Whether the scarce item was semiconductor chips, syringes, COVID vaccines, or staples like toilet paper and eggs, global supply chain shortages have had a spotlight in the news since the pandemic began. As the holidays approached, pundits wondered how these supply chain shortages would affect this incredibly busy shopping season. But while the pandemic brought these issues to the forefront, supply chain issues, especially in the “cold chain” space, have been a problem for some time. With heightened requirements around IoT data security, there is a need for trust along every step of the supply chain.
We’ve already looked at some of the wide-ranging use cases for IoT devices and data analytics, including supply chain management. Simply put, organizations along the supply chain ecosystem rely on IoT sensors to provide critical information about their products. These devices can monitor and test asset performance, investigate incidents remotely, identify performance issues, plan for predictive maintenance strategies, and improve overall operating efficiency. They can also track the exact location of goods and their travel speed.
Using this information, companies can then use IoT data analytics to ensure their products arrive on time and in optimal condition. This can lead to significant efficiency gains and cost savings. Unfortunately, without strong IoT data security, these same technologies can expose the supply chain to risk.
IoT data security and the cold chain
The cold chain involves the manufacturing, storage, and transportation of temperature-sensitive products. Along every step of this complicated ecosystem, wireless IoT sensors track and transmit conditions such as ambient temperature, humidity, and light. And, along every step of the way, there are many concrete cold chain challenges that can arise and threaten the integrity of the products, including mechanical failure or temperature fluctuations. This is one of the reasons that continual connectivity is so important. If a sensor detects an instance of temperature or humidity going out of bounds, it sends a high priority alert notification that allows stakeholders to intervene and secure the product.
But what about security? In 2020, IoT devices made up roughly 33% of infected devices, so it’s not surprising that top supply chain priorities in 2021 included data protection, as well as improving IoT data security and understanding / mitigating third-party risks. For the continued safety and stability of their products, cold chain stakeholders must ensure that their connected devices, and the data they gather and transmit, are legitimate and secure.
Despite this research indicates that 98% of IoT device traffic is insecure, meaning that any personal or confidential data can be intercepted, read, or modified. IoT devices can serve as entry points for attacks that steal sensitive data, transmit false information, take control of a device’s functionality, and even compromise development and manufacturing systems. The cold chain specifically has experienced corruption at various stages of both the generation and consumption of IoT data. These risks to IoT data security represent challenges not just for the adoption of IoT in the cold chain but also through the introduction of organizational risk in terms of regulatory censure and loss of consumer trust.
Top 3 challenges of cold chain IoT data security
As mentioned, stakeholders at every step of the cold chain need to access and analyze critical IoT data streaming in from a multitude of sensors. These stakeholders are frequently in different organizations and even industries, each of which has different monitoring systems and logistics processes. Furthermore, the data itself resides in separate silos and is in different formats. It’s imperative to protect the data from threats, while maximizing its value across the entire stakeholder ecosystem.
We recently published an infographic with some highlights on IoT data security and the cold chain. Here, we take a closer look at some specific IoT data security challenges–and possible ways to mitigate them.
- Data and device authenticity. Without built-in security, IoT devices are vulnerable to malware and tampering. Well, there are hundreds of thousands of IoT sensors and other devices within the cold chain. Unsurprisingly, attacks are on the rise, including device hijacking and man-in-the-middle attacks. How can all these devices be protected and trusted? And what about the data generated by all these devices? One way to ensure the integrity of data and devices is IOT device authentication. Leveraging public key infrastructure and trusted certificate authorities, devices can be authenticated through cryptographic keys and secure identification processes.
- Third-party risks. There are already multiple organizations operating within the cold chain, including manufacturers, distributors, warehousers, and more. With so many different partners, it’s easy to see how sharing data with third-party vendors could lead to increased IoT data security risks. In fact, third-party vendor attacks continue to be one of the top security threats within the supply chain. There are very few, if any, that produce all their hardware and software themselves, so with multiple layers of input from a completely global supply chain there are multiple opportunities for bad actors to insert or discover vulnerabilities at just one level and then have them scale naturally across the world Trusted, secure communications across internal and external data sources is a requirement for the safe sharing of data across the entire supply chain.
- Data governance. The cold chain is subject to complex industry-specific (and location-specific) regulations. But while food safety and contamination standards are different from drug safety guidelines, both require the ability to audit data. Data auditing is an important tool for IoT data security to identify both where a breach has occurred and which data have been affected. Having a unified data governance solution across multiple data sources is absolutely imperative for cold chain regulatory compliance.
The road ahead for IoT data security
Because large scale IoT device networks are distributed, the architecture underpinning these networks can contain vulnerabilities and can be exploited by bad agents. Thus, the foundation of a trusted IoT environment begins with embedding secure identities into each device. Strong device identity provisioning protocols and trusted data exchanges secured by public key infrastructure (PKI) are critical to ensuring device authentication and addressing key IoT data security issues across the entirety of the retail supply chain.
To find out more about how our secure identity provisioning and PKI are improving IoT device authentication and bolstering IoT data security across multiple industries, you can read more here or talk to our team.
About Julian Durand
Julian Durand is VP of Intertrust Secure Systems and product owner of Intertrust PKI (iPKI). He earned his engineering degree from Carleton University, and his MBA from the University of Southern California (USC). He is also a Certified Information Systems Security Professional (CISSP) and inventor with 10 issued patents.