Turning cyber threat into cyber opportunity
November 2018, Transport (Industry), Integrated Solutions, IT infrastructure
The network of connected sensors, devices, and appliances commonly referred to as the Internet of Things (IoT) has completely changed the way business works. This is as true of the heavy hauling and freight industry as any other. At any moment, various players in the industry can get a sense of vehicle health, cargo safety, and whether or not any infrastructure is in need of repair.
As IoT technologies have become more ubiquitous, so have the threats from cybercriminals however. With more than 20-billion IoT devices expected to be online by 2020, there are more gaps for cybercriminals to take advantage of than ever before. That has massive potential consequences for heavy hauling. A cyber-attack at targeted points in a country or region’s network could leave it crippled, preventing people from receiving much-needed goods and services.
Fortunately, it doesn’t have to be that way. According to Etion Group chief digital officer, Maeson Maherry, it’s possible for businesses to reap the benefits of IoT without placing themselves in a compromised security environment.
“Connected sensors can provide businesses with useful data that can be easily acted on,” Maherry says. “Sensors in trucks and cargo containers, for example, can tell you when to do preventative maintenance, helping avert potential disasters.”
For that to work, however, people have to be able to act on that data. “If I can send commands to vehicles and machines out in the field, which is what sensors are in the first place, can I do so in a way that makes my business more productive and efficient?
“So, for example, if a vehicle is telling me that it’ll need maintenance soon, do I have the power to schedule that maintenance so that the machine is down for as little time as possible?”
If that is the case, that ability comes with serious benefits, but in order to be able to reap them, you have to know that you can trust the information coming from the embedded sensors in your network. Here, he says, the question of who owns the IoT devices and sensors in a business environment becomes critical.
“I’ve got these devices and sensors in my business environment, do they belong to me, or do they belong to their manufacturer?”
Logically, he points out, ownership should always lie with the business owner because these devices are used to make decisions with potentially massive business impacts. “You have to make sure that you’ve got owner-controlled security in place. You’ve got to make sure that you can control these devices, and make sure it’s only your device that plugs into your network.”
Even if you own the security, he adds, you still have to know that you can trust the entire system. “You’ve got to be able to trust everything, from the sensors themselves, the way they’re communicating data, all the way through to the information systems that are processing that data and turning it into information for you, so that you can make your own deductions and send back commands.”
Here the fundamentals of security – authentication, encryption, and integrity – come in. When it comes to authentication, this allows you to know that a sensor sending you information belongs to you and that when you send information to a sensor it will act on it. A lot of the work around encryption, meanwhile, comes down to picking your battles.
“Is it something that I need to worry about other people seeing?,” Maherry asks. “If the devices are sending out private medical information then the answer is yes, but if they’re just sending the settings on a machine then the answer might be no.”
Finally, integrity entails doing everything you can to prevent your machines being tampered with. And that’s incredibly important. Integrity is going to be at “the next wave of cybersecurity threats, which will be a constant concern for us over the next decade or more”.
We’ve already seen what happens when those devices are tampered with. In August 2016, cybercriminals used IoT devices to execute one of the biggest DDoS attacks in history, bringing down some of the Internet’s biggest sites. It’s only a matter of time before someone tries to bring down a freight network.
Fortunately, says Maherry, such incidents are avoidable. “It’s possible to solve all these issues with the cryptography and technology that we have today, we just have to have the conversations to start with. The same is true with the devices: they’re going to need to be updated in the field, just like your computer or your phone get updated. You’ve got to make sure that there’s integrity in the code that’s running on these devices, even if it’s embedded.”
“The answers are definitely there,” says Maherry, “but if people are not thinking about the cybersecurity aspect and the ownership aspect, then you’re not going to get to the benefits of what IoT can really do on a large scale.”