If the 1990s were when the dream of a hyperconnected world first took hold in the public consciousness, the 2010s are when that dream has become a reality — and, for some, a security nightmare.
Analysts predicted that by 2020, there would be more than 50 billion devices connected to the internet — from home appliances and wearable fitness trackers to industrial sensors and autonomous vehicles. This is the Internet of Things (IoT): a vast network of physical objects embedded with sensors, software, and connectivity that enables them to collect and exchange data without human intervention.
The concept is not new. In the early days of the consumer internet, the novelty of a drinks vending machine connected to the web was enough to capture headlines. But what was once a curiosity has matured into what many now call a new industrial revolution. The rise of Machine to Machine (M2M) communication — in which devices interact directly with one another to automate processes, share intelligence, and optimise efficiency — has given birth to an entirely new economy. Warehouses communicate with delivery vehicles. Sensors in shipping containers report temperature fluctuations in real time. Entire fleets are monitored, rerouted, and maintained based on data flowing continuously between machines.
For years, the cost of M2M communication kept its adoption limited to only the largest enterprises. However, that barrier is rapidly approaching an inflection point. As the price of sensors, chipsets, and bandwidth continues to fall, the economic case for widespread IoT deployment has become overwhelming. Small and medium-sized logistics operators can now afford the same connected infrastructure that was once the exclusive domain of multinational corporations. The result is an explosion of IoT devices across every layer of the logistics chain — and with it, an explosion of new attack surfaces for cybercriminals to exploit.
IoT in the Logistics Industry
The logistics industry has embraced IoT with particular enthusiasm. Fleet operators use connected sensors to monitor fuel consumption in real time, optimising routes to reduce costs and emissions. GPS tracking devices provide granular visibility over every truck, trailer, and container in a supply chain. Railways deploy IoT sensors along thousands of kilometres of track to monitor rail integrity, signal performance, and environmental conditions. Ports use connected systems to automate the loading and unloading of cargo, reducing turnaround times and minimising human error.
This unprecedented level of visibility is a double-edged sword. On one hand, it enables logistics companies to operate with a degree of efficiency and precision that would have been unimaginable a decade ago. On the other hand, every connected device represents a potential entry point for a cyberattack. The challenge is compounded by the fact that many IoT devices were designed with functionality, not security, as the primary objective. Manufacturers have historically prioritised time-to-market and low production costs over robust security features.
Battery-powered IoT devices face particular constraints. The computational overhead required for strong encryption — such as the Advanced Encryption Standard (AES) — can be prohibitive for devices that need to operate for months or even years on a single battery charge. This creates a fundamental tension between security and practicality: the very devices that are most widely deployed in logistics environments are often the least capable of protecting themselves against sophisticated attacks.
VPNFilter and SCADA Threats
The risks are not theoretical. In May 2018, the United States government disclosed a sophisticated cyberattack that had compromised hundreds of thousands of wireless routers and network-attached storage devices worldwide. The malware, dubbed VPNFilter, was capable of intercepting network traffic, stealing credentials, and — most alarmingly — monitoring and interfering with Supervisory Control and Data Acquisition (SCADA) communications. SCADA systems are the backbone of industrial control in logistics, manufacturing, energy, and utilities. They manage everything from conveyor belts in warehouses to traffic signals at port terminals.
VPNFilter's ability to intercept SCADA communications meant that attackers could potentially manipulate industrial processes, cause equipment malfunctions, or disrupt supply chain operations at scale. Perhaps most concerning was the malware's "kill switch" capability: on command, VPNFilter could overwrite critical device firmware and render the infected device permanently inoperable — effectively bricking it. In a logistics environment where thousands of devices may be connected to the same network, a coordinated activation of this kill switch could be catastrophic.
When combined with ransomware, the threat becomes even more severe. An attacker who has compromised IoT infrastructure through a vulnerability like VPNFilter could deploy ransomware across the network, encrypting operational data and demanding payment while simultaneously threatening to destroy the devices themselves. For a logistics company operating on tight margins and tighter deadlines, the pressure to pay would be immense.
Low Power Wide Area Networks
The good news is that the industry is not standing still. Low Power Wide Area (LPWA) networks represent a significant step forward in securing IoT communications. LPWA networks are designed specifically for the kind of low-bandwidth, long-range communication that IoT devices require. They allow devices to transmit small amounts of data over distances of up to 15 kilometres while consuming minimal power — a critical advantage for battery-operated sensors deployed in remote or hard-to-reach locations.
Many IoT devices on LPWA networks spend the majority of their time in a "sleep" state, waking only to transmit or receive data at predetermined intervals. This intermittent connectivity reduces the window of opportunity for attackers, but it also limits the ability to push security updates and patches in real time. The LoRaWAN protocol, one of the leading LPWA standards, addresses this challenge by incorporating end-to-end encryption into its specification. Data is encrypted at the device level and remains encrypted as it traverses the network, providing a meaningful layer of protection against interception and tampering.
However, LPWA networks are not a silver bullet. The encryption standards used by LoRaWAN and similar protocols are only as strong as their implementation, and researchers have already identified vulnerabilities in certain deployments. As with all aspects of cybersecurity, the technology is only one part of the equation. Effective security requires a holistic approach that encompasses technology, process, and people.
Protecting Your IoT Environment
For logistics companies looking to secure their IoT environments, the starting point is to prioritise security as a core criterion in the acquisition of any IoT device or system. Too often, procurement decisions are driven solely by functionality and cost, with security treated as an afterthought. Companies should demand that vendors demonstrate the security features of their devices, provide regular firmware updates, and support industry-standard encryption protocols.
Personal devices should be banned from connecting to operational IoT networks. The practice of allowing employees to connect personal smartphones, tablets, or laptops to the same network as industrial IoT devices creates unnecessary risk. A single compromised personal device can serve as a bridge for an attacker to reach critical operational systems.
Network segmentation is one of the most effective strategies for limiting the impact of a breach. By dividing the network into distinct zones — each with its own access controls and security policies — companies can ensure that a compromise in one area does not automatically grant access to the entire network. IoT devices should be placed in dedicated network segments, isolated from corporate IT systems and sensitive data stores. Critically, these zones should include quarantine capabilities: if a device is detected behaving anomalously, it should be automatically isolated from the network pending investigation.
Every connected device represents a potential entry point for a cyberattack. The challenge is compounded by the fact that many IoT devices were designed with functionality, not security, as the primary objective.
Maintaining high security standards across an IoT environment requires constant vigilance. Visibility is paramount: companies must maintain a comprehensive and up-to-date inventory of every connected device on their network, along with its firmware version, known vulnerabilities, and patching status. Regular penetration testing and vulnerability assessments should be conducted to identify weaknesses before attackers do. And as the threat landscape continues to evolve, so too must the defences.
The Internet of Things is transforming the logistics industry in ways that are overwhelmingly positive. But the benefits of connectivity come with risks that must be managed proactively. By maintaining high standards, investing in visibility, and conducting regular testing, logistics companies can harness the power of IoT without becoming its next victim.
Jonathan Sharrock, Cyber Citadel