Topics:
Connectivity has radically changed the retail space, especially from a logistics and operational technology perspective. It has afforded enterprises in the sector enhanced analytics capabilities and new data-processing capabilities that positively impact distribution and other key services.
The enemy of those benefits, however, is disruption.
“I think for most of us who are in any kind of OT environment, be it distribution, shipping, manufacturing, utilities, hospitals… disruption is the biggest thing,” said Jay Catherine, a security architect for a major retailer, on the latest episode of the Nexus Podcast.
“It's called operational technology for a reason; it's got to operate,” Catherine said. “Some are worse as far as the repercussions [from disruption]. If a hospital gets closed down, lives are lost. If a utility gets shut down, lives can be lost. For distribution manufacturing, it might slow down things. There's money lost. So the biggest thing is just that disruption of your business and recovery.”
Securing logistics in retail involves a myriad of responsibilities, from locking down the IoT that’s crucial to distribution around monitoring inventory and tracking shipments, to the OT controlling assembly lines such as programmable logic controllers, and automated devices picking packages. Worker safety is also paramount in such a potentially dangerous environment.
“Automation is huge for everybody; it's how we cut costs,” Catherine said, adding that workers around robots picking packages must be protected for their personal well-being and the financial risk to the business associated with injuries. Any disruption could lead to unanticipated movements from an automated device, putting an onus on securing these cyber-physical systems.
“You put a robot on the floor to do something and it doesn't really do its own compute,” Catherine said. “It's a device that is doing something, picking up, putting down, moving, but it still has to get an order from somewhere and it still has to get a call to do that. So really it's making sure you have the right controls on those communication paths that it's only getting the calls that it should be getting.”
Catherine advocates several strategies to keep logistics secure, primary among them is segmenting these systems and the controls around them from the corporate network and the internet.
“You want to make sure these facilities, you can't touch them from corporate space,” he cautioned. “You can't touch them from the outside unless you have specific rules that you need to do that, like for vendor support.”
Constant monitoring is another key part of the strategy, enabled of course by complete asset visibility and inventory management. Alerts must be monitored, analyzed, and acted upon to lessen the threat of disruption and maintain resilience of the network.
Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.
