As millions around the world await the much anticipated COVID-19 vaccine, pharmaceutical manufacturing has never been under more scrutiny. Over the past few years, pharmaceutical manufacturers have been under attack and the COVID-19 pandemic has only made the industry even more of a target.
The industry has undergone rampant digital transformation in recent years, with the influx of a variety of innovations such as 3D printing, automation, and machine learning; and the pharmaceutical manufacturing software market is expected to grow exponentially.
However, these innovations have also exposed the industry to cyber risk. Over the past few years, pharmaceutical manufacturers have been under attack and the COVID-19 pandemic has only made the industry even more of a target.
Perhaps the most notorious attack to hit pharmaceutical manufacturing in recent years was the NotPetya ransomware attack of 2017. The attack initially hit more than 80 companies in France, Germany, Italy, Poland, the United Kingdom, and the United States. By the end of the campaign, the ransomware had impacted more than 600 sites in 130 countries around the world.
Among those hardest hit was pharmaceutical manufacturer Merck. According to a report by Bloomberg, the attack affected 30,000 computers and 7,500 servers, and shut down operations at the drugmaker for two weeks. The attack crippled Merck’s production facilities and the company was unable to meet demands that year for Gardasil 9, its vaccine for guarding against the human papillomavirus. Overall, the company reported $1.3 billion in losses.
The following year, the United States government confirmed the attack was carried out by the Russian military and called it “the most destructive and costly cyber-attack in history.”
“The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas,” the White House said in a statement. “It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.”
Another group of hackers targeting pharmaceutical companies in recent years is Winnti. The group hit both Swiss pharmaceutical company Roche and German pharmaceutical company Bayer.
“Cybersecurity firms, including MITRE and ProtectWise, have previously assessed that Winnti – which also uses the malware going by the same name – is quite likely an umbrella grouping of threat actors with links to a country,” the Singapore Computer Emergency Response Team said in a March 2020 report. “The group is noted for its wide and diverse range of interests, which includes online gaming, aerospace, chemicals and pharmaceutics. The Winnti malware typically operates by using stolen certificates to sign the malware, and is designed to seek specific processes on the victim’s computer to run the malicious code. Winnti was observed to use a rootkit to modify the functionality of the victim’s servers.”
The attacks were reported in 2019. Roche reported that it had detected and deflected the attack. Bayer reported that the attack on its network was first discovered in 2018. Officials at the company decided to isolate and monitor the malware to determine its purpose, rather than remove it immediately. The malware was eventually removed in March 2019 and Bayer said there was no evidence of data theft or third-party data compromise.
“For these two cases, the perpetuator’s goals may be tied to industrial espionage, to gain access to trade secrets and business plans,” SingCERT said in the report. “The information held by the pharmaceutics industry would be highly valuable to countries looking to develop their own indigenous industry or to address domestic healthcare needs, if the cyber-attacks were indeed state-sponsored. With the high costs of pharmaceutics R&D, the stolen data may be game-changing, providing the country an added advantage for drug development.”
In August 2020, operational technology and Internet of Things security company Nozomi Networks released a report looking at pharmaceutical manufacturing. According to the report, the industry faces a range of challenges that include securing intellectual property and valuable data from theft, identifying and preventing vulnerabilities in complex supply chains, and preventing unplanned downtime.
“Pharmaceutical companies are rapidly embracing tools and technology to gain operational efficiencies,” the report says. “However, automation and outsourcing increase risk and expand the threat surface. This makes it challenging to quickly address operational disruptions and deflect cyber threats.”
Nozomi Networks’ solution unifies visibility and threat detection across OT, IoT, IT and cyber-physical systems. It uses artificial intelligence to automate the process of inventorying, visualizing, and monitoring industrial control networks.
“Tailored to meet the unique challenges of pharmaceutical companies, the Nozomi Networks solution helps operators gain deeper operational visibility, assess operational risk, defend valuable corporate IP and detect malware operating with IT/OT networks,” the report says.
According to a report by industrial cybersecurity company Bayshore Networks, the industrial IoT is opening up pharmaceutical organizations to new cyber threats. That’s partly because internet-connected sensors and devices are built for 24×7 uptime and reliability, not security and the majority of operational systems are not up-to-date and remain unpatched.
“New cyber security threats targeting IIoT in the pharmaceutical and chemical manufacturing sectors are emerging every day, risking public and employee safety, operational disruptions and plant downtime, and costly physical damage to plants, machines, and products, in addition to loss of intellectual property via espionage on the corporate network,” the report says. “Identifying and protecting against cyber threats is a mandatory first step before connecting plant processes, networks, and applications.”
Overall, the pharmaceutical manufacturing industry faces the same challenges as others in the era of Industry 4.0. According to the report, corporate IT networks can act as a gateway for cyber attackers to infiltrate the OT network through lateral movement. Additionally, different protocols and systems use enterprise networks and the plant’s operational technology, making them difficult to secure holistically.
“The primary concern in pharmaceutical manufacturing is to ensure that no unknown or unapproved modifications ever happen in the production process and to ensure that all data is recorded for everything that is manufactured,” the report says. “That data must be guaranteed never to be modified; for compliance reasons related to health and safety, if a pharmaceutical manufacturer loses product data, they cannot sell that batch of drugs.”
In order to address these challenges, Bayshore recommends organizations improve end-to-end visibility, mitigate cyber threats in real time, provide managed remote access, and adopt a solution that provides bidirectional, access-controlled, and policy-protected tunnels. The company’s Industrial Cyber Protection platform promises to empower industrial enterprises with safe and efficient production, operational insights, and improved business outcomes while blocking cyber threats to industrial plants.
“So what can pharmaceutical and chemical manufacturers do to secure their systems,” the report says. “What’s clear is that enterprise IT cannot be assured by operational technology. A way must be created for data to transit the network securely and be policed at the same time. Identifying and protecting against cyber threats is a mandatory first step before connecting plant processes, networks, and applications.”