Cold Chain Cybersecurity Critical for Effective COVID-19 Vaccine Distribution

December 3, 2020

With the COVID-19 vaccine distribution right around the corner, researchers from IBM’s Security X-Force have just uncovered a phishing campaign targeting companies associated with The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan. The goal of this campaign is likely to gather intelligence about how the vaccine will be stored and transported to understand the entire cold chain process. Initial reports have indicated that the attacks were “sophisticated enough that they pointed to a government-sponsored initiative, not a rogue criminal operation aimed purely at monetary gain”.  

This should serve as a notice to all the organizations involved in the production and distribution of the COVID-19 vaccine. Since it must be kept consistently at an incredibly cold temperature to stay viable, one small adjustment in a refrigeration facility could spoil entire batches of it. We discussed the potential consequences of such an attack in our recent webinar on creating a cybersecurity program for building management systems. There have already been instances of something like this happening, such as in 2018 when a disgruntled third-party contractor adjusted the temperature in a refrigerated facility at a grocery store in the Netherlands, destroying critical platelets and insulin.

To reduce the risk of a successful cyberattack on the cold chain, we recommend that organizations take the following actions now:

  1. Learn everything about the devices in your cold chain, including:
    • Where they are
    • What’s on them 
    • What they talk to
    • Who can access them 
    • What their vulnerabilities are
    • What a healthy baseline looks like
  2. Change user and default administrative credentials now. You should also put a system in place that monitors account changes and login attempts, and shares that information with corporate security teams. Then, set up policies that flag non-conformance of credentials, such as age or complexity of passwords.
  3. Do a vulnerability assessment to understand which cold chain devices have open critical vulnerabilities on them and are susceptible to an attack. Based on these results, you can prioritize what you need to patch based on the likelihood and impact of a potential compromise for each device.
  4. Evaluate proven threat detection solutions for industrial devices and networks. If an attacker manages to circumvent other safeguards, ensure you can detect if anomalous activity is occurring in your cold chain. To get the most complete detection coverage, the solution should provide more than just one detection method. Monitoring both the network and endpoints can detect suspicious activity in multiple ways, which can act as a type of fail-safe mechanism.
  5. Be prepared to quickly respond and recover from an incident. Nobody likes thinking about being the victim of a cyberattack, but always prepare for the worst. Capture and backup the known secure configurations from step 1 for rapid recovery. Evaluate your current incident response (IR) plan and test it with a simulated threat scenario to see how quickly you can recover from an incident. 

The COVID-19 vaccine cold chain is a ripe target for cyber criminals, so it’s critical for stakeholders throughout the chain to ensure that their refrigeration facilities are secure as possible. We’re here to help. Connect with one of our cybersecurity experts for advice on what you can do to keep your facilities cyber secure.