It's time to talk about Network Security

 CyberSecurityBG website 750px

There's never been a better time to think about the security of your lighting networks

In 2019, a large effort was initiated to prepare Pathway products to comply with incoming cyber security laws, specifically California Civil Code Title 1.81.26, Security of Connected Devices which came into effect January 1, 2020.

Pathway Connectivity Solutions® is part of Acuity Brands, a publicly-traded company and the largest lighting manufacturer in North America. Acuity takes this new law and the potential threats very seriously and is committed to mitigating any harm to its customers. As a result, all Acuity branded connected devices, including Pathway Connectivity products, are implemented with additional security features.

Pathway Connectivity's comprehensive security review led to integrating leading best practices to protect the entire product line, resulting in one of the lighting control industry's most comprehensive security architectures.

SO WHAT SPECIFICALLY HAS PATHWAY CONNECTIVITY DONE?

When reviewing our product portfolio, we were pleased to find that some of the security risks had already been considered. For instance, Pathscape's in-the-field firmware upgrade process was already using signed upgrade packages. Below is a summary of the efforts we have implemented to secure your system.

AUTHENTICATED FIRMWARE UPGRADES

Signed software updates ensure our products only accept verified software from Pathway. Any attempt to upload modified firmware will be rejected.

PASSWORD PROTECTED NETWORK

No third-party software or unauthorized users using Pathscape may access any Pathway gear without accreditation.

LOCKED-DOWN CONFIGURATION TRAFFIC

Although people using the network may discover and view device properties, unauthorized users are locked out of changing the configuration of the network.

DEVICE-TO-DEVICE AUTHENTICATION

End-to-End xDMX data transmission - only authorized controllers can decode DMX512 using our devices.

GUEST CONSOLE ON-RAMP

Third-party developers may employ Pathway's security protocols and transmit authenticated sACN to our gateways.

WHY IS NETWORKING SECURITY SO IMPORTANT?

Security Hacker 650px

It's difficult to go a day without hearing about some catastrophic data breach on one network or another. Banking institutions, government agencies and building management systems are constantly under threat. As the Internet of Things connects us and our devices together, work must be done to prevent "bad actors" or "bots" from permeating to the heart of our networks.

As directors and producers worry about the actors on the stage, manufacturers like Pathway strive to mitigate threats from bad actors entering the theatre uninvited. Some productions deal with security by building a big wall around their insecure legacy systems, but in this day and age of IoT connectivity, it is becoming more and more difficult to remain an island. A single laptop connected to the copper entertainment network that joins a WiFi access point is the hole in the dyke that could bring down your entire production.

WHY FIX WHAT ISN'T BROKEN?  WHAT IS "TECHNICAL DEBT"?

Ethernet has been used for lighting networks as early as 1990, before the popularity of the World Wide Web when security wasn't as much of a concern as it is today. These systems were not designed for environments that were exposed to the public internet.

Legacy applications, older consumer operating systems and past-expiration-date technologies pose real risks to your production, and the risks grow larger with each passing year. Companies delay resolving this technical debt for various reasons; the most common ones being that it's time consuming, expensive and will take away from other, presumably higher-priority projects such as releasing the newest flashy gadget.

R&D engineering groups don't want to touch legacy products for fear of breaking them. The original tool chains needed to modify the firmware, and moreover, the original developers may no longer be with the company. Therefore it takes a serious amount of foresight from the invested parties to tackle this technical debt. Some companies don't have the resources to tackle these projects or cannot convince senior management to make it a top priority. Yet others may want to turn a blind eye, or simply be unaware of the real security threat and the associated risks.

PATHWAY CONNECTIVITY'S STORY

Pathway Connectivity is well-known to be an industry leader in networking. As early as 2000, we were building configurable end-to-end Ethernet DMX512/RDM gateways.

The Pathport® Gateways and their multi-cast protocol predate sACN. Many of our engineers helped write and edit the control protocol standards currently in use today.

VIA­™ was the first entertainment-class Ethernet switch designed and manufactured specifically to meet the needs of our industry. It is now the backbone of most networks on Broadway, North American touring and mega-shows across the continent.

Of note, the Pathport Gateways were the first devices to use PoE outside of the telephone industry. We are known to be forward-thinking and innovative while making the complex task of moving vast amount of data in real-time simple enough for the average technician to manage and operate.

 

COMPLIANT PATHWAY PRODUCTS

SecurityCompliantProducts Logos 750px

PathwaySecurity Logo 250px

Resources:
How do I receive Art-Net and sACN?
Test Tools & Developer's Info
Protocol Magazine Article by Robert Bell