While the Covid-19 pandemic is slowly coming under control in some countries, many are still facing numerous challenges in containing the virus. In the ASEAN region itself, countries like Singapore, Thailand and Malaysia have imposed more lockdowns as cases continue to increase.
Despite the surge in new cases, many nations have also expedited their vaccination efforts. Compared to the US, China and the UK, the pace of vaccinations in ASEAN nations have been picking up over the recent weeks, with more people getting vaccinated daily.
As the demand increases, cybercriminals are also making use of this opportunity to wreak more havoc on organisations. In fact, vaccine manufacturers have already added more cybersecurity protection to ensure their production is not disrupted. However, protecting the vaccine supply chain is no easy task.
Distributing and storing vaccines across the world, especially in areas that do not have the best infrastructure can be challenging. At the same time, ensuring shipments are not compromised during travel is also another challenge. While these are mostly physical challenges, most of them can be disrupted virtually. And it’s not just vaccines that are vulnerable. Any medical product or data is basically vulnerable to any form of threat.
To understand more about how businesses and nations can protect the vaccine supply chain and the bad actors that could attack it, not just in the region but the whole of Asia, CSA speaks to Vijay Vaidyanathan, Regional Vice President for Solutions Engineering in Asia Pacific and Japan at Claroty.
Question: What possible bad actors could attack the vaccine supply chain in Asia?
Bad actors can range from state-sponsored attackers to hacker groups who have a variety of motivations - to steal proprietary information, to extort money by holding the vaccine supply chain hostage, to disrupt another country’s vaccination progress, etc.
There have already been reports of cyber attacks against the COVID-19 vaccine supply chain. For example, state-sponsored Chinese hackers have allegedly been targeting Indian and Japanese vaccine makers to disrupt their research and distribution efforts. Additionally, IBM X-Force reported an unknown cyber threat incident where bad actors targeted a vaccine supply chain via phishing, attempting to access critical systems in the “cold chain,” which is an integral part of vaccine storage. Perhaps in an attempt to steal proprietary information for transporting mass quantities of the vaccine, these adversaries could wage a disruptive ransomware attack to hold the vaccine distribution process hostage.
Moreover, digital transformation and the shift to remote work amid the Covid-19 pandemic has made remote access to facilities a necessity and as a result, inevitably gives attackers more points of entry into the network. With remote work, the risk of employees being targeted by phishing or spam attacks and thus ransomware and other malware infections has increased. In fact, Claroty’s Biannual ICS Risk & Vulnerability Report found that 71% of Industrial Control System (ICS) vulnerabilities disclosed in the second half of 2020 were remotely exploitable through network attack vectors.
It is likely that we will see more ransomware attacks affecting critical sectors, employing extortion methods, and strategic targeting, particularly for critical areas such as the vaccine supply chain.
Question: Can you share with us a possible scenario of how an attack against a vaccine supply chain in Asia might play out?
Threat actors can compromise the following processes in the vaccine supply chain.
Vaccine Development: As researchers around the world continue to develop and trial vaccines to combat the coronavirus, there could be a targeted attack to slow the progress or even halt vaccine development. Such an attack might play out similarly to the Stuxnet malware, which U.S. and Israeli officials designed to disrupt Iran’s nuclear program by damaging its automated machine processes. Given the high stakes of bringing a safe and effective vaccine to market, it is crucial to ensure basic security hygiene, patch vulnerabilities and lock down access to critical systems managing industrial processes.
Vaccine Manufacturing: Threat actors can attack the vaccine production line by tampering with the vaccine formula through hacking into Operational Technology (OT) networks that are connected to the internet and which run the vaccine manufacturing facilities.
These OT networks have unique requirements and proprietary protocols that are largely unrecognisable by Virtual Private Networks (VPNs) and other traditional IT security tools. Yet, such tools tend to be popular remote access solutions for enabling enterprise IT connectivity among industrial organisations. As these solutions can be accessed via the public internet, they present a potential entry point for threat actors to introduce ransomware that could spread from the IT to OT network.
With vaccines having highly complex formulas, whose delicate chemical balance ensures their efficiency, any changes made to the formula can render it ineffective and even harmful to the health of the recipients. An attack like this would resemble the remote attack against a water treatment facility in Florida in February, in which the attacker accessed a compromised remote access solution and attempted to increase levels of sodium hydroxide in the water supply, a dangerous substance if consumed.
Vaccine Storage/Cold Chain: As the delicate nature of the vaccine requires it to be stored at cold temperatures, a cyber attack targeted at the building management systems to maintain the required temperature range could reduce the potency of vaccine batches and affect the desired immune response.
Vaccine Distribution: The complex supply chain for vaccines requires the product to change hands many times when making its way from its point of origin to its final destination. In 2017, a NotPetya malware was used to wage a ransomware attack against shipping giant A.P. Moller Maersk. Similarly, attackers can wage a ransomware attack to affect scheduling software, altering the vaccine distribution schedule to delay delivery. They could also potentially lock down storage rooms or reroute transport.
Question: What can organisations do to protect and defend themselves against such attacks?
Fortunately, while there are numerous cyber risks targeting vaccine production and distribution, there are also industrial cybersecurity best practices that can mitigate such threats:
Ensure operational visibility. One of the biggest challenges with securing OT environments is a lack of telemetry, and therefore, visibility into OT networks. Vaccine manufacturers need real-time visibility into all their operational systems linked to the production and distribution of vaccines. This will allow security teams to notice if there is anything out of the ordinary going on in the systems, allowing them to detect, investigate and resolve malicious activity. Additionally, such visibility can help to identify vulnerabilities such as out-of-date operating systems and software, and any common vulnerabilities and exposures associated with products, allowing them to take action.
Establish secure remote access. Organisations need to use remote access solutions that are purpose-built for industrial environments that allow for auditing, control, and monitoring capabilities. This includes extremely granular role- and policy-based access controls for industrial assets at multiple levels and geographic locations while supporting zero-trust and Least Privilege security principles.
Stay up to date on cybersecurity standards. Organisations can also look to OT cybersecurity recommendations by respective government agencies. Singapore, for instance, is setting up a panel comprising of global experts to offer advice on OT cybersecurity as part of the country's latest cybersecurity blueprint. Organisations involved in the vaccine supply chain can also refer to OT security recommendations released by US security agencies the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA).
Question: How does an organisation define reliable OT security and why should organisations prioritise it?
Reliable OT security addresses OT-specific challenges, including a lack of standardised technology, the use of proprietary protocols, and a low tolerance for downtime, as well as other disruptions impeding critical processes. Reliable IT involves gaining full visibility into your OT environment, continuous threat monitoring and ensuring secure remote access.
The more important industrial networks are to your business, the more essential effective industrial cybersecurity is to the success of your operations. Any risk that threatens availability and uptime can have a significant impact when systems must be shut down and restarted. This includes financial losses, risks to product delivery if attackers tamper or contaminate products and compromised safety systems of people inside or near the facility.
The pandemic has also caused board-level business leaders across a wide range of industries to pay more attention to OT security, due to the increased need for secure remote access to industrial operations and the accelerated convergence of IT and OT networks. Those leaders have now seen first-hand how digital transformation impacted their organisation’s ability to adapt to the new circumstances of pandemic life.
For companies that had previously tried to keep their OT networks as isolated as possible and didn’t have remote connectivity in place, it was a slow and sometimes rocky start. Those that had begun to embrace digital transformation initiatives were able to transition more smoothly, as they had already started thinking about security in an expanding and open environment.
They either knew or learned the hard way that OT security plays a vital role in creating business resiliency and adapting to rapidly changing circumstances.
Fortunately, this increased focus on OT security has laid the groundwork for sustained efforts to strengthen cybersecurity over the coming years. Strong coalitions are essential to moving forward quickly.