Securing the Edge in the Supply Chain
The supply chain is something most people take for granted—until something goes wrong. The pandemic highlighted just how quickly business can grind to a halt if the supply chain is disrupted. Organizations have found that edge computing makes the supply chain run more efficiently, but this move to the edge requires a new approach to supply chain cybersecurity.
Computing on the Edge
Edge computing is becoming a necessity in supply chain management as organizations want the ability to precisely track the status, location and expected arrival time of components and other deliveries.
Because of the ability to better aggregate data, edge computing brings real-time visibility to the supply chain, allowing companies to monitor equipment and operations and make immediate decisions that offer a more effective and efficient delivery of goods.
The increased reliance on internet of things (IoT) and industrial internet of things (IIoT) devices makes edge computing in the supply chain possible, and by 2025, Gartner predicts 75% of enterprises will rely on edge computing. But as the dependance on edge computing rises, so do the security risks.
A Larger Attack Surface
But to mitigate those risks means organizations must first recognize where those risks are.
“We know edge computing provides the benefits of more scalability and distribution—in a nutshell, more internet-connected devices doing more computations,” said Nasser Fattah, senior advisor with Shared Assessments in an email commentary. “This presents a larger attack surface for adversaries to exploit, including distributions via distributed denial of services.”
Larger attack surfaces are more difficult to protect. When edge devices lack the necessary level of security, it gives hackers an open door through which to break into the supply chain data and disrupt the flow of vital information.
It also offers threat actors an opportunity to create fake data and fool the company into ordering redundant supplies or, conversely, not order needed supplies.
“These attacks have the potential to disrupt a company more than a normal system or network attack,” said Saryu Nayyar, CEO with Gurucul, in an email interview.
Layered Security
Because of the large amounts of data generated by the supply chain and its wide-ranging attack surface, organizations need to consider cybersecurity layers to secure the edge.
It begins with a risk assessment to help organizations determine risk levels based on business operations and to identify any missing gaps, according to Cherise Esparza, co-founder/CPO with SecurityGate. The security layers for the edge environment should be an extension of the cybersecurity solutions already being used. If a zero-trust strategy is in place for enterprise networks, it should be extended to the edge.
“If companies choose to invest in edge solutions to capitalize on the benefits it serves, then it is of the utmost importance that the organizations understand how to secure those edge devices and what expectations they should have from the vendors supplying them the solutions,” Esparza said in an email interview.
Vendors and internal IT teams are important partners when securing the edge in the supply chain. Embedded and IoT teams don’t have the background and tools to secure edge devices with the same perspective as IT staff and application developers, Nayyer said.
“Because edge devices are often connected in some manner to enterprise networks, they represent a significant threat,” she stated. “Edge devices are best secured either at the individual device itself or walled-off against other enterprise networks entirely.”
Designing security solutions for new technologies has always been necessary, and that is also true for securing the edge in the supply chain. Understanding what risks are associated with edge computing and recognizing the appropriate controls for mitigation, as well as involving all stakeholders across the supply chain and educating them on their role in its security, should prevent threat actors from taking over and disrupting not only the supply chain but business operations across all of your corporate partnerships.
