Data breaches, ransomware, cyberattacks. These terms are peppering news reports and conversations more than ever, causing more than a little nail-biting. In fact, a 2017 Gallup poll revealed that Americans are more worried about cyberattacks than violent crime and terrorism. And perhaps for good reason, considering a 2018 Center for Strategic and International Studies (CSIS) report that estimated the cost of cybercrime at nearly $600 billion annually worldwide and singled out poorly-protected Internet of Things (IoT) devices as particularly problematic.
The commercial lighting world is not immune to these concerns. Keeping ahead of hackers was the theme of an interactive discussion session at the DLC’s recent annual Stakeholder Meeting, where one participant commented that “we want to skate to where the puck is going, not where it is.”
To that end, the DLC’s Networked Lighting Controls Technical Requirements V4.0 released earlier this month (June 2019) establishes criteria for acceptable cybersecurity standards. The product of two rounds of stakeholder comments, the policy is part of the DLC’s overarching strategy to expand adoption of NLCs by increasing comfort with a technology capable of vastly increasing the energy efficiency of LED lighting projects while serving as a smart buildings gateway.
It’s the latter capability that puts NLCs into the realm of IoT. Installed in ceilings throughout commercial and industrial buildings, NLCs can be equipped with sensors that collect data useful for a variety of functions, from more efficient use of office space to increasing the comfort and safety of building occupants.
Making NLCs more resilient to malicious attacks is critical for building the customer trust necessary to expand adoption of the technology, however. By moving toward a requirement that NLCs be developed and operated with best cybersecurity practices, the DLC aims to motivate utilities to provide more support for the technology, which will, in turn, result in networked systems installed on more projects…enabling greater savings and building intelligence.
V4.0 establishes criteria for acceptable cybersecurity standards, and NLC systems must certify utilization of one or more of these standards in the past two years in order to declare the optional cybersecurity capability. While this capability is voluntary for this year, the DLC intends to make it required for listing on the QPL in June 2020 (with a one-year grace period).
By strengthening the value proposition of NLCs for both utilities and customers by increasing their resilience to cyber tampering, we are accelerating the adoption of this game-changing and, so far, under-utilized technology.