Overview
Leviton takes the security of your lighting control and network systems seriously. Providing a cohesive, complete, and integrated end-to-end control solution allowing intended, safe communication while rejecting malicious communication has been built into each physical and software layer of the GreenMAX DRC Room Control System. The goal of this White Paper is to review each of these layers, the types of communication that occurs, and the steps we’ve taken to secure our system.Physical Layers and General Network Architecture
Leviton’s commercial lighting control network systems are broken into several different physical layers, each of which have different security concerns and approaches to network functionality and security. The components we will be reviewing are as follows:- Configuration Tool (GreenMAX DRC App) communication to Room Controllers
- Configuration Tool (GreenMAX DRC App) communication to Leviton Cloud Services
- Room Controller Communication on IP Networks
- BACnet Communication on IP Networks
- LumaCAN/CAN Device Level Communication
Summary of Network Communication and Security
Physical Layer | Function | Communication Method | Security Method | Notes |
GreenMAX DRC App to Room Controller |
|
|
|
|
GreenMAX DRC App to Leviton Cloud |
| Connect to Leviton Cloud Services through public internet using the configuration tool’s cellular or WiFi connection |
|
|
Room Controller to Room Controller |
| WiFi, IP connectivity between room controllers |
|
|
LumaCAN/CAN communication | Lighting control within the sub-net | LumaCAN protocol over Category 6 cabling |
|
|
BACnet Communication | Interface to Building Management System (BMS), either at the micro or macro level | Wired Ethernet, BACnet/IP, using NP00G Gateway |
| BACnet standard PICS statement available at www.leviton.com which details interface specifics |
The industry has been drawing on standards and best practices such as ANSI/UL 2900-1, IEC standards, ISO 27000, and the NIST IoT Cybersecurity Framework. We are closely following these developing standards, and will implement as appropriate.