Fred Gordy, director of cybersecurity at Intelligent Buildings tells us how to protect your lighting system from cyberattack.
Any smart system can be attacked, sending your organization into disarray.
Consider this scenario: your smart lighting system is connected to the Internet and is programmed to automatically turn on and off based on occupancy in a particular area. This is convenient and economical, lowering your overall energy costs. However, if your building isn’t properly managed, an attacker could hack into the lighting system and shut the whole thing down. Suddenly, your building is sent into darkness, and you have no control over the situation. In the same attack, the nefarious actor could also shut down the elevator system. This forces people to evacuate the building in the dark and down the stairs, causing panic, confusion and possible physical harm.
Best-case scenario, your systems are properly managed and control can be regained quickly. Unfortunately, unmanaged systems are far more likely. Odds are, the lighting system is not properly maintained, giving an attacker easy access to other systems. The attacker can even lock you out of your systems entirely and could damage the controllers within your system, making recovery complicated and expensive. Recovery could take days or even weeks and cost thousands of dollars to repair—not to mention the damage to your brand and possible lawsuits from panicked and injured tenants.
So how do you prevent an attack?
First, make sure your system is protected. This begins with having a support agreement with your smart lighting vendor. Make sure the agreement is up to date and enforced. Additionally, ensure your lighting system is not visible on the Internet; visibility provides an easy door for an attacker to open and take control of your system. Instead, hide your system behind a firewall, like our Secure Access Airwall.
Another simple but effective safety measure is to regularly update your system to ensure that any known vulnerabilities have been patched and your system is defended against attacks. Make sure your system is backed up, and the backup data is stored in a separate and secure location. Only assign access rights to the appropriate users and personnel. Use the Principle of Least Privilege (PoLP)—a user should be given only access privileges needed for them to complete their specific tasks.
Finally, ensure that your lighting control’s front-end system is only used for its intended purposes. More than 80% of cyber attacks are caused by using front-end systems for personal use, such as email and web browsing.
Using a smart lighting system is a convenient and efficient way to operate a building. Use it to its best advantage by making sure the system is updated and secure, your vendor agreements are up to date, and used only for its intended purposes. Simple system maintenance can save you thousands of dollars and hours of time spent recovering from an attack and repairing your brand image.