HomeTravel and Transportation

IIoT cybersecurity for transportation companies

IIoT technologies can leave transportation providers vulnerable to cyber attacks, but three steps can help them respond and recover.

Edge technologies can transform transportation operations, but introduce risk

Transportation is uniquely positioned as a conduit between business and consumers. Transportation providers rely heavily on third parties, and many industries are entirely dependent on transportation providers for continuous operations and delivery of goods and services. The global scope and integration within transportation supply chains represent a large, diversified attack surface, which makes the industry an attractive target for malicious actors.

IIoT solutions promise revolutionary changes to industry operations, particularly in managing globally distributed fleets of assets that are increasingly connected and ubiquitous. This expansion introduces operational challenges and new attack vectors. The idea of driverless semi-trucks independently navigating highways is both exciting and terrifying. As connected, autonomous, and smart devices move to production, transportation companies need to re-examine their security operations.

With increasing dependence on IIoT platforms and data services that enable insights and automation, the potential for unauthorized access to proprietary data and critical systems is growing, placing physical and digital assets at risk. As connected services and ecosystems become essential components of critical infrastructure networks, the scope of this risk extends to the entire value chain (see “Insight: Travel and transportation share critical infrastructures”).

Whether executed by financially driven cyber criminals or politically motivated nation-states, a successful attack on any segment of the transportation industry is dangerous for myriad reasons. The potential impact on public safety and the economic consequences of disruption can be particularly severe.

Based on key IIoT cybersecurity metrics, some organizations are more cyber resilient than others. They are better at not only protecting their organizations from IIoT-related attacks, but also detecting, responding to, and recovering from breaches when they occur.

Through our research and analysis, we identified a set of highly effective controls and practices that are instrumental to achieving this level of performance. These controls and practices are based on Center for Internet Security (CIS) Critical Security Controls and AI-driven practices from IBM IoT security research.

For transportation industry providers, order to cash, inventory management, fulfillment, and logistics services form the core of the business. Many providers are successfully applying smart, adaptive technologies to decades-old industry problems in areas such as route optimization. For more insight into the latest industry dynamics, the IBM Institute for Business Value (IBV) conducted a survey in cooperation with Oxford Economics. Our study explored how transportation providers apply IIoT technologies, how well they understand the associated cybersecurity risks, and the maturity—and effectiveness—of their capabilities to mitigate them.

Our analysis revealed a respondent group of “top security performers” who perform better on security key performance indicators (KPIs). They are also more confident that their vulnerability management capabilities protect them from the latest threats.

For more information, download the IBV Benchmarks Insights report.


Bookmark this report


Meet the authors

Eric Maass

Connect with author:


, Director of Strategy and Emerging Technology, IBM Security Services


Steven Peterson

Connect with author:


, Global Thought Leader, IBM Institute for Business Value


Lisa-Giane Fisher

Connect with author:


, Leader, Middle East and Africa, and Global Benchmark Research leader, Utilities industry, IBM Institute for Business Value


Gerald Parham

Connect with author:


, Global Research Leader, Security and CIO, IBM Institute for Business Value


Julian Meyrick

Connect with author:


, Managing Partner & Vice President, Security Strategy Risk & Compliance, IBM


Keith Dierkx

Connect with author:


, IBM Global Segment Leader, Transportation

Download report translations


    Originally published 30 April 2020