Add news
March 2010
April 2010
May 2010June 2010July 2010
August 2010
September 2010October 2010
November 2010
December 2010
January 2011
February 2011March 2011April 2011May 2011June 2011July 2011August 2011September 2011October 2011November 2011December 2011January 2012February 2012March 2012April 2012May 2012June 2012July 2012August 2012September 2012October 2012November 2012December 2012January 2013February 2013March 2013April 2013May 2013June 2013July 2013August 2013September 2013October 2013November 2013December 2013January 2014February 2014March 2014April 2014May 2014June 2014July 2014August 2014September 2014October 2014November 2014December 2014January 2015February 2015March 2015April 2015May 2015June 2015July 2015August 2015September 2015October 2015November 2015December 2015January 2016February 2016March 2016April 2016May 2016June 2016July 2016August 2016September 2016October 2016November 2016December 2016January 2017February 2017March 2017April 2017May 2017June 2017July 2017August 2017September 2017October 2017November 2017December 2017January 2018February 2018March 2018April 2018May 2018June 2018July 2018August 2018September 2018October 2018November 2018December 2018January 2019February 2019March 2019April 2019May 2019June 2019July 2019August 2019September 2019October 2019November 2019December 2019January 2020February 2020March 2020April 2020May 2020June 2020July 2020August 2020September 2020October 2020November 2020
News Every Day |

How bad actors could sabotage a COVID vaccine—and how that can be prevented

Dozens of companies have spent the past months working to develop an effective way to stop COVID-19—and thankfully, we’re starting to see some very promising results. With final phases of testing and trials underway, we must turn our concern to the next stage and consider the idea of a vaccine-related cyberattack.

It’s not unlikely that a bad actor could attempt to sabotage the availability of a vaccine by stalling or preventing its development, or even its distribution, through a targeted attack. Many people wonder how that would even happen, but there are actually quite a few ways that the process could be compromised. (My company Claroty works with manufacturing and pharmaceutical companies to keep their operations secure, so the recommendations that follow could have a positive impact on our business.)

Let’s start at the beginning.

While we’re still in the midst of vaccine development, it’s quite plausible that an attack could happen to stall the progress or run a vaccine trial off-course. The race to develop a vaccine has pushed pharma companies to work faster than ever and race through trial phases. The increased pressure here leaves them incredibly vulnerable to a cyberattack meant to put a stop to a vaccine’s development, similar to the Stuxnet malware discovered back in 2010. This software invaded the automated machine processes in Iran’s manufacturing operations in an attempt by the U.S. and Israel to thwart the country’s development of a nuclear weapon.

Another obvious way that a vaccine could be compromised through a cyberattack is at the manufacturing level. Picture this: After going through many months and different phases of trials, one of the pharmaceutical companies finally gets approval from the Food and Drug Administration to produce and distribute a vaccine. Right away, production will kick into gear.

A cyberattack of this style, specifically intended to tamper with the vaccine formula, would home in on the Internet-connected operational technology (OT) and industrial networks that help run manufacturing facilities. In a vaccine manufacturing facility, attackers would enter the IT systems, either through a virtual private network (VPN) connection or a user or vendor utilizing an insecure mode of remote access. From there, ransomware would be able to spread from the IT to the OT network. 

Vaccines are highly complex materials, compiled of various proteins and in need of near-perfect chemical balance to maintain the properties that make them effective. With such a fine balance, any small changes to the formula would throw off the efficacy and accuracy of the vaccine. An attack of this style would be reminiscent of the cyberattacks on the Israeli Water Authority from earlier this year, which attempted to alter the chlorine levels of the country’s public water supply. 

If a cyberattack were properly identified in time, the vaccine could be remanufactured, but it would result in a backup in its distribution. If not caught before distribution, there could be unknown consequences for the overall health of the recipients.

Now let’s assume all goes right regarding the vaccine’s production. At this point, the vaccines have to be stored somewhere until they get distributed—millions of doses don’t go straight from the factory to the doctor’s office overnight.

Given the delicate nature of the vaccine and its composition, it would likely need to be stored in a temperature-regulated facility to maintain stability and prolong its lifespan. According to the Centers for Disease Control and Prevention, the ideal temperature for refrigerated vaccine storage is between 36 and 46 degrees Fahrenheit.

Should a bad actor be interested in damaging vaccine distribution, they could stage an attack on the temperature control systems in place. By changing the climate of the warehouses or storage units, the potency of the vaccines could be greatly reduced, which would negatively affect the desired immune response.

Even if the vaccine doses remain fully intact and untampered with throughout the entire production and storage process, there are still plenty of opportunities for vaccination efforts to be compromised. The logistics of shipping and finally distributing a vaccine are prime for a cyberattack, given how often the product would have to change hands getting from the place of origin to the final destination.

This isn’t unlikely; it’s happened before. The 2017 attack on A.P. Møller-Maersk utilized NotPetya malware to completely cripple the shipping and logistics giant, ultimately costing it between $250 and $300 million.

In terms of vaccines, a ransomware attack could affect scheduling software, leading to delays in delivery and affecting the vaccine distribution schedule. Storage rooms could be locked down. Transportation could be rerouted. The connected systems that grant operators visibility into their systems could very well be the downfall of the operations.

Given the global exposure of the vaccine race as well as the monetary investments that have gone into the various companies working to develop them, a cyberattack wouldn’t be surprising. 

At this point, you may be wondering what can be done to defend against such an attack. Thankfully, there are quite a few precautions that vaccine manufacturers and distributors can take.

Gaining full visibility into all systems in use, so that operators can notice immediately when anything out of the ordinary is going on in the systems, and continuous monitoring of the networks will both be key in proactively preventing or quickly responding to any attacks.

Apart from internal solutions, vaccine manufacturers should work in collaboration with external or third-party vendors to ensure that all manufacturers are enforcing the same cybersecurity standards.

Vaccine manufacturers should also consult the extensive list of specific recommendations in the alert issued by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) on July 23, 2020, which indicates that Internet-accessible OT assets are becoming more prevalent across all 16 U.S. critical infrastructure sectors. The scenarios described cover multiple sectors—chemical, transportation, health care, and public health, and possibly more. The NSA and CISA’s recommendations include having a resilience plan for OT, a well-exercised response plan before an incident occurs, and reducing external exposure to OT networks as much as possible.

Lastly, there is no better time than now for cybersecurity leaders in these affected industries to build coalitions with fellow executives and board members for the vital work cybersecurity teams are performing to protect the company’s operations. Many board members have been very hands-on and involved at an operational level. They have seen how being prepared and having the right technologies and processes in place are essential for adapting to change and creating a more resilient business, so chief information security officers and other security leaders should be in a strong position to garner their support. 

As security teams reassess what risk looks like now and develop plans for how to focus on resilience, strong buy-in at the top is essential.

Guilad Regev is senior vice president of global customer success at Claroty.

More opinion from Fortune:

Read also

'He was tired and let himself die': Diego Maradona's manager says football icon 'no longer wanted to live'

Preview: Gillingham vs Exeter City – FA Cup

Duke Recruiting: Bronnie Grows Up

News, articles, comments, with a minute-by-minute update, now on — latest news 24/7. You can add your news instantly now — here