• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Network Security

The Risks and Mitigations of the Internet of Things (IoT) in Supply Chain

When it comes to product delivery, many companies are introducing the Internet of Things (IoT) into the supply chain through connected devices.

February 19, 2018 Abel Sussman 12 Comments

In an increasingly digital world, every aspect of product development and delivery is being transformed, facilitated, and made more efficient through automation and integrated intelligence. The supply chain is no exception; today, many firms are extending Internet of Things (IoT) devices into their supply chain to improve productivity and customer service. Sensors, communication devices, analytics engines, and decision-making aids are being employed to improve the efficiency of fleet management services, schedule optimization, routing, and reroutes due to adverse conditions. The IoT provides real-time tracking solutions and instant inventory visibility.

However, as firms use the IoT to expand their reach into the supply chain, so too does it increase their attack vectors and potential loss of proprietary and sensitive data. Cloud computing stores data and passes it between potentially thousands of devices that may have exploitable vulnerabilities; a poorly designed architecture could provide hackers the ability to disrupt, destroy, or steal vast and valuable stores of corporate and personal data. As an example, in October 2016, the IoT botnet Mirai led the largest DDoS attack ever, leading to a large number of popular websites on the internet going down, including Twitter, the Guardian, Netflix, Reddit, and CNN.

Abel Sussman is a Director for Cyber Risk Advisory at Coalfire. He is responsible for helping clients advance security program strategy, meet legislative compliance, and implement cyber-security programs. He is a leader and recognized industry expert on Cloud Computing, Security, and federal compliance

Specific to the supply chain is the issue of Data Leakage, where content becomes visible to cyber “eavesdroppers,” either through malicious or unintended means. A recent Princeton paper demonstrated that popular IoT devices (including Amazon Echo), where the data streams were assumed to be encrypted and therefore not susceptible to direct inspection, were in fact highly revealing merely by looking at the traffic rates of the encrypted data flows. While safeguards can be assumed to be in place within the firm’s “system of record,” or database, data leakage can occur when data is passed between complementary systems unless the same level of data protection is enforced. Within the IoT ecosystem, data can be observed at various points including data at rest, data in-motion between vendors, and data at system boundary endpoints.

It is enormously valuable to malicious actors to observe a firm’s supply chain. Without proper confidentiality controls, actors can spy key relationships, contents, shipping volume, and destination. From these pieces, competitors and market actors can gain undue insight into a company’s business operations and gain advantage.

According E&Y, data leakage is a great concern when deploying IoT technologies (ET Cybersecurity and the Internet of Things), and the associated privacy concerns is among the most significant challenges with IoT security implementation (In the Matter of the Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things, Federal Trade Commission).

To protect against Data Leakage, device security needs to be addressed throughout the system lifecycle, from design to field operations. First, firms need to examine their data governance methodologies to build effective and secure IoT products and services. Corporate policy should drive secure processes, architecture development, device control, and system monitoring. Second, devices need to be configured to automatically identify, locate, and profile supply chain objects; they need to accept patches from known sources, and be cut out of the network if compromised before they can infect others. In many ways, IT and network security protocols need to evolve to an IoT world, with updated methodologies better addressing the requirements of distributed devices.

Collaboration Technology

You need the most expensive collaboration technology in your office. Right? Wrong! This guide walks you through choosing the perfect collaboration technology for your organization

The Technology Manager’s Guide: Tips for Buying Collaboration Technology

As mentioned, Data Leakage is an ecosystem issue, and all participants must understand where their responsibilities begin and end and what they are responsible to protect. This requires defining standards for interoperability and encryption so all participants can communicate and work together safely and effectively.

Below is an action plan for CIOs that are considering implementing IoT for their supply chain:

  • Execute “red team” exercise for deployed IoT devices, where an independent group challenges organization security measures at the application, network, data, and physical layers.
  • Sign up for security alerts from the US Computer Emergency Readiness Team (US-CERT).
  • Develop a data flow map from vendor systems to show downstream and upstream information flow.
  • Coordinate across integrated vendors: require that software and application providers use secure coding practices, and that all vendors including hardware providers test for security readiness—require testing documentation and transparency on secure coding practices in contract language.
  • Develop policy and procedures, with executive-level direction and oversight, that focus on security for network-connected devices and address risks inherent in the Internet of Things. These documents should include rules on selecting hardware that incorporate security features, guidelines/schedules for performing penetration tests, as well as end-of-life strategy.
  • Create a robust Incident Response Plan (IRP) that prepares the enterprise for disruptive events. Incident Response teams should be trained in their roles and conduct regular tabletop testing for a range of potential scenarios, and customer-facing staff must be trained in understanding which customer-reported incidents need to be escalated to the CISO.
  • Assure a defense-in-depth security approach to protect the firm’s most valuable assets by implementing layered defenses against cybersecurity threats.

There’s little question that the Internet of Things is extremely enabling across product manufacturing, the supply chain, and within product functionality itself. Yet, it’s essential to understand that new connected devices bring new risks and learn to both understand and mitigate them, so that the full promise of the technology can be extracted while minimizing potential downsides. In cybersecurity, we understand that risk can’t be eliminated, but it can be minimized and proactively managed. The goal of each company integrating the IoT into the supply chain should be to fully understand and deploy strategies to bring risk to acceptable levels.

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cyber Security, Data Collection, Internet of Things, Supply Chain

Related Content:

  • Cybersecurity and information or network protection. Future technology web services for business and internet project CrowdStrike Cyber Armageddon: How Do Firms Now Build…
  • DDoS, NETSCOUT Arbor Insight 7 Layers of DDoS Attacks and How To…
  • cisco webex-rooms-modern-space AVI-SPL Receives Cisco 2023 Reimagine Workspaces Partner of…
  • data breach Nearly 900 Schools Impacted by National Student Clearinghouse…

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Comments

  1. Jeff Falcon says

    February 20, 2018 at 3:03 pm

    Excellent thoughts on the need to increase Privacy concepts in IoT

    Reply
  2. supply chain consulting says

    June 12, 2018 at 1:15 pm

    Along with IoT, AI can significantly help to improve performance without human intervention, and allows for constant analysis of performance data, which enables machines to improve over time; whether this is a robot installed in a factory or a distribution warehouse.

    Reply
  3. ramakrishnan says

    August 2, 2018 at 2:53 am

    Internet of thing is one of the most emerging field. Thanks for sharing this valuable information on Internet of things.

    Reply
  4. Apple iPhone Support says

    August 7, 2018 at 11:40 am

    There are so many companies who are adopting the Internet of things to improve their productivity as well as the customer services. They are using the Internet of things to connect devices and hence making the supply chain,

    Reply
  5. risk pulse says

    November 26, 2018 at 6:04 am

    hi thanks for the information

    Reply
  6. lenovo laptop screen flickering says

    November 28, 2018 at 12:44 pm

    The technology which is having the perfect way to ensure the internet of things while supply chain that enables it for the perfection to keep the work part completely to have the valuable part

    Reply
  7. Brian Hastings says

    April 4, 2019 at 8:02 am

    Great post! Thanks for sharing the knowledge and keep up the good work.

    Reply
  8. vervelogic says

    April 23, 2019 at 8:35 am

    Thank you so much for sharing an insightful post on IOT. It’s helpful

    Reply
  9. Adam Smith says

    June 12, 2019 at 2:37 am

    Since IOT is a quite new field. A considerable amount of research work needs to be done, to sort out various flaws in its structure and policies.

    Reply
  10. bonuses says

    July 12, 2019 at 5:44 pm

    While it stands to bring efficiencies and conveniences we’ve never before seen, thereby improving lives, streamlining business and helping the planet, the IoT can only be a powerful force for good if it is secure. The intersection of the physical world with the always-on Internet culture means that now, for example, a hacked Facebook account can leave vulnerable not only personal information, but also home security systems, appliances, cars and more.

    And about that personal information – the amount of it in the IoT, from consumers’ locations to their desires and purchasing habits, is staggering. Each smart device and connected app gathers data, and each smart device and connected application risks exposing this data. Companies promising amazing experiences through their IoT-connected products and services must back those promises up with unsurpassed security. Otherwise consumers’ risks of fraud, identity theft and other damage through the IoT remain too high.

    Reply

Trackbacks

  1. HighJump Global Cloud Initiative Set to Streamline Supply Chain - My TechDecisions says:
    December 20, 2018 at 2:00 pm

    […] speeds, convenience and a host of other customer expectations are changing the landscape of the supply chain, transforming it into a digital, connected and automated process. The cloud is playing an […]

    Reply
  2. Improve Inventory Tracking at Your Warehouse With TraceLink Solution - My TechDecisions says:
    March 18, 2019 at 4:00 pm

    […] and purpose-built to leverage TraceLink’s information-sharing capabilities within its digital supply network platform, Smart Inventory Tracker improves operational efficiencies in the warehouse, allowing […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.