Emerging technologies help achieve greater efficiencies, curb energy use and take control of environments. But they also pose risks.
In February 2024, the automated cranes at the Port of Los Angeles garnered worldwide attention when President Biden designated them a potential national security risk. Following his directive, the Department of Transportation issued a U.S. Maritime advisory warning that the crane’s technology, which allows remote access, also makes America’s ports vulnerable to cyberattack.
One precaution suggested in the advisory, which expires in August 2024, is to employ good cybersecurity hygiene. This can include message encryption, not sharing universal passwords, coordinating with IT departments and placing some systems on private Wi-Fi networks.
“Just about any device that allows for remote access and control can be vulnerable to cyberattack,” said Dan Kuhl, senior lighting specialist with Evergreen Consulting Group, Beaverton, Ore.
Kuhl works with electrical contractors, engineers and installers throughout the United States to support green technology installations.
Networked lighting controls
Right now, luminaire-level lighting controls (LLLCs) are Kuhl’s priority. LLLCs enhance the ability to address specific lighting needs, allow for integration with other building systems and can significantly curb energy use.
“But all those benefits are lost if cybersecurity features and practices are not baked into system design at the beginning,” he said.
Kuhl drove this point home during a February webinar aimed at helping installers, electrical contractors and commercial building professionals minimize cybersecurity problems for connected lighting projects. The event was sponsored by Better Bricks, a commercial resource of the Northwest Energy Efficiency Alliance, members of which include utility companies in America’s Northwest and West.
LLLC standard features include occupancy sensing, daylight sensing, personal tuning and high-end trimming of maximum light levels, none of which necessarily involve remote access. But more recent and advanced capabilities do, including demand response or off-site control, data collection and monitoring, third-party programing or troubleshooting and integration with other building systems.
Kuhl gave an example of off-site control: a school building engineer being able to override lighting and building controls to conserve electricity during a snow day.
“When a building owner wants to tie in the networked lighting controls (NLCs) to building systems like HVAC, that’s where the industry maturity is,” he said. “Tying these together is where energy savings are to be gained, but with networking and remote control, there’s also increased vulnerability.”
Kuhl likened the situation to the 2014 Target Corp. breach, which compromised the personal data of 70 million customers. The unlikely access point turned out to be HVAC controls and access credentials.
DesignLights Consortium (DLC), a not-for-profit in Medford, Mass., develops technical requirements and sets efficacy standards and quality criteria for energy-efficient LED products. DLC collaborates with utilities, state energy-efficiency programs, manufacturers, lighting designers, building owners and government entities to create rigorous criteria for lighting performance and development.
Levin Nock, senior technical manager for DLC, has yet to see a high-profile security incident related to networked lighting controls. However, he has led the lighting industry’s efforts to help customers avoid such events and still make efficiency gains for the last seven years.
Risk of cyberattack has caused a reluctance to connect NLCs with other building controls.
“The hesitation is real and the potential for lost energy savings from canceled or delayed deployment of NLC technology is very significant,” he said.
Since 2017, Nock has shepherded DLC’s efforts to explore cybersecurity and establish a qualified products list (QPL) for NLCs. QPL-listed products are eligible for rebates and incentives offered by three-quarters of energy-efficiency programs in the United States and Canada. They are financed through state energy-efficiency funds administered by utilities.
In February 2022, DLC made cybersecurity a requirement for all NLCs on its qualified products list.
“We did this, of course, because we know utility companies don’t want to encourage customers to use products that would make them vulnerable to cyberattack,” Nock said.
By recommending DLC-listed NLCs, electrical contractors can help customers save energy, receive rebates from utility companies and stand a better chance of thwarting cyberattack.
The most common and popular certifications for networked lighting controls on DLC’s qualified products list include the internet of secure things (ioXt) and UL MCV 1376, Nock said.
The ioXt includes security with no universal passwords, and with secured interfaces, cryptography, security by default, automatic updates, verified software, security expiration dates and vulnerability reporting programs.
Other certifications include ANSI/ISA/IEC 62443-4-1; ANSI/CAN/UL 2900-1; ISO/IEC 27,0001; AICPA SOC 2; Intertek Cyber Assured; ISO 27,017; and CSA STAR.
Any of the certifications may occur in combinations on DLC recommended products, Nock said.
Besides vulnerability of networked systems, there’s also the matter of cloud security, for which Nock suggests looking into cloud storage companies belonging to the Cloud Security Alliance.
View the Better Bricks webinar on YouTube.
Solar power generation
Other emerging risks—intense fires and electrocution—come with solar power generation and energy storage systems. On the plus side, the federal government, NECA and a variety of trade organizations have made strong efforts to address these.
The Electrical Safety Foundation created several flyers on topics such as solar photovoltaic (PV) connector safety, which cover installation practices, warning signs, diagnosis of problems and prevention of failure.
Top recommendations include ensuring connections are clean and free of damage, using only connector parts for related PV, following manufacturer instructions and using proper tools.
The 2020 NEC and UL 6703 require two parts of connector pairs be tested together and be able to work together to be certified for intermatability.
Regarding apprentice training as a first line of defense, IBEW 134 and NECA in Chicago operate a training facility featuring a lineup of solar array settings. They also actively promote the importance of using only qualified installers.
Flyers on the Local’s website mention qualified person requirements suggested by NEC Article 690, Solar Photovoltaic Systems, and Article 705, Interconnected Electric Power Production Sources.
The flyers pertain specifically to PV system installations under and over 2 megawatts. They also list Illinois Commerce Commission qualified person definitions for distributed generation installer certification and for new utility-scale solar installers.
The National Fire Protection Association (NFPA) educates firefighters about the risks of extinguishing fires involving solar power generating systems. It also offers a series of safety courses for firefighters and installers. To learn more about this, check out “The Sun Is Rising on Solar” in the May 2023 issue of ELECTRICAL CONTRACTOR.
Taking first-responder safety to another level, IBEW 134 trains firefighters and building inspectors to recognize the telltale signs of improper PV installations, which include:
Conduit placed too near rafters, which increases electrocution risk when firefighters pierce roofs for ventilation
Lack of roof support, which increases risk of collapse
Lack of hazard labeling for solar conduit that leads to inverters and batteries
Energy storage systems
Energy storage systems (ESSs) balance the grid, improve power quality and reliability, shave peak demand, store energy for when power is not being generated, serve as backup power and support integration with microgrids.
Growth for energy capacity and gross electricity generation involving ESS has taken off, growing to 11,105 megawatt hours by 2022. The upward spiral is expected to continue, according to the U.S. Energy Information Administration’s annual Electric Generator Report and Preliminary Monthly Electric Generator Inventory. The majority of new installations are expected to be in California, Texas and Florida.
NFPA also offers the Photovoltaic and Energy Storage Systems and Digital Badge video training program for professionals, which focuses on PV systems and ESS safety.
Online training consists of four courses formatted in interactive, scenario-based exercises to cover codes and standards, which include NFPA 855, Standard for the Installation of Stationary Energy Storage Systems. The courses also emphasize the value of teamwork to prevent incidents and reduce impact.
Among the fastest growing components in the race to employ renewable forms of energy are battery energy storage systems (BESS), a subcategory of ESS. These use chemicals for energy storage.
Most BESSs use the electrical grid as their charging source, but more are being co-located with renewable energy facilities, according to the EIA.
A BESS serving Miller EV Solutions’ EV Innovation Design Center in Jacksonville, Fla., will connect with Microgrid Solutions technology by Schneider Electric, Andover, Mass., when Miller unveils a new energy control center this summer. The center will work in tandem with a BESS, regulating power flow for a new induction charging system and several Level 2 chargers already operating on-site and available for public use. The power flowing into the BESS is supplied by a local electric utility and power generated by an on-site hydrogen cell and solar arrays.
“We’re not directly selling the electricity,” said Kerri Stewart, president of Miller EV Solutions and chief strategy officer for parent company Miller Electric Co. “Everything we generate is for the purpose of shaving energy use during peak energy hours.”
Stewart seems more than comfortable with risks associated with the BESS, related power sources and EV chargers.
“Any physical hazards would relate to unsafe use or unsafe manufacture,” she said. “As long as installers we are following NEC codes, and as long as the equipment is up to [international] standards, we believe installers and users will be safe.”
Even so, remote access for regulating the power flow and EV user payment system poses risk and will necessitate good cybersecurity hygiene. Despite risks, Miller Electric is committed to moving forward with innovative technologies.
“Because the way the world moves as we know it is completely changing, we want to be there for that,” Stewart said.
Evergreen Consulting Group / DesignLights Consortium / Miller Electric co.
About The Author
DeGrane is a Chicago-based freelance writer. She has covered electrical contracting, renewable energy, senior living and other industries with articles published in the Chicago Tribune, New York Times and trade publications. Reach her at [email protected].