The pandemic introduced unprecedented pressure on the pharmaceutical industry to develop and produce medicines faster than ever before. The industry rose to the occasion with vaccines that were delivered to the market in record time. Coincident with this increase in development and manufacturing speed comes increased cybersecurity risk due to the adoption of greater IT/OT infrastructure connectivity expanded operational technology (OT) connectivity within pharmaceutical manufacturing presents challenges, both in terms of the expanded attack surface and the wide range of assets encompasses. These attack vector challenges manifest in everything from legacy equipment to the latest perpetually updated cloud-based software. To combat these threats, pharmaceuticals are rapidly adopting security tactics with adaptive platforms that deliver broad visibility and protection of the expanding attack surface. This includes enabling integrated solutions to reduce operational complexity, and automated self-healing networks that increase efficiency as operations continue their digital growth.
Pharmaceutical manufacturers are seeing a rapid rise in the number of cyberattacks. The biotech experienced a staggering 50% increase in cyberattacks from 2019 to 2020 alone.1Manufacturing facilities employ supervisory control and data acquisition (SCADA) systems to keep industrial processes on track. These systems are increasingly being accessed by third-party firms; 64% of OT organizations give third-party IT vendors either complete or high-level access to their SCADA or ICS.2 In addition, many pharmaceutical manufacturers are connecting their OT systems to a corporate IT network. All of this interconnectivity yields greater business efficiency, but it also introduces greater risk with exposure to a broader range of cyber vulnerabilities. Fortunately, the right combination of integrated cybersecurity best practices can enable pharmaceutical plant operations and manufacturing leaders to manage these risks.
OT devices and systems are becoming increasingly attractive targets for attackers who seek to disrupt pharmaceutical operations, disclose research secrets, and collect ransoms for valuable intellectual property (IP). Nearly 60% of organizations using SCADA and ICS have experienced a breach in these systems within the past year, while only 11% have avoided a first instance of cyberbreach.3 This is a major problem and reveals that the security and network control within ICS and SCADA solutions are often inadequate. One issue is that many legacy OT systems are decades old. They were designed when companies maintained an “air gap” between IT networks and OT environments. As more equipment is connected, systems become more vulnerable.
To prevent a cyber attack through SCADA, ICS, or other systems, network access control (NAC) is critical. This allows an operation to know everything that is connected to or attempting to connect to a corporate network. Role-based access control can also ensure that users are restricted to only the systems they are authorized to access. In addition, employing a virtual private network (VPN) that uses multi-factor authentication ensures that users are protected when accessing areas of the corporate network.
As pharmaceutical IT/OT infrastructure connectivity continues to grow, so do cyber threats. A lot of this uptick is due to an expanded attack surface, which is essentially the totality of different access points where an unauthorized user can try to enter or extract data from an environment. A cyberattack on IT and OT systems, including ICS and SCADA systems, can put manufacturing equipment and even workers at risk. At the same time, compromised ICS, SCADA, and other OT systems may provide backdoor access to corporate networks.
Adding to the challenge, some pharmaceutical operations and manufacturing equipment operating systems are unable to run standard security-client software and do not provide a means of patching security holes. Even if they could, patching vulnerabilities is usually difficult since the pharmaceutical manufacturing facility OT systems are running 24/7, and cannot be taken offline for security updates. As a means to proactively defend this critical infrastructure, next-generation firewalls (NGFWs) should be deployed to accomplish verification of user identity, inspection and control of applications, and to block detected attacks or suspicious behavior. Implementing such a defensive strategy serves as both a viable deterrent while hardening the HW/SW cyber physical environment and making it harder to breach the systems.
Pharmaceutical manufacturers are clearly at risk when they lack the integration of cyber security defense mechanisms that afford situational awareness and proactive neutralization of threats. In many instances, the air gap between OT and IT networks has been practically eliminated. Traditional security measures are unable to protect the expanded attack surface due to the proliferation of connected OT systems and devices. To combat these new threats, pharmaceutical companies that rely on OT technologies should look to security solutions that address several issues. Beyond asset visibility and enforced trust, are containment strategies that implement segmentation to effectively limit control network access and prevent lateral movement among and between network layers. Another important consideration is the, adoption of point solutions that are ecosystem based and enforce the sharing of actionable intelligence while enhancing OT operational efficiency. Lastly, consideration of integrated cybersecurity practices that cleanly integrate into the OT framework is absolute as it ensures an ability to properly interpret and support protocols and capabilities utilized in their manufacturing environment. Connected technology and attack surface threats are only going to increase in the years to come. With appropriate investment and proportional attention to proactive cybersecurity, the pharmaceutical industry can achieve readiness to meet these challenges head-on.