Next Steps In Cyber Secure Lighting

Connected lighting delivers benefits while presenting another cybersecurity concern.

By Stuart Berjansky
From the February 2022 Issue

As connected lighting steadily gains ground, “turning on the lights” increasingly means not just illuminating employee desks and workspaces, but tapping into a network of advanced control technology capable of collecting data useful for functions ranging from improved worker comfort and enhanced energy efficiency to smarter utilization of building space and resources.

Since lighting is ubiquitous throughout commercial and industrial facilities, the capacity for networked lighting controls (NLC) to support smart building functions through communication between and among building management and various facility systems is significant. So, too, is the energy savings potential. A 2020 study¹ by the DesignLights Consortium (DLC) and Northwest Energy Efficiency Alliance found that adding NLCs to LED lighting projects yields energy savings of nearly 70% for some building types, averaging 49% across various building categories.

Connected lighting
(Photo: Adobe Stock By TanzimGraphicsZone)

While not yet the norm, the frequency of pairing LEDs with controls is increasing, according to data released last Fall from the U.S. Energy Information Administration’s latest (2018) Commercial Buildings Energy Consumption Survey (CBECS). The survey found this to be especially true for standalone occupancy sensors, which were installed in 265 more buildings and 24% more floorspace than in 2012. That’s a considerable jump, but still equals fewer than 20% of buildings and less than half of all commercial floorspace.

While these survey results pertained only to standalone lighting controls, there is evidence that connected lighting with controls is also on the rise. The U.S. Department of Energy (DOE) estimates, for example, that prevalence of one subset of NLCs—luminaire level lighting controls—will grow from less than 1% of all luminaires in the U.S. currently to nearly a third of lighting in commercial buildings by 2035.

Among barriers to realizing that projection, however, are concerns about the cybersecurity of NLC systems—concerns fueled by data such as findings in a McAfee/Center for Strategic and International Studies report showing the global cost of cybercrime grew from approximately $600 billion in 2018 to $1 trillion in 2020. A March 2020 DOE report² stated that increased connectivity introduces cybersecurity risks new to the lighting industry and that must be addressed for successful integration with other systems. Meanwhile, the smart buildings research firm Memoori has reported³ that while the lighting controls market is growing faster than other building automation systems markets, the sector’s overall growth pace may be affected by factors such as “persistent concerns over data privacy and cybersecurity”.

It’s clear mitigating those concerns is essential to expanding installations of NLCs. Hence, the DLC has been gradually introducing and strengthening cybersecurity provisions in its NLC technical requirements and corresponding Qualified Products List (QPL) of independently-vetted systems meeting those specifications. Across the U.S. and Canada, electric utility energy efficiency programs look to these resources as they design energy incentive programs for those who rely on them to identify and compare rebate-eligible, high-performing lighting control systems.

The DLC’s latest technical requirements (NLC5) require manufacturers to meet specific cybersecurity standards as a prerequisite for inclusion on the QPL–part of continuing efforts to build trust in NLCs. As of February 28, 2022, all NLC-listed products will be required to meet these new cybersecurity benchmarks.

Consistent with plans to update this policy as new routes to compliance become available, the DLC on December 22, 2021 announced two new pathways for system manufacturers to comply. First, we announced that the PSA-Certified cybersecurity standard with Chip Level 2 or 3 certification and with System Level 1, 2, or 3 and Device Level 1, 2, or 3 certification can be used to meet NLC5 requirements. And, the DLC now recognizes accredited certifications from organizations accredited as “Management Systems Certification Bodies” by the International Accreditation Service as valid proof of compliance.

Increasing confidence in NLCs by safeguarding them from cyber attacks is crucial to achieving wider adoption of this greatly under-utilized technology. These additional options for manufacturers to ensure products are beyond the reach of malicious attacks is an important next step in the process.



Connected lightingBerjansky is technical director for the DesignLights Consortium, a non-profit organization improving energy efficiency, lighting quality, and the human experience in the built environment. He guides development of technical requirements in the DLC’s Solid-State Lighting, Networked Lighting Controls and Horticultural Lighting programs.

Share your thoughts in the Comments section below, or send an e-mail to the Editor at

Click here for more news items and stories about Lighting & Facility Management.