscrupulous, computer-savvy people look for the challenge of breaking into a system for financial gain, or just to get publicity. We as an industry must ensure that our LED products do not become their new electronic gateway.

PROTECT THE CONNECTION
If sounding the alarm on the potential hacking of LED systems, lamps, and luminaires sounds bizarre or too “Star Trek-y” to some, it is a fact that buildings in the near future will strive to be environmentally neutral. As such, they will actually be connected to the electrical power grid to allow energy to be sold back to the utility. As a result, compromised LED systems can be the mechanism for shutting down or interrupting our power grid.

Many of the electronic LED drivers have become so sophisticated that the power level can be adjusted at the factory or in the field, using either a PC or wireless device.  While European manufacturers must comply with strict EMC (electromagnetic interference) guidelines, safety standards in the U.S. and Canada are still silent on this issue.

When we look at the field of EMC from an overall perspective, testing of two separate areas should be checked in LED drivers and control equipment. We should be testing for both radiated and conducted disturbances. Specifically, radiated anomalies pertain to how the device reacts to stray radio waves that are present all around us, and conducted anomalies pertains to electronic information that could be transmitted through the power lines.

If you think the concerns raised here on hackers and the like are overstated, have you ever had your computer debugged by an on-line service technician in another state or country? Watching your computer being controlled by an outsider is an eye opening frightening experience.

As safety standards are created by industry, users, inspection authorities, governmental officials and NRTLs , it is especially important that we as an industry be proactive and ask the hard questions so that the safety standards serve our industry rather than burden our industry. While it would not be commercially prudent or acceptable to create safety standards for new and/or revised technologies without due diligence on what hazards exist, the reactive approach to creating safety standards does not serve our industry well.  All new technologies go through an incubation period and the users need to be assured that all potential hazards have been addressed. We need to avoid knee-jerk proposals later that seek to correct deficiencies in our safety standards that were not originally anticipated.

EXPECT THE UNEXPECTED
What kind of harm could hackers do to an LED lighting system? Truth is we don’t know for sure, but what if they could use the LED system to gain access to the building and other integrated Internet systems? Sure some will shrug off any suggestion that a cyber criminal can infiltrate a building by using the LED system as an entry point, but as Mitnick points out above, anything that can be done to create havoc, or rob assets or funds with a computer will most certainly be tried.

Let’s at least have an open discussion with the standards folks to see whether or not the hacking of LED systems is a concern. If not now, when?

September 2015

Contributor(s)

Jerry Plank, LC

Jerry Plank, LC

Jerry Plank, LC, is the CEO/founder of Wilger Testing, an accredited third-party laboratory testing for product safety and... More info »