.png?width=40&height=40&name=search%201%20(1).png){kind=small}
The coronavirus (COVID-19) pandemic has been a harrowing experience in many ways, but it’s also given the pharmaceutical industry the chance to shine.
In the United States alone, three companies have been able to roll out highly effective vaccines in less than a year. Both Pfizer and Moderna put their research programs into fast-forward mode, and the federal government gave the green light to their two-dose mRNA vaccines in December 2020, after an accelerated series of clinical trials. Johnson & Johnson, meanwhile, developed and tested its own single-dose vector vaccine and then secured federal authorization in February 2021. As a result, the number of U.S. residents who had received at least one dose of the vaccine has gone up quickly, rising to more than 120 million as of March 19.
This performance is all the more impressive, considering that pharmaceutical companies were carrying out all this research and testing while facing serious cybersecurity threats. Government agencies in the United States, Canada, and Great Britain joined forces last July to issue a warning about State/Nation Sponsored cyberattacks on facilities involved in COVID-19 research and vaccine development. They reported that APT29, a group of hackers with ties to State/Nation Sponsored governments, had already succeeded in gaining access to data from a number of these facilities via malware, persistent access and certificate usage campaigns.
It bears mentioning, though, that cybersecurity challenges are nothing new for pharmaceutical companies. They’re not merely a product of the pandemic; they’ve been happening for years. Just ask Merck, which sustained more than US$1 billion worth of damages from a 2017 ransomware attack that hamstrung no less than 30,000 of the company’s end-user devices and 7,500 of its servers.
What’s more, these challenges are unavoidable. Hackers have logical reasons for targeting pharmaceutical facilities. These facilities often generate large amounts of data that is proprietary, high-value, and/or linked to confidential health information covered by HIPAA regulations. They may also be leading research, development, manufacturing and distribution programs that are vital for public health and safety, as they have done during the pandemic. As such, they will inevitably draw the attention of malicious actors.
At the same time, pharmaceutical facilities present a wide range of targets and potential points of entry to malicious actors. Beyond their information technology (IT) networks, these facilities make extensive use of operational technology (OT) networks and industrial control systems (ICS) in the manufacturing process. Sometimes, their manufacturing units have to use legacy devices that lack appropriate traffic aggregation systems or require uni-directional connectivity. Their systems may also be affected by differences in speed and media connections, or they may be saddled with switch SPAN ports that aren’t secure or reliable.
Likewise, their research labs may also use connected labeling, imaging, monitoring, handling, and/or processing devices that offer decidedly limited protection against security breaches. They may, for example, rely on microscopes that make use of software that is no longer supported (or that void their warranties for equipment support if any changes are made to the software, including the application of required patches or firmware updates).
Of course, there are tools that can help pharmaceutical facilities cope with these challenges, these include real-time threat detection and monitoring, OT/IoT Asset management, operational visibility and risk reduction.
But all of the tools used to secure Pharmaceutical manufacturers rely on packet visibility, since you can’t secure what you can’t see. As noted above, pharmaceutical companies rely on both IT and OT systems, and they use a wide array of connected devices as well. Therefore, they need cybersecurity solutions that offer full operational visibility – that is, a system inventory of all networked devices and ICS being monitored. Solutions that meet these criteria give users a straightforward way to determine what facilities are connected to their networks and who is active on their networks.
In turn, to achieve the proper level of visibility, it’s necessary to implement fundamental best practices in visibility architecture by doing away with blind spots in users’ networks. Doing so allows OT and ICS security tools to do their job of detecting threats and anomalies. It also eliminates obstacles to engaging in continuous, real-time monitoring in order to detect adverse events – malfunctioning devices, overdue patches, firmware updates, malware – as they happen.
The most reliable source of network visibility is a network TAP, which creates an exact copy of both sides of the traffic flow, continuously 24/7/365. The duplicate copies are used for monitoring, security, and analysis, while the network flow continues uninterrupted. TAPs do not introduce delay, or alter the data, and are either passive or “failsafe,” meaning traffic continues to flow between network devices if power is lost or a monitoring tool is removed, ensuring it isn’t a single point of failure.
Network TAPs come in a variety of types that help OT/IT engineers architect their security solutions. These include traffic aggregation TAPs that allow you to take many traffic streams down to one or a few tools. Regeneration TAPs, that allow you to take one link to many tools. Data Diode TAPs that provide purpose-built one way secure data transfer. Bypass TAPs that sandbox and manage the connectivity of an inline security device like a firewall or Intrusion protection system (IPS), ensuring there are no failures or network downtime. And of course secure air gap cloud visibility vTAPs, which allow teams to monitor virtual traffic without exposing themselves to threats.
And at this point in time, where the entire world replies on the production from pharmaceutical manufacturers, when every second counts, when downtime matters, cybersecurity and visibility are as critical as ever.
Looking to add visibility to your manufacturing environment, but not sure where to start? Try joining us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
