In December 2015, the U.S. Federal Motor Carriers Safety Administration (FMCSA) issued a ruling making it mandatory for truckers to use electronic logging devices (ELD) to track hours on the road for safety purposes. The ruling opened the door for myriad IT systems and Internet of Things (IoT) devices that the logistics industry now employs. These devices range from truck-hour logging, to monitoring the driving habits of drivers, the health of engines, the speeds and locations of vehicles, and the environmental controls in place to keep items like foods and semiconductor equipment cooled.

SEE: Securing IoT in your organization: 10 best practices (free PDF) (TechRepublic)

IoT sends a mountain of unstructured, big data into corporate and cloud-based systems that collect this data to report the status of each truck and cargo and to also send a body of information that can be queried for analytics. Unsurprisingly, logistics companies and truck drivers themselves have rapidly become dependent on these systems as they transport goods across the US, and operations have become more efficient.

This rapid IoT adoption hasn’t been lost on the bad actors, either. “State-sponsored threat actors seek to disrupt the logistical and supply chain capability of rivals,” according to Mimecast, a cybersecurity and compliance provider.

In November 2019, Mimecast published research that indicated that companies in the transportation, storage, and delivery sector were among the top three targets hit hardest by cyber attacks during third quarter 2019. In February 2020, Toll, an Australian trucking company, reported it had been attacked by Ransomware that forced it to disable its IT systems and operate its trucking fleet manually. Delays in package deliveries disappointed customers.

“The introduction of IoT into the trucking industry also brought risk into logistics and supply chains,” said Sharon Reynolds, CISO at Omnitracs, which provides fleet management solutions.

SEE: 5G and IoT security: Why cybersecurity experts are sounding an alarm (TechRepublic)

The security risks that come with IoT include the entry points to systems IoT provides for hackers, and the risks IoT presents when hackers penetrate other systems, then all of the IoT and surrounding operations must go manual. This makes security and risk management critical elements of IoT strategy that companies should address.

Here are some strategic steps companies can take to protect IoT devices and data.

  1. Identify your mission-critical business processes. Which business processes are absolutely vital for your daily business operations and the protection of your intellectual property? These are the first assets and processes that should be secured from cyberattack.
  2. Institute robust security. Security measures can include data encryption, dual-factor authentication, trusted networks, security monitoring and auditing, and good security habits from IT and company personnel. All are part of a robust security approach.
  3. Perform a risk assessment. You may not know where your high-risk areas are. In fact, many of the highest risks are in back-office systems, which can be easily overlooked. Assess these risk points, which could be back-office systems, a mobile device, IoT sensors that are not well secured by vendors, or a careless employee. If you aren’t sure how to go about a comprehensive risk assessment, secure the services of a third party.
  4. Do some manual threat modeling. “This threat modeling is actually more of a thought exercise,” Reynolds said. “In threat modeling sessions, participants identify potential hackers and sources of hackers. They look at where their drivers are located, and the cargoes they will be carrying, along with the IoT that their vehicles are equipped with. Then, they think of ways where all of these technologies, systems. and employees can be hacked.”

Also see

Image: metamorworks, Getty Images/iStockphoto