You are now visiting our Global professional lighting website, visit your local website by going to the USA website
You are now visiting the Philips lighting website. A localized version is available for you.

    Securing connected lighting

    Building a smart city requires a smarter approach to cybersecurity

    To secure connected lighting in the smart city, you need a vision that penetrates the fog produced by fast-evolving and persistent threats. You also need to focus on long-term prevention in addition to speedy responses to contingencies. Security is a responsibility shared among you, system users, vendors, and cloud providers, so it’s important to understand the obligations that these different players have.

    Users need convenient access to features consistent with their roles. Vendors need to address security in each component they bring to the table, and coordinate to prevent cracks from forming at integration points. And cloud providers need to harden their physical data centers while providing encryption and network protection.

    Adopt cybersecurity standards tailored to the unique needs of smart cities

    Many of the underlying technologies powering smart cities already have security protocols, but not all are created alike. Practices that suit consumer-grade IoT devices with limited numbers of users and short lifespans may not translate to smart city infrastructure. Unlike consumer devices, components of smart city infrastructure can potentially impact millions of people on any given day. These components may also need to function reliably for a decade or more. A would-be ransomware attacker must never be allowed to literally turn out the lights on a metropolis.

    Processes that ensure adequate user credentials and server maintenance are just the beginning. Emerging standards should also be adopted wherever possible. For example, vendors and cloud providers should consider adopting ISO/IEC 2700x—Information Security Management Systems (ISMS) and the IEC 62443-4-1 security certification for product development processes. IEC 62443-4-1 evaluates code-level security risks as well as management and external threat risks.

    Because smart city systems such as connected lighting are mission-critical for citizen safety and satisfaction, deployments should include robust, rapid failover and disaster recovery plans. There are no substitutes for many of the services a city provides its residents, and approaches to cybersecurity should honor the city's obligation to keep providing those services, whatever it takes.

    Share responsibility for security

    Ironically, you have to be careful not to take on too much internal responsibility for smart city security. Assuming control over and exclusive ownership of data, systems, and processes cuts down on potential failure points, but you have to make sure not to overlook the bigger picture. Cybercrime is a full-time job, and fighting it requires both intense focus and an expansive vision.

    Many of today's attack vectors are the same ones we’ve been dealing with for decades. Unpatched vulnerabilities, misconfigurations, and compromised passwords remain significant problems—and many malware attacks start inside the organization, whether an employee is malicious or the unwitting dupe of a social engineer. That said, cybersecurity attacks are evolving fast, and there is no single playbook that can neutralize every act of aggression.

    Instead of trying to build an impregnable wall around your systems and processes, work with vendors who  take a larger share of responsibility to protect your systems. Such processes should mandate clear vendor responsibility for encryption and data security, as well as for threat monitoring and incident reporting to city leadership. Ongoing risk analysis, impact assessments, and regular penetration tests and vulnerability assessments should also be on the table.

    At the user level, it's vitally important to carefully delegate access by role. Everyone should have convenient (but secure) access to the data and features that they need—and should have no access where they don't. Making sure that your vendors offer a sufficiently granular role-based access approach will forestall a variety of security-related misfortunes.

    Embrace end-to-end security designs

    In addition to sharing responsibility across multiple partners, you must embed security measures into your network from one end to the other. Important considerations include on-premise vs. software-as-a-service (SaaS), human error, data residency, and data redundancy. While each of these concepts are distinct and must be considered separately, they can affect one another in complex ways.

    For example, relying solely on on-premise systems and data storage doesn't add up to an effective risk reduction strategy. Most attacks are launched remotely, regardless of where data or applications reside. Additionally, strict on-premise policies introduce other risks, including lack of redundancy and the need for manual management, which is notoriously error-prone.

    Comprehensive smart city solutions typically integrate several different system infrastructures, from connected lighting to enhanced mass transit, and many of these use cloud technologies to improve accessibility, availability, and—yes—security. Cloud services can be continually backed up to separate data centers with automatic capacity management and switchovers in periods of high demand or unanticipated service interruption. These services ensure that data is securely encrypted offsite, where a major weather event or other catastrophe can't wreak havoc. Leading vendors often coordinate security among several different offerings within their smart city portfolios, using cloud integration layers to ensure careful and properly vetted communications and data sharing.

    End-to-end security should also include failsafe operation modes for essential services in the unlikely event that the broader infrastructure goes offline. For example, connected street lights compatible with Interact IoT lighting systems from Signify are designed to failover to a pre-loaded schedule when the control infrastructure is unavailable, and to store operational data locally until it can be reported to the back-end platform. This approach ensures that basic services remain uninterrupted even if a security exploit or other interruption occurs.

    The virtues of collaboration

    An open, collaborative approach to cybersecurity gives smart cities the best chance for successful rollout and growth. Experienced vendors and partners that make security integral to their designs can minimize threats at the device and infrastructure levels, and can work with you to define appropriate access privileges, segregation of duties, and other operational elements that can improve cybersecurity across all layers of your connected systems.

    About the author

    Fabio Vignoli, Product Security Lead for the Digital Solutions Division, Signify
    Fabio Vignoli is Product Security Lead for the Digital Solutions Division, Signify. He has broad responsibilities over strategy, risk management and governance, application security, cloud/IoT and operations security, manufacturing, and supply chain security.

    Share this article

    What can Interact do for you?

    Follow us on: