While Life Sciences companies have become even more important to all of us during the pandemic, they have always been challenged with unique cybersecurity risk. Operating within a highly validated environment that typically runs 24x7, these manufacturing systems do not follow a standard lifecycle timeline and these systems typically cannot implement security updates in a timely manner.
In addition, many pharmaceutical and biomanufacturing companies are under pressure to reduce cost, adapt to market demands and increase quality across their products. This is leading to an accelerated adoption of digital technologies, more interconnected systems, and highly automated manufacturing processes to meet business initiatives around agile manufacturing capabilities and stronger data integrity compliance. However, these digital transformation initiatives are adding more complexity to the security risk equation by expanding the attack surface for threat actors to target mission-critical systems, many of which are legacy systems running outdated operating systems.
Unfortunately, with the evolving threat landscape, many manufacturing organizations within the Life Sciences sector have been subjected to cyberattacks, including ransomware. The result of these incidents can have major consequences and business impact.
In late 2020, Favera, a pharmaceutical manufacturer headquartered in Luxembourg, announced that it was the victim of a cyberattack that caused its operations to come to a halt. While it is unknown how long it took the organization to restore operations, this incident had an adverse effect on its manufacturing and supply to consumers.
And let’s not forget the NotPetya attack on Merck in 2017, which was reported to result in $1.4B in losses for Merck.
What’s at stake
Downtime from a cyberattack is costly and unproductive. However, it’s not only a financial or intellectual property impact, but also a community impact. Trillions of products (including medicines and vaccines) are delivered to hospitals and the global market annually to support our loved ones – moms, dads, sons, daughters, and so on. When you think about the broad consumption of these products, our daily lives depend on the mission of Life Science companies to ensure supply reliability and product quality.
These manufacturing operations are essential to our economy. Sadly, many threat actors are motivated to carry out cyberattacks for various reasons – financial gains, espionage, or competitive advantages – because they understand what’s at stake and how vulnerable many Life Sciences manufacturing facilities are to sophisticated threats, and modern-day tactics and techniques.
Steps to mitigate risk
Fortunately, several steps can be taken to mitigate the risk of cyberattacks and improve your overall cybersecurity posture. Following are some recommended action areas, based on recurring exposures seen in Life Sciences cybersecurity assessments. As you read through the questions below, reflect on your organization’s current practices and where you may be in the maturity of your cybersecurity journey.
- How are you bringing together IT and OT stakeholders? – You must share domain knowledge and experience from both worlds to evaluate and mitigate risk. Use a Cybersecurity Framework such as NIST to identify gaps in your IT/OT security posture using a cross-functional team (IT Staff, Security SMEs, Control Engineers, and third-party trusted partners). Use this framework to develop or maintain a unified strategy that addresses the converged IT and OT environments.
- How are you prioritizing security gaps? – You must be efficient with risk reduction decisions to get the greatest return on risk avoidance investments. Use a risk-based approach to prioritize those gaps and develop a strategic roadmap for closing the gaps based on criticality levels or the asset owner’s risk tolerance. Not all ICS vulnerabilities share the same risk level; align on risk.
- How are you protecting home field advantage? – You must have a defendable architecture specific to your OT/ICS environment. Many attacks focused on OT often start in the IT environment and then navigate to OT. Implement a modern cybersecurity architecture that incorporates leading practices such as:
- Industrial Demilitarized Zone-FW/IT-OT Network Segregation and Micro Segmentation for safeguarding the OT perimeter and high value, vulnerable assets within OT – see this CISA example.
- Identity and Access Management to enforce access and password policies
- Multi-factor authentication to enhance the security of remote access connections
- Endpoint device protection to enhance data integrity and security
- USB security controls to enforce removable media policies
This allows you to leverage a layered defense strategy to help keep out unauthorized users.
- How are you maintaining situational awareness? – You can’t effectively respond to threats if you don’t know the status of your OT/ICS environment. Be sure to deploy continuous threat monitoring controls to detect anomalous or suspicious activity in your OT network. Keep asset inventory updated and establish a baseline that alerts the security team when unauthorized devices or users come on the network.
- How are you preparing for the handling of incident responses? – Your ability to respond decisively to security incidents is determined by your organization’s readiness. Establish a business continuity plan that focuses on operational resiliency and perform tabletop exercises to pressure test those incident response playbooks ahead of “game day.” Role play through situational questions such as:
- Can the plant be isolated and run in a state of autonomy? If so, how long?
- Does the plant personnel know what production lines to run or focus on during a state of isolation?
- What key stakeholders are required and authorized to make critical and timely decisions during a security breach or incident?
- What specialized OT/ICS resources are on retainer for incident response investigations and remediation activities?
- If wiped out, how long does it take to recover or rebuild from an attack versus paying a potential ransomware fee?You play how you practice, so be prepared.
- How are you driving cultural awareness? – Your biggest threat, unintentionally in many cases, comes from within the organization. Hold regular cyber awareness training for personnel, including activities such as password hygiene and phishing email exercises.
Rockwell Automation helps secure Life Sciences operations
Rockwell Automation has proven Life Sciences cybersecurity solutions and deep automation expertise. What’s more, we have logistical capabilities that are unmatched when it comes to implementing complex cybersecurity solutions in a consistent manner across multi-site OT environments globally.
In fact, 95% of Fortune 500 Life Sciences companies rely on Rockwell Automation to improve product quality, reduce losses and risk, and optimize production operations.
For example, we partnered with one global pharmaceutical company to improve cybersecurity to support fast growth. Delivering comprehensive services at sites across the world, we established a standard network and IDMZ infrastructure blueprint to support phased implementations to production capacity.
Another global pharmaceutical company needed to reduce quantifiable business risk with a fast, scalable, and comprehensive OT cyber strategy. For this company, we:
- Implemented network segmentation at 64 sites across their enterprise,
- Deployed Threat Detection Services to gain a daily inventory of installed base network assets
- Developed an endpoint security strategy for secure, centralized management of portable media in the OT environment through an application “allow list” and USB cleansing
Take action to reduce risk
Learn more about how Rockwell Automation can help with Life Sciences cybersecurity services and solutions, reducing risk to your organization and its customers.
- Assess your cybersecurity preparedness in our DIY tool and see how you compare to the preparedness levels of 100+ industrial organizations.
- Download an example cybersecurity plan template.