An Internet of Things Future Means Securing Entire Supply-Chains

By Nils Gerhardt, Chief Technology Officer for Utimaco

The ‘Internet of Things’ (or IoT) is far more than smart speakers and app-connected lightbulbs: in less than a decade it has gone from a buzzword to a vital part of tens of thousands of businesses, and by 2030 the industry could be worth $12.6 globally.

Its value proposition is clear: ‘data’ is being created everywhere, whether it is traffic and footfall flows or CO2 emissions, and a vast network of sensors can capture that data. Once collected it can be analysed – something that is much easier now that cloud computing gives anyone access to the capabilities of a supercomputer. Devices can then make changes as needed.

This is already powering ‘smart cities’, though we are only just beginning to utilise its full potential, and is a key component in Industry 4.0, a term for the ‘fourth industrial revolution’ in manufacturing in which every component in a production line exists as much in the digital as the physical world, with 5G networks constantly exchanging data to make factories more efficient and proactively address maintenance problems. Combined with robotics, autonomous systems and 3D printing, a factory or warehouse could potentially run without the need for humans.

Of course, anywhere that data is being exchanged through internet-connected components is a potential vector for attack. We have already seen how ransomware can have devastating consequences in industrial settings, but imagine what could be done if bad actors gained access to a factory, oil refinery or energy production facility’s IoT network. By just increasing the amount of torque a robotic screwdriver uses they could ruin whole batches of products, or by turning off heatsinks they could start a fire. More worrying, IoT systems have already been hijacked and turned into huge botnets. This could mean that tens of thousands of smart devices could be turned into spam email servers, or they could flood targets with traffic in Distributed Denial of Service (DDoS) attacks.

Does network always mean vulnerability?

In a business ‘campus’ in which everything is connected to everything else, one wireless thermostat with an unpatched…