Presentation is loading. Please wait.

Presentation is loading. Please wait.

Validating and Protecting Pharmaceutical Manufacturing Processes

Published byBeatrice Greer Modified over 6 years ago

Similar presentations

Presentation on theme: "Validating and Protecting Pharmaceutical Manufacturing Processes"— Presentation transcript:

1 Validating and Protecting Pharmaceutical Manufacturing Processes
Greg Bunting Executive Director Indegy

2 Greg Bunting Executive Director Indegy
Indegy provides situational awareness and real-time security for industrial control networks to ensure operational continuity and reliability.

3 Pharmaceutical Industry Complexity
AGENDA Pharmaceutical Industry Complexity Manufacturing Environment Challenges Pharmaceutical Manufacturing Challenges The Answer: Visibility to Control Systems Summary Q&A

4 PharmaCeutical Organizations
Operational Challenges Global and Distributed Inconsistent Policies/Standards/Regulations Consolidation and M&A over the years Diverse Products Many Production Environments Large Network of Vendors, Contractors, System Integrators, etc. Many Production Touch Points

5 Regulations and Standards COMPLIANCE

6 PharmaCeutical OT/ICS REALITY
Production (and ReGulATORY) Complexity REQUIRES VISIBILITY And MoNITORING Of INDUSTRIAL NETWORKS IN ORDER TO Prevent Operational Disruptions and Meet reporting requirements

7 ICS Network challenges
Internet Perimeter Controls Extensive Control and Visibility Corporate Corporate Network: user workstations, servers, business applications IT Controls DMZ Segmentation Access Management ICS servers, OPC Servers Limited Control and Visibility Industrial Networks HMI stations, Engineering stations Controllers (PLCs, RTUs) Field Devices (turbines, pumps, etc.) Lack of management and security tools Lack of visibility and control

8 Why is it critical to protect the controllers?
The role of industrial controllers in ICS networks PLC/DCS Controller HMI new_rpm(20) blender_rpm(20) Cone Blender Operator Workstation Control Logic: If new_rpm < MAX_RPM set blender_rpm = new_rpm else ignore Send Error Message Industrial controllers are not simple proxies between HMI and I/Os

9 Why is it critical to protect the controllers?
PLC/DCS Controller HMI new_rpm(200) Cone Blender Operator Workstation Control Logic: If new_rpm < MAX_RPM set blender_rpm = new_rpm else ignore Send Error Message Error The controller determines if and how operational changes should be processed and prevents execution of unsafe instructions

10 The Anatomy of an Industrial Cyber Attack
Engineering Workstation Or Rogue Device ? Alter controller logic PLC/DCS Controller HMI blender_rpm( 200*MAX_RPM) Cone Blender Operator Workstation Control Logic: If new_rpm < MAX_RPM set blender_rpm = requested_rpm else ignore Send Error Message blender_rpm = 200*MAX_RPM Unauthorized controller changes can cause significant damage!

11 ICS THREATS - CYBER ATTACKS (External)
Stuxnet (2010) Destroyed 20% of Iran's nuclear centrifuges German Steel Plant Cyber Attack (2014) Second physical damage cyber attack reported in history Dragonfly / BlackEnergy (2014) Over 250 ICS networks (Energy, Pharma, etc.) compromised New York Water Dam (2015) Iranian hackers managing to get control of the flood gates Crashoveride /Industroyer (2016) Ukraine Power Grid blackout as an act of Russian aggression Dragonfly 2.0 / APT targeting Energy and more (2017) Wide range campaign targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors Triton (12/2017) Triconex Safety Instrumented System (SIS) controllers. Added program to the execution table of the controller. Suspected Nation State aiming for physical damage. ICS THREATS - CYBER ATTACKS (External)

12 Other threats to industrial control systems

13 Manufacturing OT/ICS REALITY
External threats, Internal threats and human error REQUIRE VISIBILITY And MoNITORING Of INDUSTRIAL NETWORKS IN ORDER TO Prevent Operational Disruptions

14 Confirm (no) changes were made to controllers
FDA Regulatory Compliance The Food and Drug Administration guidance: Drug products should be produced with a high degree of assurance that they meet all the attributes they are intended to possess. Pharma manufacturers should maintain processes in a state of control over their entire lifecycle, even as materials, equipment, production environment, personnel and manufacturing procedures change. Regulation mandates REAL TIME documentation

15 TRACKING Maintenance Work on ICS
The details needed to ensure proper maintenance and operational safety: IP / MAC / Serial address OS / Firmware versions When were they last updated? By who? Associated risk of the device List of potential vulnerabilities The details are constantly changing over time Usually through a manual process 3rd Party contractors and integrators may be involved Error prone No Documentation This Environment Promotes Stagnation

16 ICS CHALLENGES FOR PHARMA ORGANIZATIONS
Tracking maintenance work on ICS Unable to confirm no changes were made to controllers as per regulation Unable to confirm changes were made to controllers i.e. firmware upgrades to prevent CVEs Human factor that cause disruption to your operation Integrator Errors, Integrator compromised devices Lack of visibility and forensic data What’s connected to my Network? Threats targeting the company's intellectual property and manufacturing process Inconsistent standards WHO owns it? IT/OT

17 THE CHALLENGE: TRACKING ENGINEERING ACTIVITIES
Control-Plane vs. Data-Plane Data-Plane Standard HMI and SCADA application Protocols like: MODBUS, PROFINET, DNP3 PLC/DCS Controllers HMI Cone Blender Operator Workstation Control-Plane Proprietary, vendor specific engineering protocols (Unnamed, Undocumented) Logic Configuration Firmware Engineering Workstation ICS data-plane and control-plane communications use different protocols!

18 SOLVING THE VISIBILITY CHAllenge
1 Understand What Needs to be Protected 2 Continuously Monitor Access and Changes Without visibility you can’t have security 4 Enforce Policies, Get Real-time Alerts 3 Assess Risk to Devices and Networks Insure Reliability, Security and Intergrity of the Control Layer

19 SOLVING THE VISIBILITY CHAllenge
STEP 1: Understand What Needs To Be Protected = Asset Discovery Automate asset discovery, classification and management for better device control. STEP 2: Continuously Monitor Access and Changes Track network changes in real time Policy-Based and Anomaly-Based Detection Track changes made directly to the controllers Requires active component that mimics engineering workstation protocols

20 SOLVING THE VISIBILITY CHAllenge
STEP 3: Assess Risk to Assets and Network Compare Firmware Versions to CVEs View Communications, Protocols, Quantity and Number of Sessions STEP 4: Enforce Policies and Get Real Time Alerts Clearly define policies New Devices, New Protocols Abnormal Activites – i.e. HMI Downloading Code to a PLC Send alerts that support existing workflow Eliminate issues before they cause downtime and/or recover faster from incidents

21 Suggested Steps to IMPLEMENT a SOLUTION
Make sure that the person protecting your ICS environment is the same person who will suffer if/when there is failure Enlist stakeholders from IT and OT Align Technology, People and Processes Operational analysis to determine the impact of converged technologies Develop a road map to converged technology environment Gap analysis Establish a top-down approach for implementation Establish Governance Develop a comprehensive inventory of all IT and OT assets Manage Changes Systematically – Policies, Anomalies, Device with Alerts The best cyber solution provides visibility (both network and device) and drives efficiency in the manufacturing process

22 Session Recap Manufacturing Complexity Requires Visibility provided by Purpose Built Technology Automated control-asset discovery and a continuously updated inventory ensures full visibility into critical assets Comprehensive audit trail allows the manufacturer to track the ‘who’, ‘what’, ‘when’, ‘where’ and ‘how’ of all access and changes to critical ICS assets Solution must enable manufacturers to meet FDA requirements ensuring zero changes to the controllers Real-time alerts provide detailed information about unauthorized changes to critical assets enabling quick and effective incident response

23 Thank you! Want to know more? Visit: Contact us: Greg Bunting Executive Director Indegy Indegy provides situational awareness and real-time security for industrial control networks to ensure operational continuity and reliability.

Download ppt "Validating and Protecting Pharmaceutical Manufacturing Processes"

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
The Islamic University of Gaza

The Islamic University of Gaza
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Top Tactics for Maximizing GMP Compliance in Blue Mountain RAM Jake Jacanin, Regional Sales Manager September 18, 2013.

Top Tactics for Maximizing GMP Compliance in Blue Mountain RAM Jake Jacanin, Regional Sales Manager September 18, 2013.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Performance Metrics for EMS Self Assessment & Management Review 30 th Environmental and Energy Symposium & Exhibition April 5 – 8, 2004.

Performance Metrics for EMS Self Assessment & Management Review 30 th Environmental and Energy Symposium & Exhibition April 5 – 8, 2004.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google