IIoT technologies can leave transportation providers vulnerable to cyber attacks, but three steps can help them respond and recover.
Edge technologies can transform transportation operations, but introduce risk
Transportation is uniquely positioned as a conduit between business and consumers. Transportation providers rely heavily on third parties, and many industries are entirely dependent on transportation providers for continuous operations and delivery of goods and services. The global scope and integration within transportation supply chains represent a large, diversified attack surface, which makes the industry an attractive target for malicious actors.
IIoT solutions promise revolutionary changes to industry operations, particularly in managing globally distributed fleets of assets that are increasingly connected and ubiquitous. This expansion introduces operational challenges and new attack vectors. The idea of driverless semi-trucks independently navigating highways is both exciting and terrifying. As connected, autonomous, and smart devices move to production, transportation companies need to re-examine their security operations.
With increasing dependence on IIoT platforms and data services that enable insights and automation, the potential for unauthorized access to proprietary data and critical systems is growing, placing physical and digital assets at risk. As connected services and ecosystems become essential components of critical infrastructure networks, the scope of this risk extends to the entire value chain (see “Insight: Travel and transportation share critical infrastructures”).
Whether executed by financially driven cyber criminals or politically motivated nation-states, a successful attack on any segment of the transportation industry is dangerous for myriad reasons. The potential impact on public safety and the economic consequences of disruption can be particularly severe.
Based on key IIoT cybersecurity metrics, some organizations are more cyber resilient than others. They are better at not only protecting their organizations from IIoT-related attacks, but also detecting, responding to, and recovering from breaches when they occur.
Through our research and analysis, we identified a set of highly effective controls and practices that are instrumental to achieving this level of performance. These controls and practices are based on Center for Internet Security (CIS) Critical Security Controls and AI-driven practices from IBM IoT security research.
For transportation industry providers, order to cash, inventory management, fulfillment, and logistics services form the core of the business. Many providers are successfully applying smart, adaptive technologies to decades-old industry problems in areas such as route optimization. For more insight into the latest industry dynamics, the IBM Institute for Business Value (IBV) conducted a survey in cooperation with Oxford Economics. Our study explored how transportation providers apply IIoT technologies, how well they understand the associated cybersecurity risks, and the maturity—and effectiveness—of their capabilities to mitigate them.
Our analysis revealed a respondent group of “top security performers” who perform better on security key performance indicators (KPIs). They are also more confident that their vulnerability management capabilities protect them from the latest threats.
For more information, download the IBV Benchmarks Insights report.
Meet the authorsEric Maass, Director of Strategy and Emerging Technology, IBM Security Services
Gerry Parham, Research Leader, Security & CIO - IBM Institute for Business Value
Julian Meyrick, Global Security Strategy Risk and Compliance and Cloud Security Lead, IBM Security
Keith Dierkx, IBM Global Segment Leader, Transportation
Lisa-Giane Fisher, Benchmarking Leader, Middle East and Africa, IBM Institute for Business Value
Steve Peterson, Global Travel and Transportation Leader, IBM Institute for Business Value
Securing the Internet of Things (IoT) for industrial and utility companies
Insights derived from data collected from connected devices are being used across industries to enhance productivity. But there are also risks.
Electronics Industrial IoT cybersecurity: As strong as its weakest link
Electronics companies need contextual, cognitive and adaptive security to identify and mitigate Industrial IoT-related risk
How utilities can help prevent cyberattacks in the age of IoT
Fundamental IIoT cyber hygiene, augmented with automation and AI, is critical to continuity of operations and service delivery for utilities.
Navigating travel in the wake of COVID-19
Forward-looking strategies that prioritize customer needs can help travel companies compete in the post-pandemic landscape.
IIoT cybersecurity for travel companies
While IoT technologies can improve travel operations, they also can expose critical vulnerabilities in older systems.