Looking Ahead: Security Shortcomings to Address Before Deploying IoT Supply Chains

4 years ago

Increased investment in IoT is paving the way for a new phase of fully-digitalized supply chain management. The trend was largely influenced by the pandemic-related workforce layoffs and mandatory state lockdowns. Smart logistic solutions offer an entirely new level of flexibility and efficiency, as well as require less human capital to supervise and maintain operations, making it more economically-resilient. 

Although with a lot of potential use cases, Vincentas Grinius, CEO at IPXO, notes a few vulnerabilities concerning the technology, which should be addressed before upgrading to IoT-driven supply chain management – to avoid leaving any open doors for external threats. 

External security gaps

Each IoT device needs an IP address to access the organization’s network, for instance, to send or receive relevant information concerning in-stock, machine operability, and other crucial information. However, IoTs are usually set up on public IP addresses, meaning they are visible for all Internet users. This could lead to a serious external data breach, which could potentially take down the entire supply chain structure.

“Each IP address needs to be validated by an encrypted certificate, either LOA or ROA. The difference between them is that the latter is digital, hence, more secure and tamper-proof,” explained Grinius. “However, the majority of IPs in the industry are still under LOA certificate, thus for IoTs operating on LOA-verified IP addresses, the risk of breach becomes significantly higher.”

“ROA is crucial in terms of preventing IP hijacking and securing network integrity,” he continued, “and should become common practice, as it could better protect the entire infrastructure.”

Robust network perimeter

Controlling a large number of IoT devices requires setting up a robust network perimeter. As malware is becoming more and more technologically sophisticated, Mr Grinius emphasized regular security protocol updates, as some of the threats may be in the making, and timely upgrades are key in detecting any new red-flags.

“The IoT industry is still evolving, therefore we may not even be aware of some of the associated threats. Building a robust network perimeter, as well as making sure all of the security policies are up-to-date remains vital to prevent outside attacks,” explained V. Grinius. 

Traffic monitoring

Tracking IoT-related traffic may be the difference between catching a threat just-in-time or a little too late. Being able to distinguish any abnormalities is relevant to long-term security, as previously deemed suspicious traffic would be red-flagged on the spot.

“Sometimes real-time data is not enough. Analyzing historic data enables to dive deep into network forensics and make deductions if an intruder has been trying to knock-down your defenses, and reiterate accordingly. Isolating patterns, previously identified as malicious, allows to not fall victim to recurring threats, and keep a watchful eye on any new malware that might be emerging.”

IoT offers a great deal of manufacturing flexibility, and, if all security shortcomings are timely addressed, will bring supply chain management up to an entirely new level of efficiency, helping businesses recover and thrive in the post-pandemic economy.

Leave a Reply

Your email address will not be published.