SMARTER HOMES
BIGGER SALES
The Internet of Things (IoT) and con- nected products are trending in many industries, including lighting. As manu- facturers and designers seek to create lighting products, sensors, and controls
that tie into networks, there are many concerns that need to be considered — especially cyber-security. Mitigating cyber threats is critical to successful product development and launch.
IoT security is still in its infancy and, like tech- nology, threats evolve rapidly. Few devices on the market today have been designed with cyber-secu- rity in mind and even fewer have had independent cyber-security assessments and testing. What should designers and manufacturers consider when developing connected lighting products? What standards exist to help ensure the safety, security, and performance of these products?
ConneCted Lighting Under AttACk
There is a broad IoT threat landscape for all prod- ucts — from malware, botnets, ransomware, and cryptojacking to denial of service (DoS) a acks, and more. Few connected products have been designed or assessed for cyber-risks like these, making the threats very real for manufacturers, de- signers, retailers, and consumers. Additionally, few standards exist that address cyber-security and many of the existing standards look at the device in isolation, even though cloud and mobile application security can be equally as important.
Many IoT devices connect to a cloud service, which has privileged access to other devices and sensitive data. The typical scope of an IoT endpoint security evaluation doesn’t normally consider the back-end servers and services the device is con- nected to...which o en contains sensitive data. This model is de cient, based on an underlying assump- tion that securing the product itself is enough.
Consider as well that security concerns for light- ing vary greatly from those for medical devices or conventional computer environments. Security solutions need to  t the device, data, and service
provided. To ensure the end-to-end security of products – as well as cloud services – designing for security from the beginning is a critical  rst step.
designing for seCUrity
Starting with a secure product provides peace of mind to the end-user that a device is safe, secure, and will perform as intended. It is important to start by identifying and addressing security concerns at the design phase. Adding in security a er the fact is almost never e ective and always costs more. Instead, the product should be designed to be in- trinsically secure.
Designing for security means starting with a safe design and a rigorous development process that includes regular code review, security testing, plus consistent monitoring of threats and ways to mitigate them. It also bene ts from a trusted independent third party who can assist with risk assessment, design reviews, code analysis, penetration tests, gap assessments, compliance as- sessments, and product certi cation.
To design e ectively, it is also important to make sure project teams understand security concerns and best practices as they perform their jobs. Pro- viding regular security-awareness training allows designers, technicians, evaluators, and other sta  to be er consider risk and mitigation to bring secu- rity to the forefront of product design.
This approach o ers the consumer connected lighting products that are safe and secure, plus it ensures their privacy remains intact, giving peace of mind when using the product. For manufacturers, this means be er brand reputation, lower liability risk, easier regulatory approval, and ease to market.
Design considerations alone will not be enough to mitigate cyber-risks; full-scope testing and evalu- ation will also o er enhanced assurance. This would include testing throughout the development and design process as well as  nal testing to industry standards plus ful lling any certi cation require- ments for not only the IoT functions of the product but also the lighting industry requirements.
March 2019 | enLIGHTenment Magazine 63