17 minute read
The cyber-physical security of pharmaceutical manufacturing processes
The cyber-physical security of any manufacturing system, specifically food and drug manufacturing, is essential. The technology in the pharmaceutical industry advanced significantly in last decade to improve upon every aspects of drug manufacturing. However, much less attention has been paid to identify and proactively mitigate the risk of cyberphysical attacks. Viruses that threaten these systems are very real and in recent years have proven very harmful and costly. Those that target drugs consumed by billions of people worldwide will inevitably have deadly consequences. Even with dedicated IT departments focused on determining cyber-physical attacks, it is imperative that a base layer of protection should be integrated into pharmaceutical manufacturing plants for the well-being of manufacturing system as well as consumers. This paper gives the overview of methods and tools useful for cyber-physical security of pharmaceutical manufacturing processes.
Advertisement
Ravendra Singh, Engineering Research Center for Structured Organic Particulate Systems (ERC-SOPS), Department of Chemical and Biochemical Engineering, Rutgers, The State University of New Jersey
The cyber-physical security is no longer an area that should be overlooked. Unfortunately, cyber-physical attacks of all kinds may cost companies a great amount of money and countless lives. In a recent PharmaIQ report, an increasing trend of ‘cyberphysical security risk’ has been found.
Therefore, a systematic framework is needed to mitigate the risk of cyberphysical attacks.
Pharmaceutical plants need to employ security measures in order to lay the foundation of a comprehensive cyberphysical security plan. These measures will be the integration of cyber-physical security tools into the pilot-plant network in order to prevent and deter infiltration. It should be noted early on that the Work Station (WS) computer should not be used for any purposes outside the scope of the manufacturing plant to minimise risks of possible cyber-physical attacks. This includes trivial activities such as checking emails and surfing the web because after all, the most common type of cyber-physical attacks are malicious software downloads caused by clicking seemingly harmless links and attachments.
Process and pilot-plant The direct compaction pilot plant at the Engineering Research Center for Structured Organic Particulate Systems (C-SOPS) at Rutgers comprises of three different levels which utilise gravity as the main force responsible for transporting powders from and to each step of the process. The top floor holds the feeders that discharge API and excipients. The middle floor holds the mill, blender and lubricant feeder. The ground floor contains the final operation unit, the tablet press. The more details of the pilotplant can be found in Singh et al. (2014). In the pharmaceutical Manufacturing Plant, the local host belongs to the desktop computer that is referred to as the work station. The work station’s network is shared by the PLC, unit operation, and the Windows Server that runs control software.
Systemic framework for cyberphysical security of pharmaceutical manufacturing process A systematic framework for cyber-physical security of pharmaceutical manufacturing process is shown in Figure 1. The pharmaceutical industry needs protection with expansion into cyber-physical defense as it can be integrated into the plant. The need of some of the tools such as network traffic analyser, file integrity monitoring tool, and data block monitoring tool are highlighted in the figure. A novel Cyber-physical Security (CPS) tool (developed in-house) is also shown in the figure. The pharmaceutical manufacturing plant is typically connected to various software/hardware via numerous pathways. The PLC is the industrial computer that allows control of the pharmaceutical manufacturing process. All unit operation except the
Profibus, Serial port
Ethernet
Ethernet
R Software Snap7 CPS Tool (New Developed)
Wireshark
Data Monitoring/Control
Database and models
OPC communication
Simatic S7 400 PLC
Feeders FeedersMill
Wireshark HMI
- Detailed data packet information - Statistics - Possible courses of action Wireshark
Tablet Press
Network Interface
PCS7
Figure 2: Wireshark as a Network Traffic Analyser
tablet press of the plant is connected to the PLC via Profibus or a serial port. The tablet press is connected to the PLC by an OPC protocol, using OPC Scout. The work station has installed a Distributed Control System (DCS), a software that allows high level programming control as well as visualisation of the entire process. The work station also provides a center for which all IT and process data can be monitored and controlled as well as host the plant specific CPS Tool integrated into the plant. (Figure 1) A brief description of some of the cyber security methods and tools needed for cyber-physical security of pharmaceutical manufacturing are given below.
Network traffic analyser The ease of access to pharmaceutical plants have increased with the advances of automation technology used in industry. Remote operation of the plant via DCS may make manufacture monitoring much more convenient but also opens the risk of vulnerabilities in the network. Network traffic analysers such as Wireshark may use the baseline of the network interface for a specific CPU in order to detect any abnormal activity (Figure 2). The baseline of the network interface is used as a reference in deciding routine traffic. The work station of a pharmaceutical plant should only allow packets of information that are familiar to be exchanged through the network. Wireshark’s role as a network analyser is demonstrated below. (Figure 2)
Figure 3: Application of the network traffic analyser tool Network protocols are simply different sets of rules of communicating between computers. Setting these rules allows computers to transfer information in practical ways. But different activities on the computer require different protocols. Therefore, identifying protocols is essential to manufacturing operations to ensure only the activities that are allowed are successfully executed. The hypertext transfer protocol (HTTP) for example, in theory, should not be captured in Wireshark because the work station should not be used for browsing the web as mentioned in the introduction.
But simply identifying different protocols is not enough to protect the plant. Additional pieces of information that Wireshark conveniently provide such as the source and destination IP addresses need to be examined as well. In the simplest scenario, an air-tight pharmaceutical manufacturing plant network would only allow exchange of information between the components under the same few IP addresses. Companies may work up to classify other networks that are allowed to communicate with the outside components.
Information exchange through the work station’s Network Interface Card (NIC) would only see traffic to and from these addresses for manufacturing purposes. Once IT engineers build a permitted network system, they now have a foundation of regular traffic that
is allowed to pass through the interface. For example, Wireshark’s ability to filter specific IPs can help expose unwanted network infiltration. Filtering is the most basic of Wireshark’s function but also one of the most effective. The number of packets captured in a single analysis is substantial and the filter therefore eliminates ‘noise’ that is useless for seeking undesired packet exchanges. File integrity monitoring tool The sheer amount of data stored in any given computer is nearly incomprehensible to the ordinary person. Data integrity, defined as the accuracy and consistency of stored data, is critical for pharmaceutical companies to keep accurate and credible as outlined by FDA guidelines. Tripwire is a file integrity monitoring tool to capture a baseline of system files and network device configurations. In short, Tripwire uses an authentic reference of the system’s state to continuously seek out any and all changes made in the system. While doing so, it ensures the inevitable changes made to the system are authorised and expected. Data block monitoring tool SNAP7 is an open source library enabling communication designed for Siemens S7 PLC. It is primarily used in this regard to download data blocks directly from the PLC so that it gives users the ability to monitor and analyse data on multiple layers. The ability to supervise process data on different layers makes potential masking of values less effective for hackers. Reading data blocks gives way for the design of the CPS Tool to directly read information from the PLC without referring to equipment and software HMI where it has been known to be vulnerable to detrimental manipulation. Cyber-physical Security (CPS) tool A new software tool has been developed catered to the needs of a pharmaceutical manufacturing plant. The tool takes advantage of the fact that operators and engineers have the upper hand in manufacturing knowledge. Ultimately, the CPS Tool serves as the defence mechanism most relevant to the continuous pharmaceutical manufacturing pilot plant to date.
Figure 4: Demonstrative case study: Unauthorised Changes in File System
Results and discussion The above mentioned tools have been integrated with pharmaceutical manufacturing plant to protect it from cyberphysical security risk and their performance have been evaluated. One of the applications of the network traffic analyser tool is shown in Figure 3. As shown in the figure, by typing “ip.adr == X.X.X.X” into the filter tool bar, the application will enable the access and security of that network. (Figure 3) One of the applications of the file integrity tool is shown in Figure 4. As shown in the figure, the authorised and unauthorised access of the work station can be identified using this tool. For demonstration purposes, a baseline was set shortly after download for the application’s reference. It should be noted that, for the demonstration purposes the base line was set purposefully in such a way so that some unauthorised access can be created. Scan frequency was set to daily for seven days. It showed 48 unauthorised changes most days, implying the baseline should be updated or action be taken to stop them. Similarly, the applications of other cyber-physical security tools have been demonstrated for the security of pharmaceutical manufacturing process. (Figure 4)
These methods are some of the most basic strategies employed by many compa
nies worldwide. No matter the amount of resources exhausted into prevention of cyber-physical attacks, those such as Stuxnet and WannaCry continue to show that attackers are often one step ahead in finding network vulnerabilities. For long term safety and success, the pharmaceutical industry must go the extra mile and strive to be proactive.
Conclusions Existing cyber-physical security measures such as those mentioned previously, and proactive IT teams have proved inadequate against malicious attackers. Pharmaceutical manufacturing plants need to accept that even with advanced cyber security, the human element in the setup of network infrastructures allows gaps, allowing criminals access to the plants. A proposed cyber-physical security tool boosts the defence against an attack by implementing an additional protection layer. The Cyber-physical Security Tool
(CPS Tool) may work in the favour of manufacturing plants by customisation of its defence scheme. Utilising inner knowledge of the complex process that is continuous manufacturing provides the upper hand to its users. Inspection of Critical Process Parameter (CPP) data in multiple layers for particular unit operations separately and collectively grants the most complete and authentic view into the manufacturing plant. A novel CPS Tool (developed in house) recognises the advantage of incorporating plant actuators and sensors to curb attempts at maliciously manipulating the system. This is an absolute necessity which should have been implemented in all pharmaceutical manufacturing plants long ago.
Acknowledgements This work is supported by the National Science Foundation Engineering Research Center on Structured Organic Particulate Systems (C-SOPS), and Siemens Corporation Inc. References are available at www.pharmafocusasia.com
AUTHOR BIO
Ravendra Singh is Assistant Research Professor at C-SOPS, Rutgers University, NJ, USA. He is the recipient of prestigious EFCE Excellence Award from European Federation of Chemical Engineering. His research focus is pharmaceutical systems engineering. He is PI/Co-PI of several projects funded by FDA and pharmaceutical companies. He has published more than 64 papers, written 12 book chapters, presented at over 100 conferences and edited one pharmaceutical systems engineering book published by Elsevier.
MEDAPP: Paving the way for Patient Support Programs
The modern society is growing rapidly and while healthcare seems to be becoming more accessible and affordable, at the grass root it still doesn’t seem to become patient-friendly. We have more apps than ever before to serve even the most remote regions of the country, yet as the capital of chronic diseases, we are simply not being to cope up with the burden of chronic diseases and manage them well. What began as a one-stop home healthcare solution to address these concerns, Medapp has now evolved into a service provider to pharmaceuticals and fortune companies to enable better healthcare delivery.
In spite of immense technological advancements, it’s largely the urban population that benefits the most of these upgrades. The rural areas still battle with healthcare basics and even primary healthcare is a challenge there. In a country where the mere awareness of a possibility of a condition remains low, it is obvious that a large population is undiagnosed and therefore, untreated. Taking healthcare down these by-lanes of the country is the challenge.
Who is Medapp It is said that the speed of the slowest member of the team determines a team’s speed. Medapp, founded by Niranjan Swamy, a trained nurse himself further to be a principal of a nursing college and seasoned educator for nurses and paramedics, was formed with the intent to delivering better healthcare than what’s prevalent - Dr Shiraz Nisar who is a co founder and Chief medical officer comes with a baggage of experience, he is an alumni of Cleveland Clinic and now serves as a Chairman of Medicine for University chain of hospitals back in Cleveland Ohio. Nabeel Ahmed on the marketing front comes with over 9 years of experience in the field of sales and marketing. Dr Vinod Singh is at the helm of operations and brings over a decade of healthcare and hospital industry experience. Sinu George, Director of Medapp, and a master’s in Nursing education and administration has ably guided over 5000 nurses and carries this passion for teaching and guiding the nursing staff of Medapp with a deft hand. Co-founder and Director, Krishna Raghavan, with his extensive industry network, is indispensable to business development. Together, this passionate and immensely talented team is what truly sets Medapp apart.
The Journey so far Medapp began as an app to Uberise home healthcare in Mysore, Karnataka delivering services like sample pickups, ECG at home, vaccination, fever management, wound management, and chronic disease management.
Seeing the need of the healthcare in a town like Mysore, the team quickly realised what must be the plight of individuals in smaller towns and villages across the country. Quickly, the company evolved and branched out into a service provider for pharma giants and fortune companies to reach out to a greater patient base. They quickly headquartered in Bangalore and Delhi was a must-do right after and they soon put up offices across locations.
The company’s presence in a span of 18 months grew from one state to 12 states. In fact, by the end of 2019, Medapp has successful presence in 80% of Tier II and III cities in India. Looking at figures from a strategic and financial stand point the company chose to be bootstrapped and continues to grow under the leadership of the dream team.
Products and Services Nursing excellence and operational astuteness are the two pillars of Medapp’s success, the team takes pride is stating that there have been 0 no shows in their entire journey. The two major services that drive business and growth for Medapp are Patient support programmes and Point of Care Diagnostics. Figure 01: Artboard PSP
a. Patient Support Programs Primary and secondary care has been made convenient by our programs. Our programs include counselling, home infusion, geriatric care, drug and medicine administration, care and disease management, physiotherapy and dietician services.
Figure 01: Artboard PSP
There has been an increase in the shift of mind set of pharmaceutical companies from being product oriented to patient oriented on dealing with certain type of therapy areas. In fact, spending on such initiatives has risen nearly three folds in the recent years. To provide patient service is when Medapp comes into play.
b. Point of care services In a world where nobody has time, point of care diagnostics make a huge difference in ensuring timely diagnosis, and planning treatment regimen. They also reduce leakage of patients from hospitals and private clinics of doctors. Medapp uses the latest machines for accurate and rapid diagnosis of some of the commonest conditions like diabetes and its complications; coronary heart disease and heart
attack, bone mineral density, pulmonary embolism, lung function tests, etc. Figure 02: Artboard POCT
c. One-stop solutions for all healthcare services As an enabler of wellness, we provide one stop solution for all healthcare needs of a corporate entity or manufacturing companies. Be it onsite injections or infusions, emergency medical services or primary healthcare services like wound care, Medapp is an all-in-one healthcare solution.
d. Corporate Wellness Customised wellness solutions for corporates are our forte. Ranging from providing tailor-made solutions via empanelling nutritionists, personal trainers, physicians, to specialty consultants, we ensure that everyone gets what they need as healthcare requirements differ for each individual. We can create packages that differ based on therapy areas, or geographical location, or seniority, and so on.
e. Screening and awareness camps Starting with diabetes screening programs, Medapp has now diversified into respiratory as well as allergy screening camps. These camps enable pharmaceuticals to reach out to thousands of patients in one session and not just empower them with knowledge to improve their health, but also with a clear path of treatment and counselling sessions at the end.
f. Occupational Healthcare Centre for industries Injuries are very natural while you have physical work. As per the factories act of 1948 any industry that deals with hard labour and that has more than 500 employees must have an OHC in place. We take the micro management of this from industries and take over as our expertise lies there.
Medapp for it’s tremendous contribution in the field of healthcare has been awarded many awards Figure 02: Artboard POCT like The Global Achiever’s award for the Best Solution Based Healthcare Startup.
Living in the capital of diseases yet not a leader for disease management, that is where Medapp wants to fill up. An end-to-end healthcare solution company is how the dream team envisions Medapp of the future. With every step, slowly but surely, this goal appears closer.
Company.......................................................................Page No. Company.......................................................................Page No.
STRATEGY Cantel Medical ........................................................................... IFC
Dishman Carbogen Amcis Limited..............................................07
Emirates SkyCargo..................................................................OBC
Medical Manufacturing Asia .................................................. 17-18
Qatar Airways...............................................................................11
Swiss World Cargo ......................................................................15
RESEARCH & DEVELOPMENT Bachem ........................................................................................37
Dishman Carbogen Amcis Limited..............................................07
F. P. S. Food and Pharma Systems Srl ............................ 23, 44-45
Kompress (India) Pvt. Ltd ............................................................09
Lonza..........................................................................................IBC
Quantys Clinical Pvt. Ltd..............................................................49 CLINICAL TRIALS Bachem ........................................................................................37 Hoong-A Corporation ..................................................................05 Quantys Clinical Pvt. Ltd..............................................................49 Rousselot .....................................................................................39
MANUFACTURING Cantel Medical ........................................................................... IFC Dishman Carbogen Amcis Limited..............................................07 F. P. S. Food and Pharma Systems Srl ............................ 23, 44-45 Hoong-A Corporation ..................................................................05 Kompress (India) Pvt. Ltd ............................................................09 Lonza..........................................................................................IBC Rousselot .....................................................................................39 Valsteam ADCA Engineering .......................................................03
INFORMATION TECHNOLOGY Kompress (India) Pvt. Ltd ............................................................09 medapp................................................................................. 61- 63
SUPPLIERS GUIDE
Company.......................................................................Page No. Company.......................................................................Page No.
Bachem ..................................................................................... 37 www.bachem.com
Cantel Medical ........................................................................ IFC www.cantelmedical.com
Dishman Carbogen Amcis Limited........................................... 07 www.dishmangroup.com
Emirates SkyCargo............................................................... OBC www.skycargo.com/emiratespharma
F. P. S. Food and Pharma Systems Srl ..........................23, 44-45 www.foodpharmasystems.com
Hong Kong International Airport..........................................50-51 www.hongkongairport.com
Hoong-A Corporation ............................................................... 05 www.ha1511.com
Kompress (India) Pvt. Ltd ......................................................... 09 www.kompressindia.com Lonza....................................................................................... IBC http://pharma.lonza.com/
medapp................................................................................61-63 www.medapp.in
Medical Manufacturing Asia ................................................17-19 www.medmanufacturing-asia.com
Qatar Airways............................................................................ 11 www.qrcargo.com/qrpharma
Quantys Clinical Pvt. Ltd........................................................... 49 www.quantysclinical.com
Rousselot .................................................................................. 39 www.rousselot.com
Swiss World Cargo ................................................................... 15 www.swissworldcargo.com
Valsteam ADCA Engineering .................................................... 03 www.valsteam.com
NOT ALL CAPSULES ARE CREATED EQUAL.
EXCiPACT™ GDP and GMP or equivalent
Control delegation - Qualified Vendor Program
Superior quality achieved with Coni-Snap® Sigma Series
