A February 1, 2021 article in IoT World, pointed to a glaring flaw in efforts to secure the Industrial Internet of Things (IIOT)—the secondary supply chains introduced by components manufactured apart from the main supply chain. As the article’s author Rich Castagna writes, “The purchaser of those devices is at the end of the supply chain that — from a security perspective — lacks sufficient transparency into the chain. In fact, it would be a challenge to track the origins of the internal elements that comprise the delivered IIoT devices.”

To provide more perspective on the problem, the author quotes from a paper coauthored by NYU Tandon associate professor of electrical and computer engineering Dr. Quanyan Zhu and then Tandon Ph.D. student Junaid Farooq, who is now an assistant professor of Electrical and Computer Engineering at the University of Michigan-Dearborn. In IoT Supply Chain Security: Overview, Challenges, and the Road Ahead, Zhu and Farooq wrote, “The IoT is still a grossly unregulated technology in terms of security standards. There is no control over upstream supply chain from a device owner’s point of view. Not all suppliers are ready to clearly articulate their cyber security practices and disclose their supply chain information.”