Is your lighting compromising your data security?

If you’re in the business of data, you’ll know that it’s a valuable asset that must be protected. You’ll also be acutely aware that wherever there is data, there is risk, and not just to your data. Physical security – the protection of people, property and assets should also be considered for their potential vulnerabilities. By Steve Mansell, Divisional Director Critical Facilities, Zumtobel Group

While data centres are famously secure, ‘6 layers deep’ in some cases, data theft still occurs. With a number of high-profile cases in the media, questions have been rightly raised over cybersecurity in the Internet of Things (IoT) and unfortunately, lighting and lighting control systems are not immune.

We ask Steve Mansell, Divisional Director of Critical Facilities for Zumtobel Group, how building services, such as lighting and controls, could be increasing your risk.


Data centre operators have come to expect that the products installed within their data hall meet certain criteria. Equipment should save energy, be sustainably sourced, but most of all, be safe and secure. However, technology is not without its vulnerabilities; we have all heard ‘that case’ with regards to ‘sub-standard’ data centres, security breaches and spying. As more things become connected, new levels of exposure are being discovered.


Physical security

It is important to note that connected (wired) lighting systems without an IP address only communicate within your building. They post a relatively low-security risk because a person has to be in the facility to attack the system. For example, a conventional wired DALI lighting control system could only be breached if the attacker physically connected to the network.

Device-to-device security

Lighting and control systems in a wireless network communicate outside of the building. It is common practise to use encryption, which means only devices with the correct ‘key’ can communicate with your system. Correct commissioning is therefore vital.

We know for some businesses, the fear of the unknown makes them reluctant to embrace and invest in new technologies through the fear of being exposed to potential attacks. They instil a culture of “if it’s not broken, it doesn't need to be fixed”, but with cyber-attacks increasing in sophistication, there is every reason to be more vigilant. After all, an ounce of prevention is worth a pound of cure.

This paper has therefore been designed to help data centre operators, who work tirelessly to ensure they have the in-house cybersecurity knowledge and expertise to make sound investments, stay a step ahead of attackers.


As soon as systems get connected to the IoT (Cloud) proper protocols need to be in place. Potential forms of attack on connected lighting systems might include vectoring, Distributed Denial of Service (DDoS) and sniffing.


A Distributed Denial of Service attack is an attempt to make an online service unavailable to its users by temporarily or disrupting services indefinitely.


Occurs when there is a security breach that uses an unsecured system to gain access to other networked systems.


An attacker sees a packet (data) in transmission from one point to other systems that utilise protocols that are not encrypted. Because it’s not encrypted the information can be modified i.e. to turn off the lights or CCTV.


When it comes to the physical building infrastructure ecosystem, there are many different facets that need to be considered before you can be assured that the product meets your security criteria.

When considering the threats, we recommend starting at the beginning: with a rigorous procurement process, including developing trusted supply chain partnerships.

For example, when a luminaire or control system is specified, are you aware of every component that goes into that product?

Do you know if the manufacturer makes all components themselves? Or, do they rely on third-party suppliers? If so, you’re placing an enormous amount of trust in a potentially unknown supply chain: leaving systems open to security risks and significantly affecting quality control standards


So, what is the answer?

We’d recommend always working with a single-source supplier who can evidence where their components have been sourced and who offer full transparency of their supply chain partners.

For example, the Zumtobel Group, are in complete control of their entire value chain.

The Group comprises three core brands - Tridonic, Thorn and Zumtobel. Tridonic is a leading manufacturer of components and control gear used by various manufacturers worldwide due to its uncompromising reputation for product quality. Fortunately for Thorn and Zumtobel lighting, having a sister company that specialises in components and control gear certainly has its advantages since there is complete oversight on where their componentry is sourced. Every individual product that makes up a Thorn or Zumtobel luminaire is therefore carefully selected, tested, and secured through the use of intelligent software and hardware protocols. When the manufacturer controls its own supply chain, there is complete end-to-end traceability and accountability, mitigating potential external threats.

As part of the product selection, thorough testing of both hardware and software used in any connected lighting and controls system is highly advisable.


There is also another advantage of working with fewer trusted supply chain partners.

Not only does consolidating manufacturers into as few as possible make it easier to combat security vulnerabilities, it can also allow for future add-on services to be integrated at a later stage.

For example, it might be a lighting trunking system when installed, but it can also be a flexible infrastructure for future digital services.

A lighting track system such as TECTON or TECTON IP from Zumtobel can provide a backbone for adding future monitoring services that can grow with the data centre’s needs. It is simply a case of integrating sensors to accurately record the data a facility is interested in monitoring, for example, heat, to ensure the optimum operating temperature within the facility. Instead of having to purchase/install a whole new system for thermal management within a facility, operators and their technical teams can liaise with Zumtobel to plan the required system upgrade then the additional products/sensors can be fitted directly to the TECTON track without the need to power the system down.

Alternatively, if a new sensor is required to measure other variables such as air quality, occupancy and motion, it is easy to remove the original sensor and add on the new one without reconfiguring the entire infrastructure. This naturally saves a significant amount of money in the long term, making it a fully flexible and future proof solution.


New connected lighting and control systems offer exciting improvements in energy and operational efficiencies, but care must be taken to ensure they are secure and not a chink in your data security armour.

We believe that it is crucial to focus on security from the very beginning of your product specification and selection process.

Data centre operators and their design teams should focus on working with supply chain partners who understand system security and who offer safe, strong and secure links to enable campus wide integration.

Mitigate risks by choosing a single source manufacturing partner - like Zumtobel; who are able to offer full traceability and accountability of your lighting ecosystem and offer long term support through a range of services when required.

Marc Garner, VP, Secure Power Division, Schneider Electric UK & Ireland The data centre sector skills shortage has been documented by industry publications and research firms for almost a decade. In fact, a report published by Gartner in 2016 found 80% of firms expected to find their growth held back due to a lack of new data centre skills, with the McKinsey Global Institute predicting a global shortage of 1.5 million qualified data centre managers as early as 2015.
By Jean-François Allard, director, EMEA Utilities & Communications, Hexagon’s Safety, Infrastructure & Geospatial division.
Big data, big energy consumption? Each photo we post on social media or email we send is saved into servers that are stored in physical data centres around the world. This process consumes a significant amount of energy, raising sustainability issues in the data centre industry. To help overcome this challenge, Marcin Bala, CTO of telecommunications networks specialist Salumanus Ltd, explains how to create a more sustainable data centre infrastructure.
The hidden cost of data Zero-carbon cooling systems revolutionise data centre energy efficiency. Data underpins every aspect of modern life, with more information generated now than ever before. Keeping data centres cool is crucial for their safe and effective function, but due to the large amounts of waste heat they generate, this requires significant power consumption. To tackle this issue, Glasgow-based green energy pioneer, Katrick Technologies, has developed and patented a unique passive cooling system that removes waste heat without external power required. Here, Katrick Co-CEO Vijay Madlani examines the costs of data centre cooling and how new systems can revolutionise efficiency.
Today, edge data centers need to provide a highly efficient, resilient, dynamic, scalable and sustainable environment for critical IT applications. At Subzero Engineering, we believe containment has a vital role to play in addressing these requirements. By Gordon Johnson, Senior CFD Engineer at Subzero Engineering
Designing fibre solutions and optimising supply chain processes with the environment in mind will have a huge impact. By Alain Bertaina, Business Development and Product Strategy Director Telecom Business at Prysmian Group