Protecting vaccine supply chain against ransomware
COVID-19 pandemic has accelerated the already prominent threat of cybercriminals
The COVID-19 vaccine holds the promise of a post-pandemic world. Many are looking forward to the end of isolation and re-engaging in good old face-to-face social contact. However, there are many steps that need to be taken first.
Canada is expecting to receive millions of doses this year, but the path to get here was a long and complicated logistical dance. In my home province of B.C., Provincial Health Officer Dr. Bonnie Henry revealed that her agency had received “credible” security alarms concerning incoming COVID-19 vaccine shipments that triggered responses from the Department of National Defence and the RCMP.
Henry went on to suggest that there may be a “concerted effort to interrupt the cold chain and to sabotage immunization programs.”
The agencies in charge of logistics have their hands full protecting the physical security of vaccines across the supply chain. But what about cyber threats?
We know that a successful immunization rollout sits upon an intricate supply chain that includes storage, temperature control (up to -70 C) in the cold chain, and logistics information systems.
There are many points of access along this chain that are at risk of data breaches. Last month, the New York Times reported that a series of cyberattacks was already targeting companies and governments involved in the distribution of coronavirus vaccines around the world.
Beyond traditional hacking of secure information, the threat that most comes to mind is that of ransomware. Last month, Vancouverites witnessed a ransomware attack that crippled our Metro transit system, shining a light on the everpresent threat of ransomware attacks toward public-facing infrastructure. Frankly, the criminals behind the attacks are keenly aware that critical services provide huge opportunities for ransom.
The vaccine value chain requires an immense amount of data to make certain everything goes to plan. The risk is as large, if not larger, than the physical risk of exposure. COVID has accelerated the digital transformation of the world, but in some ways has also put us more at risk.
If cyber criminals are able to gain access to vaccine information such as batch numbers, vaccination dates or logistics scheduled, encrypt it and withhold it from the government, how much would that cost us, even just for one day for the vaccine supply to not be disrupted? While the financial cost could be significant, the cost in human life is incalculable.
Each person across the value chain is a potential victim. The asymmetrical warfare of cyber threats can disrupt an entire nation. All it takes is one set of compromised credentials — the attacker only has “to win” one time while we as an industry must be right every time.
With tracking mechanisms on cold trucks with vaccines, a lost connection and data loss could require the government to stall its campaign or even start over again. Restoring from tape (which is difficult to use and stored off-site) is a standard method of recovery since you can’t encrypt tape. But imagine that it can take weeks or months to restore full data sets from tape — essentially an eternity in our instant world.
Once an attack has succeeded, three capabilities are key in mitigating the impact of ransomware attacks.
First, backups must be protected from intentional, malicious encryption. Second, the day-to-day operation must be simple for IT staff. Third, any backup system must also be able to restore rapidly.
There are new innovative solutions for data protection that can ensure fast restores, in a matter of hours. Safe modes exist with multi factored access protocols where backup data can’t be compromised even if admin. credentials are compromised. There is no need to wholly “rip and replace” existing backup infrastructures.
COVID has accelerated the already prominent threat of cybercriminals. With the vaccine in play, and a post-pandemic world on the horizon, no shortcuts can be taken. .