Cybersecurity and the Life Science Industry: Change, Progress and Risk
Just a little background…
March 31, 2021
The COVID-19 pandemic forced the globe to rapidly adjust to a new way of life. The economic and social disruption caused by this disease has introduced unanticipated challenges and has initiated a seismic change in industry. The pandemic has driven innovation and has been a significant catalyst in the increase of human resources in all areas to bring about rapid vaccine development and manufacture. This coupled with demand for materials, and the necessity to restrict human to human contact, has brought about a tremendous increase in remote operations1. Media has placed a focused light on what’s going on in the life science world, the industry’s technological advances and ultimately the critical data that comes with it.
How does industry protect its most valuable property?
With all of these changes, it is important to have the infrastructure in place to keep a company's most valuable property, such as data and trade secrets, safe from malicious intent. To help keep these precious pieces of the organization safe, it is imperative for companies to understand the importance of cybersecurity.
This monumental shift from in office to remote work and hybrid working patterns, has kept infrastructure teams on their toes. Two teams each with their own individual focus are the Operational Technology (OT) team and the Information Technology (IT) team. These two teams are now having to work closely together to provide the infrastructure to allow remote users access to critical data from site facilities to keep business operational. The ability to keep business operations running without interruption has proven to be a significant feat for all involved. Looking to the future, this has also opened the door for new opportunities to improve working efficiency and robustness.
Who are the OT and IT teams?
The Operational Technology (OT) team manages the software and devices used to perform industrial or manufacturing processes. The OT team focuses on the equipment that is used to monitor and control operations. This equipment might include programmable logic controllers (PLC), supervisory control and data acquisition (SCADA) systems and their associated network and computing infrastructure.
The Informational Technology (IT) team generally deal with the corporate infrastructure essentially driving business-oriented information and devices. Think of your company laptop, your company’s shared folders, or even your company’s communication platform. All of these pieces are important to keep the data flow accessible to everyone within the company and keep it safe from people outside of the company.
Historically, the OT networks were separated away from the IT business network in order to prevent connectivity or remote connection to the outside world. This separation was to protect the OT equipment from being manipulated unintentionally or at worst case, being infiltrated by cyberattack. Unfortunately, OT systems do not work well with system updates, antivirus, or the stereotypical IT system setup that would normally take place on IT business computers and equipment. As such, the OT systems are in a more vulnerable state should they reach the outside world.
The boundary that once existed between IT and OT has now been largely removed. The ability to connect industrial and manufacturing systems remotely and to see the data from these systems outside of the manufacturing floor, has kept the business operations of the life science industry running. It is essentially a progressive byproduct of the pandemic.
Why do we care if the IT and OT teams are coming together?
Unfortunately, with the increased connectivity between IT and OT systems, there is also an increase in the exposure to cyber threats. The difference here is that with IT systems a cyberattack might mean holding data at ransom. However, for an OT system, this may mean that the cyber attacker now has control of your industrial equipment which could prove to be a huge safety hazard and business risk! With this increased risk, businesses are called to review their cybersecurity profile to determine the level of risk their infrastructure is subject to. Actively identifying cyber risk exposure is the first step towards creating a framework to protect IT and OT systems from infiltration.
As the Life Sciences industry continues to develop vaccines and life changing drugs, we can progress in the knowledge that we have the ability to mitigate risk and protect what we value.
Find out in our next blog how to mitigate risk with cybersecurity best practices.
- ‘Life Science Analytics Market Size, Share & Trends Analysis Report By Component (Software, Services), By Type, By Application, By Delivery, By End-user, By Region, And Segment Forecasts, 2022 – 2030,’ Grand View Research Accessed, March 29, 2022, https://www.grandviewresearch.com/industry-analysis/life-science-analytics-market
Thank you for signing up
Thank you for signing up to the Biotech Blog.
Kate Green, Automation Engineer, Research and Development
- Sort By