Advances in smart lighting require the lighting industry to get a handle on security for a new wave of lighting products joining the Internet of Things. PHILIP SMALLWOOD, Strategies in Light conference co-chair, talks with SIL presenter PAUL JAUREGUI, VP of marketing at information security specialist Praetorian, about what product developers and suppliers should consider along with this evolution in solid-state lighting implementation.
From Feb. 25-26, 2015 during the Smart Lighting Track at the Strategies in Light (SIL) Conference (Las Vegas, NV), we will be hearing from industry experts on how the lighting industry is evolving to a point where consumers will have unparalleled control over the light that they use. Today, products are being introduced that will not only allow for consumers to manipulate the timing, intensity, and quality of light but that also internally track and react to users’ living patterns in an effort to adapt to their users.
While these advancements in tunable lighting, adaptive controls, and connectivity are an exciting leap forward for a lighting industry that has been extremely slow to change, it is important that companies tread with caution when dealing with the potential security threats that arise with connected solid-state-lighting (SSL) products.
Paul Jauregui is the vice president of marketing at Praetorian, an information security provider dedicated to helping organizations achieve risk-management success by helping clients identify, prioritize, and mitigate risk. He will be presenting at SIL during the Smart Lighting Track on what his company has seen so far from intelligent SSL lamp products, and where companies need to be concerned and proactive when entering this market.
Philip Smallwood: What are the main security concerns do you see from these new connected lamps?
Paul Jauregui: Joining the Internet of Things (IoT) is a significant advancement for lighting, but it also means that connected bulbs, lighting networks, and supporting controls are now subject to similar security issues faced by all other connected products. Securing user data, privacy, ensuring availability, and protecting network-connected devices against unauthorized access will be key for companies wanting to gain and maintain trust with smart lighting buyers.
Smallwood: From your recent experience with these SSL lamps, what are the most pressing issues that you have found?
Jauregui: Several of our security engineers at Praetorian are beginning to turn their focus to the Internet of Things product landscape, with smart lighting being an initial focus. We recently set up a consumer-oriented smart lighting lab in our office — including bulbs/kits from Philips, GE, TCP, and Belkin — so we could start researching the space. The most pressing issues we are finding start with security basics, including encryption, authentication, using clear-text protocols to transmit sensitive information such as passwords, default passwords are being used in customer environments, to name a few.
Smallwood: What can consumers do to mitigate any risk that they may encounter when purchasing these smart lighting products?
Jauregui: Awareness is critical. Consumers need to apply the same security hygiene to new Internet-connected devices, such as smart lighting systems, as they do to traditional computer and web-based services. Keeping device firmware and mobile applications up to date, changing default passwords, and using complex passwords where applicable is a great place to start.
Smallwood: What steps should smart lighting manufacturers take to make sure that they are protecting their clients? Are there any best practices/corporations that these companies could learn from?
Jauregui: Time-to-market pressures often lead to security being treated as an afterthought. Manufacturers need to integrate security through their product and software development lifecycle from the start — bake security in, don’t bolt it on. Manufacturers should take on the responsibility of delivering secure devices to their customers and make it easy for customers to maintain the security of their devices over time. This includes making important firmware and software updates easy and obvious for customers. They should also conduct a third-party security assessment to identify risk within the various components of their smart lighting offerings, including embedded devices, wireless protocol implementations, mobile applications, web services, and backend infrastructure.
Smallwood: From our research, it is clear that LED lamps/luminaires have become mainstream in many lighting applications, and that connected lighting appears to be the next step in their evolution. As this happens, it is essential that smart lighting manufacturers ensure the safety of their products and in doing so, that of their consumers.
PHILIP SMALLWOOD is co-chair of Strategies in Light conferences and director of LED and lighting research at Strategies Unlimited (strategies-u.com).