Securing the UK's vaccine distribution
The pandemic has changed our way of life in many ways, including how businesses operate. Like many organisations, Roke was forced to quickly adapt, reviewing working practices in order to keep people safe and company data secure, whilst maintaining business activity.
As the first COVID-19 vaccines are beginning to be distributed across the UK, there’s almost a tangible sigh of relief as the immunisation programme begins to help bring life back to normal for people. But after such a monumental and ground-breaking effort, it is important to accelerate efforts to also make sure that methods to produce, ship and administer the vaccines remain secure from malicious activity.
The vaccines are not only a game changer in fighting the pandemic, the pharmaceutical companies that develop them will also find themselves benefiting from an increase in brand reputation for their businesses. Unfortunately, where there is opportunity to capitalise on a situation in the modern world, hackers and thieves will appear. With demand sure to out-strip current supply, the value of the vaccine will be very high, making aspects of its development and delivery a potential target for cyber-attacks.
Cyber resilience is key
Working with organisations across defence and Government, and those that are critical to national infrastructure, including rail, energy and automotive, we’ve witnessed first-hand the need for cyber resilience precautions to be put in place. Keeping ahead of and effectively applying newly emerging and changing cyber standards is key. The risks in the healthcare and vaccine landscape are similar – there’s a need to delay and disrupt cyber-attacks, such as phishing scams and malware, and to provide assurance in creating cyber resilient systems.
In relation to the COVID-19 vaccine, major ‘what-if’ scenarios must be considered – how might a malicious act occur? Could the refrigeration of the vaccine be hacked? Will the vaccine distribution channels be subject to malware? And could sophisticated phishing scams be set up to fool people into missing their second dose?
To help improve cyber resilience, organisations must ensure systems are assessed so weaknesses are mitigated, assets protected, and a security culture is built within a team. Experience has shown us how vital it is to work closely with organisations to identify where there could be system vulnerabilities and risk to critical national infrastructure.
The stakes are high
Research and development is the most expensive element in the process of developing a new vaccine and as a result, pharmaceutical companies are used to protecting their Intellectual Property (IP). Manufacturing viable vaccines demands a rapid response, and having the right infrastructure in place to deliver the vaccine to the population is critical.
Consider the 50 sites across the UK distributing the vaccine and the infrastructure they will require both for storage and digital protection – have all avenues to protect them been explored in the short time allowed so far? This is a vital element in the journey of the vaccine and is why we consider the human factors to be as important as the technical side of cyber security.
Are cyber-attacks inevitable?
With stakes this high worldwide, it’s perfectly possible that others will seek to gain an advantage. It is feasible to assume that attacks could be funded from significant global resources.
There have been plenty of reports that cyber-attacks have already begun, including recent findings from IBM indicating that a campaign has been targeting vaccine distribution specialists for months, as well as an official warning from Interpol. Even last week (10 December 2020), the European Medicines Agency (EMA) announced it had been hit by a cyber-attack and documents relating to the Pfizer/BioNTech vaccine had been accessed.
It may seem that disruption from cyber-attacks are inevitable in an environment where so much is at stake, but this is not the case. With the correct investment in expert advice and partnerships, businesses and organisations can move quickly and decisively to protect themselves and their crucial infrastructure assets from attack and provide patient care. Whether it’s protecting supply chains, preventing global phishing campaigns or simply raising awareness of the need to be extra vigilant, cyber resilience is achievable.
As experts in Information Assurance (IA) and cyber resilience, we explore, secure and assure complex systems that combine digital technology and people, helping to ensure integrity, availability and confidentiality. By combining the skills of security professionals, human scientists and technologists, risk can be assessed and managed to ensure that people and data security can be built into new system architectures and processes from the outset.
If you’d like more information about protecting your organisation in these unprecedented times, get in touch.