Business Process Risk

RFID systems typically are implemented to replace or enhance a paper or partially automated process. Organizations implementing RFID systems could become reliant on those systems, which if not implemented properly with business continuity planning might be less resilient to disruptions than the systems they replace. For example, suppose that a warehouse replaces its paper-based inventory

management system with an RFID-enabled system. The paper system involves storing completed forms at the warehouse and sending form duplicates to a central office, while the new RFID system locates its backend database servers at a single computing center. In this environment, the paper system might be more resilient to a local disaster than the RFID system, despite the increased efficiency, accuracy, or effectiveness of the RFID-enabled business process.

Failure in any component or subsystem of the RFID system could result in system wide failure. In the warehouse example, system wide failure might result from many causes, such as loss of the network connection between the warehouse and the computing facility, a software virus that disables critical middleware functionality, or a new source of radio interference that prevents readers from accurately reading tags. If an RFID system is rendered unavailable for any reason, then potential impacts can range from a deceleration of the business process to the loss of critical business or operational records. If the system is mission critical, then the consequences could be devastating to the organization’s performance. Table 4-1 reviews some of the factors that determine the level of business process risk.

Table 4-1. Factors Influencing Business Process Risk

Factor Discussion

The importance of the RFID-supported business processes to the mission of the organization

The tighter the link between the RFID-supported business process and the mission of the organization, the greater the impact will be if the business process is degraded or disabled. Organizations whose core business is logistics or asset management stand the most to lose when their supporting RFID systems fail. If an organization’s primary mission is outside these areas, it is less likely to be impacted. For example, a hospital whose primary mission is patient care could be significantly inconvenienced with the loss of an RFID system, but medical care is likely to continue regardless of the system’s status.

The robustness of business continuity planning or fallback procedures that can be implemented when the RFID system is unavailable

In many applications, the fallback procedure is trivial to implement, in which case business process risk is relatively low. For example, a push-button keyless start automobile key could be designed to operate as a physical key when the RFID system is not functioning properly. If an RFID-based automated payment system is down, cash and credit cards are viable alternatives. In many cases, bar codes or visual inspection of tagged items may provide a workable interim solution until the RFID system returns to operation.

In general, as the complexity of the system increases, so does the risk and, consequently, the need for business continuity planning. Plans should include the ability to use geographically distributed personnel and enterprise equipment so that timely recovery is possible in case of local disasters.

The environment in which the RFID technology is located

Important environment factors include the existence of radio frequency interference, electrostatic discharge, vibration, abrasion, extreme temperatures, or humidity. The presence of physical access controls also is a key determinant of the risk to business processes from human threats. Public and densely populated areas pose more risk than tightly controlled or remote areas.

The existence of adversaries with the motivation and the capability to perform RFID attacks

Individuals or groups with malicious intent are more likely to target organizations with a high public profile, such as government agencies, than less well-known entities. Individuals seeking financial gain are likely to target RFID systems that support financial transactions and systems that involve high-value assets. For example, individuals may try to replace the tag on a high value item in a retail store with a tag from a low value item to purchase the high value item at a reduced cost. The computer attacker seeking a challenge is also a threat for all systems.

The presence and effectiveness of

RFID security controls The stronger the controls and countermeasures, the lower the risk. These controls are discussed in more detail in Section 5. Unlike most of the other risks, business process risk can occur as a result of both human action and natural causes. Moreover, human causes may be intentional or unintentional. For example, a tag might

SECTION 4:RFIDRISKS

fail to perform its intended function because someone removed it from its packaging, an employee accidentally damaged it with a box cutter, or a severe storm covered it in ice.

An example of an intentional attack on an RFID business process is cloning, which occurs when an adversary reads information from a legitimate RFID tag and then programs another tag or device to emulate the behavior of the legitimate tag. Documented examples of cloning have occurred in tags used for financial payment32 and access control.33 Another attack on an RFID business process would be removing a tag from the item it is intended to identify and attaching it to another unrelated item.

Someone might, for example, perform such an attack to get a better price on an expensive item in a store. Potential problems are not just limited to the RF subsystem. If the network supporting the RFID system is down, then the RFID system is likely down as well. In supply chain applications, network failures at any point in the chain have the potential to impact the business processes of any subsequent link in the chain. For example, if a supplier is unable to write manifest data to a tag, then the recipient cannot use that data in its operations even if its RFID readers and network infrastructure are fully functional. Servers hosting RFID middleware, databases, analytic systems, and authentication services are all points of failure. Any efforts to assess business process risk need to be comprehensive, because such a wide variety of potential threats exist. All of these threats have the potential to undermine the supported business process and therefore the mission of the implementing organization.