Cybersecurity Threats Six Tips to Improve OT Security in Pharma Production
What can large pharmaceutical companies do to protect their OT networks from security threats? TX One Networks presents some first-hand insights.
Tokyo/Japan — Recently, attackers have been increasingly inventive to develop aggressive malware targeting sensitive, vital industries such as the pharmaceutical industry and its production. Especially in view of the Corona pandemic and its still unforeseeable political, financial and social consequences, even state organisations are trying to gain advantages by illegally obtaining research results or active ingredient formulations.
For instance, according to the South Korean secret service and the Russian security software manufacturer Kaspersky, North Korean hackers tried to illegally obtain information on the coronavirus vaccine of the US pharmaceutical company Pfizer and were also targeting data on the treatment of a corona infection. Cyber attacks by criminal or terrorist organisations pose serious threats, especially to sensitive key technologies such as pharmaceutical companies. Business interruptions, downtime, contaminated products, the need for months of re-evaluations, leaks of hazardous materials and data breaches (leading to involuntary disclosure of formulation or API data) are the looming consequences of these factors of insecurity. Stakeholders can and should be protected from the potentially lethal consequences of such incidents.
Key Threats to OT
The two biggest security challenges in pharmaceutical OT (Operational Technology) environments are, on the one hand, verifying the security of end devices that are compartmentalised using the air-gap method. With this method, two IT systems are physically and logically separated from each other, but the transmission of user data is still permitted. Secondly, it is important to contain threats caused by third-party technicians who bring their own end devices into a company's network. After all, when partners, suppliers or consultants are on site for IT maintenance, they have to connect their potentially infected laptops or USB sticks to the Industrial Control System (ICS) network or the production facilities.
According to a recent survey, 60 % of companies surveyed in 2020 “have experienced malware activity that has spread from one employee to another”. Conventional endpoint security solutions cannot solve these issues because they are designed for on-premise IT environments and are not suitable for pharmaceutical industry related application. To protect the pharmaceutical industry's OT networks from security threats, TXOne Networks, a leading provider of OT security solutions, presents some first-hand insights into what large pharmaceutical manufacturing companies can do to strengthen the security of their production facilities.
6 Tips to Improve OT Security
These six best practices can improve operational security and protect production sites from potential compromise:
- Install mobile-enabled scanning system: Install mobile-enabled scanning system: To better capture the current state of deployed IT, a mobile IT security malware scanning solution is required that can be carried from device to device for routine IT system maintenance to detect threats as early as possible and prevent them from hiding in local files.
- Routine “log-only” cybersecurity checks: In the case of sensitive production facilities, companies should use a scanning solution that can perform so-called "log-only" scans, where the results are merely logged and documented. Security experts and IT administrators usually prefer scanners that create a scan log without taking immediate action when threats are detected. This way, they can avoid removing business-critical programmes or files, and companies can take a more moderate approach to removing the threat if needed.
- Check for “endpoint vulnerabilities”: Data collected during production audits can be used to understand which patches and applications are installed on each endpoint device in production and to identify unpatched devices, resources or operating systems whose product lifecycle has expired (so-called “end-of-life operating systems”). This improves the transparency of status determination, especially for standalone IT devices, and simplifies the process of managing an industrial control system (ICS).
- Thorough plug-and-scan security inspections: Every digital endpoint device deployed on-site at the manufacturing facility must pass through a checkpoint where it is scanned for IT security threats that may be hiding inside. A mobile scanning solution that can be easily and quickly shared between the respective end devices is essential for this purpose.
- Central logging of asset information and scan results: A plant-wide or even enterprise-wide perspective makes the collection of information about corporate IT easy. To streamline the audit process, pharmaceutical companies should establish a defined compliance audit trail. This way, they can easily send security schedules or documentation on the status of IT to all stakeholders in the supply chain (including hospitals, pharmacies and other healthcare providers).
- Optimise benefits of security operation centres: An ideal security information and event management (SIEM) system should be as convenient as possible to use, providing centrally organised logs and incident logging, regardless of the brand of production equipment an organisation is examining for IT security. For example, the logs should be easily exportable to SIEM systems such as QRadar or Splunk. Ideally, a company maintains data integrity and stores data in a way that meets, for example, patient safety requirements for clinical trials and other legal requirements.
If unsecured mobile devices are brought to a production site and reach a company's IT control point, security scans must be quick and thorough. Logging systems for proving compliance and monitoring production devices should be convenient and designed to fit well into daily work routines. Every process in a company's security concept should be as simple and intuitive as possible. A promising way to address these complex and diverse security challenges is to use portable endpoint security solutions to protect the pharmaceutical industry's OT networks. This approach works best when the mobile solution in question is tailored precisely to the needs of the company.
Mobile security solutions, known as portable security solutions, help Industrial Control Systems ("ICS") owners and operators perform malware scans and capture security-related information on standalone computers and air-gapped systems. These USB-based solutions already include the necessary scanning software and can thus significantly facilitate the detection and removal of malware, as no security software needs to be installed on the target systems themselves. This allows pharmaceutical companies to perform on-demand malware scans whenever and wherever they are needed, and not have to worry about performance degradation on the scanned devices. In this way, mobile security solutions simplify the security scanning process and enable users to prove their compliance.