https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
  • IWCE
    • Back
    • Conference
    • WHY ATTEND
    • Exhibitor Listings
    • Floor Plan
    • Exhibiting Information
    • Registration Opens April 2019-Join Our Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Security


Partner content

IoT supply-chain vulnerability poses threat to IIoT security

IoT supply-chain vulnerability poses threat to IIoT security

  • Written by Rich Castagna / IoT World Today
  • 1st February 2021

Most companies that construct products with the aid of IIoT-based operations are likely to keep close tabs on the supply chain that provides a predictable stream of raw materials and services that allows them to crank out products and keep the business humming.

But a second, underlying supply chain receives less scrutiny. And if the security of that supply chain is somehow compromised, business could grind to a halt.

That overlooked supply chain delivers the components that build out an IIoT infrastructure. The purchaser of those devices is at the end of the supply chain that — from a security perspective — lacks sufficient transparency into the chain. In fact, it would be a challenge to track the origins of the internal elements that comprise the delivered IIoT devices.

As a result, it’s not uncommon for IIoT-bound components to ship with exploitable security vulnerabilities. The complexity and global reach of the IIoT supply chain only compounds the problem — a single device may be made from parts supplied by dozens of component manufacturers.

“Dozens of components made from companies around the world bounce through multiple layers of suppliers and integrators until they are placed on a board, tested and packaged by the OEM,” as noted in “Finite State Supply Chain Assessment,” a 2019 report from Finite State, an IoT cybersecurity company.

The Risks to IIoT Infrastructures Are Real and Many

Most network operators recognize IIoT supply chain risks, but specific vulnerabilities are difficult to isolate. These deployments are often far reaching, extending beyond a manufacturer’s walls to shippers, merchants and other commerce partners. And as the network extends and includes additional integration points, the risk that a piece of dicey bit of malicious code will replicate only increases. Indeed the code itself may not be malicious but can present an open port that can compromise systems.

“Just seeing firsthand how many vulnerabilities tend to be in embedded systems—that’s where the asset owners don’t realize that those vulnerabilities exist in their systems,” noted Matt Wyckhouse, CEO of Finite State.

Once an IIoT environment is breached, malicious actors may use it as an entrée to burrow further into corporate systems. Industrial control systems (ICS) and other production systems may be at risk, but if interlopers can evade security roadblocks and delve even deeper, key corporate applications and related data might also be exposed. This is all attributable to questionable firmware that made its way into the supply chain that produces sensors, actuators and other operational IIoT.

To read the complete article, visit IoT World Today.

 

Tags: Alerting Systems Analytics Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Funding Incident Command/Situational Awareness Internet of Things Interoperability IoT/Smart X News Policy Public Safety Regional Coordination Security Software State & Local Government Subscriber Devices System Design System Operation Test & Measurement Tracking, Monitoring & Control Wireless Networks Partner content

Related


  • NTIA seeks potential new FirstNet Authority board members
    At least three new members are expected to be appointed to the FirstNet Authority board this year, when President Joe Biden’s administration theoretically could overhaul the governance body that oversees the nationwide public-safety broadband network (NPSBN) being built by contractor AT&T. Three Biden-administration representatives already fill three seats on the 15-member FirstNet Authority board, which […]
  • Smart-building projects target energy efficiency as launchpad to health and safety
    While enterprises take on smart building projects to reduce energy costs, COVID-19 has brought new priorities to the fore. With the continuing spread of the virus, many building operators have looked toward smart building systems to aid with tracking and tracing the virus among workers, physical distancing, contactless entry, temperature reading and other efforts to […]
  • ESN official hints at potentially costly new timeline for UK public-safety broadband project
    A plan submitted seven months ago that called for UK public safety to transition mission-critical voice communications from the Airwave TETRA system to the LTE-based Emergency Services Network (ESN) in 2024 or 2025 was “overambitious” and is being revamped, according to the UK director heading the project. ESN Programme Director John Black did not specify […]
  • Ericsson, Huawei, AT&T attending Mobile World Congress in June, others not so sure
    Ericsson, Huawei, AT&T attending Mobile World Congress in June, others not so sure
    A few high-profile companies, including Ericsson, Huawei, Telefonica, Parallel Wireless and AT&T, confirmed to Light Reading that they intend to send executives to Barcelona, Spain, in June to attend the MWC trade show in person. But a large number of other companies, including Mavenir, Cisco, Intel, Rakuten, KPN, Deutsche Telekom, BT and Orange, said they […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Using data to improve emergency response resources in healthcare arena
  • 3 security flaws in devices and IoT that need fixing
  • Newscan: America’s creaky payment infrastructure is showing cracks
  • California PD: ‘Game-changing’ Live911 streaming of emergency calls accelerates responses

Commentary


Ransomware? Let’s call it what it really is: extortionware

21st February 2021

Redefining communications for today’s mobile workforces

18th February 2021

Hi-tech sewer can help safeguard public health, environment and economies

18th February 2021
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Intel, Microsoft aim for breakthrough in DARPA encryption project dlvr.it/RvFcRV

9th March 2021
UrgentComm

Ericsson pulls the plug on MWC Barcelona again dlvr.it/RvFcQM

9th March 2021
UrgentComm

Intelsat and SES: C-band calm hides a brutal legal storm dlvr.it/RvCnwl

8th March 2021
UrgentComm

Securing the Industrial Internet of Things (IIoT) dlvr.it/RvCllK

8th March 2021
UrgentComm

ADRF targets smaller facilities with new in-building public-safety repeater dlvr.it/RvClgF

8th March 2021
UrgentComm

Microsoft adopted ‘aggressive’ strategy for sharing SolarWinds Attack intel dlvr.it/Rv9vmp

8th March 2021
UrgentComm

How SolarWinds busted up our assumptions about code signing dlvr.it/Rv25kB

5th March 2021
UrgentComm

Senate American Rescue plan calls for more than $60 million in direct aid for counties dlvr.it/Rv1wGF

5th March 2021

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X