Security Shortcomings to Address Before Deploying IoT Supply Chains

Over the past few months, smart supply chains and enhanced logistic solutions have been gaining momentum as retailers focused on keeping their production lines open. Yet the new tech brings along a set of barriers to consider, to ensure secure IoT-driven infrastructure launch.

Security Shortcomings

Increased investment in IoT is paving the way for a new phase of fully-digitalized supply chain management. The trend was largely influenced by the pandemic-related workforce layoffs and mandatory state lockdowns. Smart logistic solutions offer an entirely new level of flexibility and efficiency, as well as require less human capital to supervise and maintain operations, making it more economically-resilient.

Although with a lot of potential use cases, Vincentas Grinius, CEO at IPXO, notes a few vulnerabilities concerning the technology, which should be addressed before upgrading to IoT-driven supply chain management – to avoid leaving any open doors for external threats.

External security gaps

Each IoT device needs an IP address to access the organization’s network, for instance, to send or receive relevant information concerning in-stock, machine operability, and other crucial information. However, IoTs are usually set up on public IP addresses, meaning they are visible for all Internet users. This could lead to a serious external data breach, which could potentially take down the entire supply chain structure.

“Each IP address needs to be validated by an encrypted certificate, either LOA or ROA. The difference between them is that the latter is digital, hence, more secure and tamper-proof,” explained Grinius. “However, the majority of IPs in the industry are still under LOA certificate, thus for IoTs operating on LOA-verified IP addresses, the risk of breach becomes significantly higher.”

“ROA is crucial in terms of preventing IP hijacking and securing network integrity,” he continued, “and should become common practice, as it could better protect the entire infrastructure.”

Robust network perimeter

Controlling a large number of IoT devices requires setting up a robust network perimeter. As malware is becoming more and more technologically sophisticated, Mr Grinius emphasized regular security protocol updates, as some of the threats may be in the making, and timely upgrades are key in detecting any new red-flags.

“The IoT industry is still evolving, therefore we may not even be aware of some of the associated threats. Building a robust network perimeter, as well as making sure all of the security policies are up-to-date remains vital to prevent outside attacks,” explained V. Grinius.

Traffic monitoring

Tracking IoT-related traffic may be the difference between catching a threat just-in-time or a little too late. Being able to distinguish any abnormalities is relevant to long-term security, as previously deemed suspicious traffic would be red-flagged on the spot.

“Sometimes real-time data is not enough. Analyzing historic data enables to dive deep into network forensics and make deductions if an intruder has been trying to knock-down your defenses, and reiterate accordingly. Isolating patterns, previously identified as malicious, allows to not fall victim to recurring threats, and keep a watchful eye on any new malware that might be emerging.”

IoT offers a great deal of manufacturing flexibility, and, if all security shortcomings are timely addressed, will bring supply chain management up to an entirely new level of efficiency, helping businesses recover and thrive in the post-pandemic economy.

About IPXO

IPXO, formerly known as Heficed’s IP Address Market, is an IP resource management platform, which enables to monetize unused IP addresses via lease. Reportedly having outgrown its current position as part of Heficed’s framework, it will continue to grow and improve as a separate business entity, with the full switch predicted at the beginning of 2021. IPXO will be equipped with advanced features such as reputation monitoring, delegated RPKI, WHOIS, Geo object management, BGP announcement control, and open API.