Why smart lighting can no longer be treated as low-risk infrastructure

By Fabio Mauri, Head of Technology Operations and Cybersecurity, Paradox Engineering

Smart lighting is often positioned as a straightforward efficiency upgrade–a way for cities to reduce energy consumption while modernising public services. For city leaders, however, this framing is no longer sufficient.

Once streetlights are connected to a city’s IoT network, they become one of the most widely distributed and physically exposed digital systems a municipality operates. That reality fundamentally changes how cybersecurity risk should be understood.

Connected lighting networks can involve thousands, or even tens of thousands, of devices deployed across public space and expected to operate continuously for many years. Unlike systems installed in controlled environments, streetlights are physically accessible and exposed to environmental stress.

Even when mounted several metres above ground, they remain open to inspection and tampering. At the same time, because they are connected to wider municipal digital infrastructure, they also represent potential digital entry points for attackers. From a governance perspective, physical and digital exposure cannot be separated.

Visibility makes lighting failures different

One of the most immediate risks concerns the core function of public lighting itself. If an attacker gains control over lighting operations, they could cause partial or widespread outages. Even short disruptions can have consequences for road safety, public security and emergency response. Because public lighting is highly visible infrastructure, these failures are noticed immediately by citizens, with a direct impact on trust in city administrations.

There is also a second, less visible but increasingly important risk. If compromised, lighting nodes can be misused beyond their intended purpose. They can be enrolled into botnets or used as pivot points to access other municipal systems. Given their number and geographic distribution, streetlights can form a powerful platform for coordinated cyberattacks if they are not properly secured. In this scenario, the risk extends well beyond lighting operations to the broader urban digital environment.

It is important for city leaders to be realistic about cybersecurity expectations. Absolute security is not achievable, in smart cities or anywhere else. The objective is risk reduction and impact limitation. Before cybersecurity is properly addressed, security is often implicit, fragmented, or treated as a secondary concern. Protections may rely on assumptions that no longer hold in today’s threat landscape. When stronger measures are introduced, the shift is organisational as much as technical. Risks are explicitly assessed, attack surfaces are reduced, and monitoring and response capabilities become part of routine operations.

Technology, processes and people must work together

From our experience, effective protection for smart lighting requires a combination of technology, processes and people.

On the technology side, this means secure-by-design IoT devices, strong identity and authentication mechanisms, encrypted communications, and monitoring architectures suited to large, distributed environments. Security needs to be embedded at device and system level from the earliest design stages. Retrofitting protections later is not only more costly, but often less effective.

Processes are equally critical. Secure deployment procedures, controlled maintenance workflows, and continuous network and security monitoring are essential to maintaining protection over the full lifecycle of a lighting system. Cybersecurity should be treated as an operational responsibility, not a one-time procurement requirement. This includes clear governance structures, defined roles and escalation paths.

People remain a decisive factor. As technical controls improve, many security incidents stem from human error. Configuration mistakes, procedural shortcuts, social engineering or simple inadvertent behaviour can all lead to system exposure. In urban IoT deployments, this risk is amplified by the number of stakeholders involved, including city departments, system integrators, operators and maintenance teams. Awareness and training programmes help reduce this exposure by ensuring that security is understood and consistently applied in day-to-day operations.

Designing for resilience from day one

Monitoring models must also reflect the specific nature of public lighting networks. Unlike traditional IT environments, IoT networks consist primarily of large numbers of devices rather than servers and PCs. They generate different usage patterns and often rely on mobile data connections, where standard monitoring approaches can be inefficient or costly. Monitoring and response capabilities tailored specifically for smart city environments allow cities to manage these constraints more effectively.

Designing security from day one makes a measurable difference. The latest Hybrid Zhaga and Cellular Zhaga nodes were developed with cybersecurity in mind from the earliest stages, allowing protections to be embedded across hardware and system components. They also support deployment models that minimise exposure by avoiding unnecessary interfaces on the public internet, reducing the overall attack surface.

For city leaders, the message is clear. Smart lighting can deliver long-term value only if cybersecurity is treated as a foundational requirement, not a secondary consideration. Treating connected lighting as low-risk infrastructure is no longer compatible with the realities of digital cities.

Main image: Adobe Stock