[ad_1]
From its inception, the rapid development, approval, manufacturing, distribution, and dispensing of a COVID-19 vaccine will surely be an unprecedented challenge. Unfortunately, the potential for serious cyber and physical security issues to surface further complicates the effort.
In addition to the advisory issued last week by IBM, INTERPOL recently issued an orange warning about the potential for a wide network of organized crime threats to target COVID-19 vaccines both physically and online, noting that the pandemic “already it has unleashed unprecedented opportunistic opportunities. and predatory criminal behavior “.
First efforts
Unfortunately, some of the early attacks on key partners have already been successful. Case in point? Americold, a US-based temperature-controlled warehousing and distribution provider, suffered a cyberattack affecting its operations.
“The attack on Americold shows that cybercriminals will target anyone they think they can ransom or extort money. This attack is particularly concerning, as Americold is one of the organizations that will participate in the distribution of the upcoming COVID-19 vaccines, ”says Saryu Nayyar, CEO of Gurucul. “As long as there is little chance of being caught or punished, cybercriminals will continue their attacks. But the cybersecurity industry will continue to develop improved tools, such as security analytics, to help organizations thwart them. “
Point3 Security VP of Strategy Chloe Messdaghi adds: “Once again, we see that companies that are not considered likely targets are the most likely targets. This is especially unfortunate as Americold has an important role to play in the upcoming COVID-19 vaccine distribution, in addition to its long-standing role in supporting the food supply chain. Each and every piece of the COVID-19 supply chain must go through serious cybersecurity and risk audits, as if lives depended on it. Because they will. “
According to Messdaghi, “Human-operated ransomware attacks start with Trojans or other exploits against unsophisticated vectors. Once an entry is found, malware is planted and privileges are elevated. These attacks often exfiltrate data before files are encrypted, and the attacks drag on, with months of potential compromise adding to the potential damage that can result, ”she says. “That is why these types of attacks pose a greater threat than automated attacks like WannaCry or NotPetya: they are intentional and secret. The more protected our critical data is through zero-trust actions, the more secure we will all be, both on a day-to-day basis and in particular in circumstances of national mobilization such as the upcoming distribution of vaccines. “
According to Bill Conner, CEO of SonicWall, “We have seen threat actors from nation states previously focused on vaccine research to steal incredibly valuable intellectual property. Now, cybercriminals are opening up new cyber attack vectors in the global deployment and recalibrating their attacks to target the ‘cold chain’, the supply chain that helps deliver COVID-19 vaccines at the required low temperatures. “
“In this case, the evidence suggests that a nation-state is likely behind these attacks, as has been the case with many other attacks on the health, higher education and government sectors this year. Successful breaches by cybercriminals will give these malicious actors the ability to influence or control healthcare, geopolitics and global economies during a time of great need, ”says Conner. “The supply chain behind these vaccines is incredibly complex and multi-stage. For cybercriminals, the more complex the supply chain, the more potential access points they have to wreak havoc. Whether it’s disrupting the shipping process, shutting down the huge freezers needed to keep vaccines cold, or hacking into supply chain systems, the result of malicious intrusions can drastically disrupt the entire distribution process, putting lives and economies at risk. ”
SonicWall’s Conner told IndustryWeek that the outcome of a successful “cold chain” attack would allow hackers to steal the vaccine’s intellectual property and / or disrupt the vaccine distribution process. “Since the supply chain is interconnected, an attacker who has access to a link in the chain creates a greater risk (with greater credibility) of IP theft. If an attacker hacked into the refrigeration company responsible for keeping vaccines at the correct temperatures, that attacker could also try to infiltrate upstream or downstream, masking the ability to be detected, ”says Conner.
“Companies must recognize that all actors in the complex chain of the vaccine distribution process are equally important, not just the pharmaceutical company that developed the vaccine. As a result, all organizations must comply with the warnings and guidelines issued by governments on cyberattacks, ”says Conner. “Companies need to make sure their employees are vigilant and that their security protocols are in place. Specifically, organizations must pay close attention to phishing attempts, endpoint security, network segmentation, and secure cross-organization access. ”
According to Nayyar, cold storage and distribution could be considered a specialized part of the warehousing and shipping industry verticals. “They have the same basic need for security, but they also have the additional cooling infrastructure to protect,” he says. “They should be seen as a higher value target and improve their security posture to adapt. Improved user education. Better perimeter defenses. Facility security to protect your specialized systems on site. Endpoint security and defense analysis to protect your systems. Whether they need to employ a dedicated team of their own or rely on an MSSP, the problem is upping their security game. “
Could blockchain help?
Blockchain technology could prove to be a piece of the puzzle, especially for key distribution partners, by increasing transparency through intricate time tracking, aiding in the proper management of data such as material and inventory levels, and specifically for this vaccine, the transport temperature. Relying on blockchain to track products, accurately capture costs, and provide transparency will help manufacturers and retailers manage the daunting task of delivering COVID-19 vaccines safely.
And, considering skepticism among sectors of the population, integrity and transparency are crucial. “By leveraging the blockchain, pharmaceutical manufacturers can show vaccine suppliers and distributors step-by-step details of the vaccine life cycle, as well as provide detailed records of testing data, in addition to manufacturing details. , distribution and transportation, “Kevin Beasley, VAI’s CIO tells IndustryWeek. “With the use of blockchain, pharmaceutical companies and manufacturers can easily track the distribution of vaccines, ensuring that vaccines are safely delivered to the final destination when the time comes. With a vaccine as sensitive as this, the use of blockchain technology to track and record transactions and touch points is key. ”
Additionally, blockchain can help prevent fraudulent products from entering the supply chain, Beasley explains. “The Drug Supply Chain Security Act (DSCSA), first introduced in 2013, is the FDA’s attempt to require serialization and traceability of drugs moving through the supply chain. to eliminate counterfeit drugs and, in this case, vaccines, he says. “Many companies use blockchain as an important tool to meet compliance deadlines, reducing the risk of fraudulent products on the market.”
In addition to blockchain, many manufacturers and distributors already have artificial intelligence (AI) to scale operations and collect and analyze data to inform things like proper storage, shipment timeliness, and deadlines, so they are used to the technology in supply. chain. By adding blockchain, distributors can reap the benefits of using both technologies. “One step further, AI in conjunction with blockchain can help prevent recalls, saving money that is often spent on troubleshooting, having to dispose of dead material, or preventing people from getting a vaccine any longer. ”Says Beasley.
Way ahead
This could be a crucial time for blockchain technology. For example, beyond the pharmaceutical industry, food manufacturers can implement blockchain to prevent and manage product recalls. “Blockchain has the ability to flag data to capture important data points at every step of the food supply chain, greatly enhancing the capabilities of companies to track and trace products,” says Beasley.
“This allows the company to access an accurate picture of the product life cycle. With a blockchain system, the food industry would have visibility into data such as product origin, storage temperatures and ingredients, helping to ensure that safety and quality are maintained for end consumers, ”he says. “Better product visibility would also increase efficiency by avoiding recalls and provide more transparency to customers who want to know where their food comes from.”