The network of connected sensors, devices, and appliances commonly referred to as the Internet of Things (IoT) has completely changed the way business works. This is as true of the heavy hauling and freight industry as any other. At any moment, various players in the industry can get a sense of vehicle health, cargo safety, and whether or not any infrastructure is in need of repair.
As IoT technologies have become more ubiquitous, so have the threats from cybercriminals however. With more than 20-billion IoT devices expected to be online by 2020, there are more gaps for cybercriminals to take advantage of than ever before. This has massive potential consequences for heavy hauling. A cyber-attack at targeted points in a country or region’s network could leave it crippled, preventing people from receiving much-needed goods and services.
Fortunately, it doesn’t have to be that way. According to Etion Group Chief Digital Officer, IOT SENSORS
Maeson Maherry, it’s possible for businesses to reap the benefits of IoT without placing themselves in a compromised security environment.
“Connected sensors can provide businesses with useful data that can be easily acted on,” Maeson says. “Sensors in trucks and cargo containers, for example, can tell you when to do preventative maintenance, helping avert potential disasters.”
Can’t rely on technology alone
For this to work, however, people have to be able to act on that data. “If I can send commands to vehicles and machines out in the field, which is what sensors are in the first place, can I do so in a way that makes my business more productive and efficient?
“So, for example, if a vehicle is telling me that it’ll need maintenance soon, do I have the power to schedule that maintenance so that the machine is down for as little time as possible?” he asks. “Thus in order to reap the benefits, you have to know that you can trust the information coming from the embedded sensors in your network. The question of who owns the IoT devices and sensors in a business environment, therefore, becomes critical. Do they belong to me, or do they belong to the manufacturer?”
Logically, ownership should always lie with the business owner because these devices are used to make decisions with potentially massive business impacts. “You have to ensure that you’ve got owner-controlled security in place,” Maeson advises. “You have to make sure that you can control these devices, and that only your devices plug into your network.”
Entire system
Even if you own the security, he adds, you still have to know that you can trust the entire system.
“You’ve got to be able to trust everything, from the sensors themselves, the way they’re communicating data, all the way through to the information systems that are processing that data and turning it into information for you, so that you can make your own deductions and send back commands.”
Thus authentication, encryption, and integrity, become critical. “When it comes to authentication, this allows you to know that a sensor sending you information belongs to you and that when you send information to a sensor it will act on it.“
A lot of the work around encryption, meanwhile, comes down to picking your battles. “Is it something that
I need to worry about other people seeing?,” Maeson asks. “If the devices are sending out private medical information then the answer is yes, but if they’re just sending the settings on a machine then the answer might be no.”
Finally, integrity entails doing everything you can to prevent your machines from being tampered with.
“We’ve already seen what happens when devices are tampered with. In August 2016, cybercriminals used IoT devices to execute one of the biggest DoS attacks in history, bringing down some of the internet’s biggest sites. It’s only a matter of time before someone tries to bring down a freight network.“
Avoidable
Fortunately, says Maeson, such incidents are avoidable. “It’s possible to solve all these issues with the cryptography and technology that we have today, we just have to have the conversations to start with. “The same is true of devices: they’re going to need to be updated in the field, just like your computer or your phone gets updated. You’ve got to make sure that there’s integrity in the code that’s running on these devices, even if it’s embedded.
“The advantages are clear but if people are not thinking about the cybersecurity aspect and the ownership aspect, then they are not going to enjoy the benefits of what IoT can really do on a large scale,” Maeson concludes.
Etion Group, Maeson Maherry, www.etion.co.za