Imagine a world in which you know not only where your cargo is, but whether it’s still at the right temperature, whether it was dropped, whether the truck driver braked hard or got stuck in traffic, and exactly who handled it and when. That’s the world of the Internet of Things (IoT), and it’s here now: providing deep insights and actionable information that boosts efficiency and improves safety. But it also increases risk. According to the World Economic Forum’s “Global Risks 2015” report, with the IoT, “There are more devices to secure against hackers, and bigger downsides from failure.”
For managers, that means walking a tightrope between leveraging benefits and mitigating risks inherent with the IoT.
Global Supply Chain Gains from the IoT
On the positive side,“The IoT lets managers be more responsive to changing dynamics,” acknowledged John Beattie, business continuity/vendor risk expert, Sungard Availability Services. Greater responsiveness translates into improvements in transportation safety, product safety, loss reduction, and product tracking.
The pharmaceutical industry’s serialization mandate is a case in point. Globally, the industry is developing special serial numbers and barcodes detailing information about the product, its production and chain of custody for every pallet, carton, and individual container. Deployment will take years, but this will help pharmacists identify counterfeit products and help manufacturers issue tightly-targeted recalls.
Temperature sensors are another example. Used with temperature-sensitive cargo like foods and pharmaceuticals, the most sophisticated versions can detect temperature excursions and pinpoint when and where they occurred, their duration, and their extent. With real-time alerts, carriers can mitigate damages – re-icing cargo or rerouting shipments, for example.
In Finland, TTS-Kehitys Oy just began testing the DESERVE (Development platform for Safe and Efficient dRiVE) project, which links on-vehicle cameras, radar and laser scanners. Developed in collaboration with VTT Technical Research Centre of Finland Ltd. and Inveco Finland, it enables drivers to see obstacles and safety risks, or to control the vehicle remotely. Commercialization is expected in two years.
Other systems already are used to improve route planning, increase productivity, and lower the costs per mile by avoiding traffic jams or running fully-loaded more often. The consulting firm A.T. Kearney, for example, estimates carriers can reduce the miles trucks run empty (called deadheads) by 10 percent just by linking information.
In manufacturing, the IoT enables self-governing processes that resolve issues at their source, before they escalate. “Even in an empty facility, the IoT can reduce staffing, using sensors to detect intrusions,” Beattie said.
Clear Benefits, Looming Threats
IoT’s benefits are real. As deployed devices grow from the 1.2 billion estimated by Verizon and ABI Research in 2014 to the 26 billion devices Gartner predicts will be in use by 2020, the security threats are real, too.
The risks are two-fold. Adding billions of new data collection and transmission points creates billions of potential backdoors into organizations, and each must be managed.
A few years ago, even tech-savvy managers believed SCADA (supervisory control and data acquisition devices) couldn’t be hacked. They were wrong. Target’s 2013 breach, for example, occurred because hackers infiltrated an air handling system controller, using it as an entry point for the retailer’s point-of-sale system.
In another SCADA hack, presenters at 2014’s Black Hat security conference unlocked a car, started it, and drove it around the parking lot – all remotely.
About the same time, a hacking contest at the DefCon conference revealed 15 major security flaws in routers. This year, DefCon is sponsoring an IoT Village specifically to discuss the IoT and discover security lapses in IoT devices. (Note: DefCon requires contest participants to alert each device’s manufacture of vulnerabilities before making them public.)
IoT vulnerability is staggering. “Managers now must manage their immediate risks, and also consider those of their suppliers and carriers,” Beattie stated.
Today’s supply chain is global, with thousands of IoT devices reporting to the Web in real or near-real time. Breaching even one of those devices may let cybercriminals access the networks of multiple organizations, siphoning data or injecting malware.
Close the Backdoors
To minimize risks, close backdoor access by first understanding devices’ vulnerabilities and both their outgoing and incoming linkages with other systems.
Also, while IoT data may be stored in a virtual environment, not all virtual servers have the same levels of security. Obviously, proprietary data should be stored on secure server instances, but in a dynamic, virtual computing environment, that doesn’t always happen.
Update Continuity Plans
Businesses also need to reevaluate their business continuity plans. Beyond catastrophic loss scenarios, “Now they must focus on ensuring continuity of critical resources: supplier by supplier, system by system, and sensor by sensor,” Beattie affirmed.
That includes developing contingencies in case network-monitoring appliances go offline. If an IoT device is hacked, businesses need an alternative way to identify the breach and determine which data may be compromised.
“While IoT can trigger tremendous efficiency, it is offset by demands for additional controls to protect the organization,” Beattie said. “Managing it is a balancing act.”
What has been your experience with the Internet of Things and the supply chain? Share your comments!
Related Service: Business Continuity
This article was previously posted on Forbes BrandVoice.