At a Glance
Digital security threats are increasingly targeting industries—including the chemical sector—to the point the Department of Homeland Security is now issuing cyberterrorism guidelines. Among the protection and detection resources a few chemical softwares available are:
- Free detection and protection tools for small and midsize chemical companies from Homeland Security.
- A free report to help companies detect abnormal behavior in a computer network before damage occurs from the National Institutes of Science and Technology (NIST).
- Several ways to protect distributed data on Microsoft’s Azure cloud computing platform.
Introduction
Using technology to automate factories has the potential to revolutionize the biochemical and pharmaceutical industries. The same technology permitting rapid development and customization, though, also exposes these factories to new risks from outside actors.
Factory technicians have the ability to track progress at every stage, permitting adjustments when required. Whether it’s creating a new drug virtually and using technology to anticipate how it will perform, and then tweaking it to get the right results, or producing medicines customized for a single patient, all of these methods share common tools: computers.
These same smart factory methods permitting efficient manufacturing also open the facilities to new vulnerabilities in the form of undesired computer modifications, known colloquially as hacking.
Potential Threats to Production Facilities
Connecting sensors and devices, along with accessing vital systems and information remotely, “results in manufacturing networks with greater vulnerabilities to cyberattack,” a recent article in Quality Digest states.
The most recent example occurred April 11 at Iran’s Natanz nuclear processing site. A power system used by centrifuges required to process uranium was demolished, requiring an estimated nine months of work to bring it back online. Another example cited in a 2014 The Wall Street Journal article explained how a targeted email sent to a German iron plant allowed intruders to cross into the production network. The result was an inability to shut down a furnace normally, causing severe damage to the entire system.
Types of Cyber Attacks
Cyberattacks can come in several forms depending on the attackers’ goals. These include:
- Stealing sensitive and important information, such as materials covered by patents.
- Installing malicious software, allowing attackers to control critical systems.
- Damaging production control systems
Cyber attackers usually have one of two goals in attacking anyone or anything, including a biochemical or pharmaceutical production facility. The goals are:
- Money in the form of a ransomware attack demanding payment to release control of these systems.
- Sabotaging machines with the goal of hurting a plant or company.
- Political motivations (e.g., Iran claims the April 11, 2021 attack was caused by Israel)
3700customer records were taken from LC Industries in June 2015
40,000 research files were taken from DuPont by a former employee
900,000customer records stolen from Hanes Brands in mid 2015
$54 million was stolen from aircraft manufacturer FACC in early 2016
Monitoring Industrial Systems
The National Institute of Standards and Technology (NIST) recently released its “Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection” report, which is available free.
Behavioral anomaly detection (BAD) monitors industrial systems for unusual events and trends. Using smart factory technology such as the industrial internet of things (IIoT) sensors, BAD looks for real-time evidence a system is being compromised. Instead of reacting to an attack already underway, or finding evidence a cyberattack happened in the past, BAD monitors industrial control systems and operational technology (OT). This lets factory technicians monitor what is happening.
When an operator sees signs of an unauthorized connection or device, the operator can stop it. One example cited in the Quality Digest article is knowing what communications are allowed with the programmable logic controller (PLC) common in many industrial machines. Unauthorized connections can generate an alert, letting the human operator know intervention may be required.
Figure: 1 An example of computer alerts in the Cyber X console (courtesy NIST)
Tools and Resources for the Chemical Sector
“Securing these chemicals against growing and evolving threats requires vigilance from both the private and public sector,” the Cybersecurity & Infrastructure Security Agency (CISA) states in an article on the Chemical Sector. This sector includes pharmaceuticals. Tools and resources are available to small and midsize chemical facilities through the CISA designed to aid chemical facility owners and operators, risk managers, business continuity planners and others.
CISA states these resources are not to be confused with the Chemical Facility Anti-Terrorism Standards (CFATS), which focuses on high-risk chemical facilities. The program identifies and regulates high-risk facilities, reducing the risk of hazardous chemicals being weaponized by terrorists.
NIST also has tools available through its Cybersecurity Framework webpage.
Azure Has Tools to Fight Cyber Attacks
While many small and mid-sized businesses lack the financial resources to fight cyberattacks, commercial tools do exist. One advantage is they remove much of the computing burden from on-site servers and move it to the cloud. Especially in a business environment where many employees and managers work remotely, possibly in different countries with varying degrees of cyber security, the ability to protect data and operations becomes critical.
One of the top products of this type is Microsoft Azure, a cloud computing platform with services including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
Using remote data servers (i.e., cloud computing), Microsoft uses a layered approach to ensure its physical facilities storing data from remote factories are secure. Access approval is required at the facility’s perimeter, the building’s perimeter, inside the building and on the datacenter floor. Customer networks are isolated in Azure. Per Microsoft the isolation improves performance and security.
Physical access to computer hard drives is not a typical security issue for most companies. Stealing or damaging the data on them, though? Worrying about that can lead to sleepless nights. One benefit of using Azure is its ability to accept data from Microsoft Office 365 programs such as Access and Excel. Microsoft Azure Sentinel provides intelligent security analytics. The Azure data security platform also provides other forms of security. This includes:
- Structured query language (SQL) authentication
- Multi Factor authentication by users
- The ability to lock various computer resources
- Constant security updates automatically applied to the overall system by Microsoft
Multi Factor authentication, for example, sends a code to a user’s email account or cellphone. The user must input this code to gain access. Azure also has its own Security Center that provides an overview and recommendations for making each subscriber’s virtual network and virtual machines more secure. Reports are exportable in a format readable by programs such as Microsoft Excel. Azure’s Security Center also provides:
- Details on security incidents with recommended actions to prevent similar issues
- Built-in remediation proposals, requiring only mouse clicks to activate them
- A wealth of information based on industry-specific policies for a specific country or region
Final Thoughts
Cyber attacks on industries are increasing worldwide and a better infrastructure without the maintenance hassle is the direction that more companies are preferring. Microsoft’s Azure cloud computing platform includes many security features designed to protect data when using a distributed workforce.
Aiming to transform into a risk-free organization with Azure? Start the trial!