IoT Transforms Supply Chain Security, But there’s a Catch

As you add tools to automate and enhance supply chain operations, make sure you also deploy solutions to keep data and networks secure.

Visibility. Resilience. Speed. IoT enhanced supply chains offer great promise, and many organizations are already realizing the benefits of this transformation. How can developers help deliver on that promise? And what’s the catch?

The Opportunity: Visibility, Resilience and Speed Drive Business Value

Smart, low-cost connected devices are already transforming today’s supply chains. From farms to fluids to factory floors, low-cost connected sensors and devices are generating and collecting massive quantities of data never before available to business decision-makers. So rich and vital is that data, that exciting new business models are emerging in services and analytics. As developers drive and enable this connected future, security first needs to be a key focus to deliver benefits in increased visibility, resilience and speed.

Take visibility as an example. A tsunami of new data would seem to promise opportunities for new insights and decisions. But developers need to provide instrumentation and tools to help business decision-makers separate good data from bad. Building capabilities for linking raw data to source and provenance can help decision-makers be more confident in their analysis and recommendations.

The integration of blockchain technology also promises to amplify the IoT benefits for supply chains. For early adopters in the food industry, such as those tracking fresh blueberries, blockchain has proven successful for maintaining a temperature-controlled supply chain, which is vital for the fresh produce industry. In addition to enabling the introduction of new applications, blockchain enables suppliers to track the movement of inventory through the supply chain securely. Blockchain may also enhance security by mitigating risks of counterfeiting and theft.

Another barrier to visibility is understanding what devices are connected or have access to their network. In order to help protect networks and data, developers can help IT and security teams trace and monitor data from devices that have been securely authenticated and connected to the network. Many organizations will find a mixed environment of inputs from trusted and less trustworthy devices, and developers can help decision-makers qualify and assess risks associated with decisions based on such mixed data sources. Leading IoT management companies like Mocana are already pursuing ways to IoT device onboarding more secure and efficient, and developers will want to monitor emerging standards to support secure device onboarding.

The Risk of IoT-based Data Breach

Many projects associated with IoT implementations in supply chains have focused on delivery and transit of inventory. But developers must understand that IoT creates new categories of risks as network connections are available to administrators of all kinds of network-connected devices, from printers to HVAC systems. In 2014, hackers exploited unintentionally broad privileges for HVAC administrators for a major US retailer. The breach exposed customer information, and according to the retailer, led to costs and fines in excess of $200 million. This is just one example of how issues undermining security in the supply chain can have widespread impact not only on the supplier but on its customers.

The Next Step: Data Protection and Policy

The issue of data protection is currently getting a lot of attention from both consumers and policymakers. The next step in up-leveling supply chain technology will be to validate that suppliers are taking the necessary steps to protect their networks and help prevent threat actors from accessing internal systems.

An industry-wide commitment to sound security practices would reduce risk and could accelerate the transformation already underway. Industry efforts and private-public partnerships geared to develop common language and clear concepts in the complex technical environment of IoT security will help promote global harmonization, avoid fragmentation of security specifications, and promote secure systems and innovation more generally. Promoting consensus-driven, standards-based approaches can support nuanced application in dynamic and complex environments — preserving a flexibility that can support and accelerate secure, scalable and interoperable IoT deployment. Developers and industry should contribute to the development of emerging standards, recommendations and consensus reports, like the one from the US National Institute of Standards and Technologies (NIST), currently in draft form. Such frameworks will enable suppliers to communicate their practices and capabilities, better securing the industry as a whole. 

IoT technology provides an opportunity for improved visibility and efficiency in the supply chain, helping to alleviate some of the business pressure faced by software developers. When introducing new tools and solutions, it is important to keep in mind the importance of securing and protecting information. 


Tom Quillin is Senior Director for Global Security Policy at Intel Corporation, working with global policymakers and the technology industry to support security innovation, security assurance and trust. Previously Tom served as CTO Security Economics at McAfee LLC, consulting security and IT leaders on how to predict and measure risk and security outcomes. Tom initially joined Intel Corporation in 1998 as a product manager for Intel’s motherboard manufacturing operation. Tom developed strategies for Intel to support innovation while reducing costs as computing supply chains started shifting to the east. Later, Tom led strategic planning efforts for security technologies integrated into Intel’s hardware and software.