IIoT cybersecurity for transportation companies
Edge technologies can transform transportation operations, but introduce risk
Transportation is uniquely positioned as a conduit between business and consumers. Transportation providers rely heavily on third parties, and many industries are entirely dependent on transportation providers for continuous operations and delivery of goods and services. The global scope and integration within transportation supply chains represent a large, diversified attack surface, which makes the industry an attractive target for malicious actors.
IIoT solutions promise revolutionary changes to industry operations, particularly in managing globally distributed fleets of assets that are increasingly connected and ubiquitous. This expansion introduces operational challenges and new attack vectors. The idea of driverless semi-trucks independently navigating highways is both exciting and terrifying. As connected, autonomous, and smart devices move to production, transportation companies need to re-examine their security operations.
With increasing dependence on IIoT platforms and data services that enable insights and automation, the potential for unauthorized access to proprietary data and critical systems is growing, placing physical and digital assets at risk. As connected services and ecosystems become essential components of critical infrastructure networks, the scope of this risk extends to the entire value chain (see “Insight: Travel and transportation share critical infrastructures”).
Whether executed by financially driven cyber criminals or politically motivated nation-states, a successful attack on any segment of the transportation industry is dangerous for myriad reasons. The potential impact on public safety and the economic consequences of disruption can be particularly severe.
Based on key IIoT cybersecurity metrics, some organizations are more cyber resilient than others. They are better at not only protecting their organizations from IIoT-related attacks, but also detecting, responding to, and recovering from breaches when they occur.
Through our research and analysis, we identified a set of highly effective controls and practices that are instrumental to achieving this level of performance. These controls and practices are based on Center for Internet Security (CIS) Critical Security Controls and AI-driven practices from IBM IoT security research.
For transportation industry providers, order to cash, inventory management, fulfillment, and logistics services form the core of the business. Many providers are successfully applying smart, adaptive technologies to decades-old industry problems in areas such as route optimization. For more insight into the latest industry dynamics, the IBM Institute for Business Value (IBV) conducted a survey in cooperation with Oxford Economics. Our study explored how transportation providers apply IIoT technologies, how well they understand the associated cybersecurity risks, and the maturity—and effectiveness—of their capabilities to mitigate them.
Our analysis revealed a respondent group of “top security performers” who perform better on security key performance indicators (KPIs). They are also more confident that their vulnerability management capabilities protect them from the latest threats.
For more information, download the IBV Benchmarks Insights report.
Meet the authors
Eric Maass, Director of Strategy and Emerging Technology, IBM Security ServicesSteven Peterson, Global Thought Leader, IBM Institute for Business Value
Lisa-Giane Fisher, Leader, Middle East and Africa, and Global Benchmark Research leader (IT and cloud)
Gerald Parham, Global Research Leader, Security and CIO, IBM Institute for Business Value
Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, IBM
Keith Dierkx, IBM Global Segment Leader, Transportation
Download report translations
Originally published 30 April 2020