Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

  • Twitter
  • Facebook
  • LinkedIn

Securing Pharmaceutical Manufacturing Against Industrial Cyber Threats

Securing Pharmaceutical Manufacturing Against Industrial Cyber Threats

With the rise of sophisticated cyberattacks, pharmaceutical companies must look beyond IT and secure the industrial control systems at the heart of their manufacturing processes.

Pharmaceutical companies are a primary target of cyberattacks. After all, formulas of new drugs are highly valuable. A breach into drug manufacturing systems can easily lead to a wide range of operational disruptions – including production downtime – and can result in inefficient or poisonous drugs, spillage of hazardous materials and other undesired outcomes. For the pharmaceutical industry, ensuring product quality is undoubtedly a fundamental concern.

At the heart of pharmaceutical manufacturing facilities lie the industrial control systems (ICS) which manage and automate drug manufacturing processes. They control production quality and ensure that chemicals and other substances are mixed, heated and cooled in strict accordance with each drug's specification. 

Since pharma products are manufactured using complex processes, increasing business value exists in connecting operational technology (OT) and IT systems, which is driving deeper integration between IT and operational networks. With the efficiencies and cost savings offered by the blurred lines between IT and operational technologies comes greater risk that external attackers can reach ICS through an IT network breach.

Any incident that compromises ICS – due to a sophisticated cyberattack or innocent human error – can have severe consequences. Months of revalidations may be required before resuming operations, which may result in major financial losses and considerable reputational damage. To avoid such incidents, and comply with federal regulation requirements, pharmaceutical manufacturers need better visibility and control into their ICS networks.

External and internal security threats to pharma manufacturing systems

Despite the substantial growth of external cyberattacks against ICS networks, pharmaceutical manufacturers still report that their biggest security concern actually comes from insiders.

Trusted employees, contractors and integrators who work on these complex, technologically intensive manufacturing processes can cause a wide range of disruptions, unintended outcomes and significant damage. Malicious insiders have direct access to manufacturing processes and therefore have the ability to sabotage these systems.

Another major concern is, of course, human error. Unintentional mistakes are the leading cause of operational downtime. Simple errors such as making changes to the wrong programmable logic controller (PLC), or incomplete maintenance to distributed control systems (DCS), can cause a wide range of disruptions and downtime, and result in undesirable products.

FDA requirements for drug manufacturing: Zero changes to DCS systems

In the U.S., the Food and Drug Administration (FDA) stipulates that drug products be produced with a high degree of assurance that they contain all of the attributes they are intended to possess. It requires manufacturers to maintain processes in a state of control over their entire lifecycle, even as materials, equipment, the production environment, personnel and manufacturing procedures change.

Given that drug manufacturing processes rely on ICS, these systems cannot undergo any unintended changes. All access to critical assets in these systems must be tracked, including PLCs and DCS.

However, ICS do not include built-in tools to enable automated tracking of assets and changes. As a result, this requirement has been addressed using manual procedures, which are inaccurate and resource-intensive.

The root of the problem: Lack of visibility and control in ICS networks

Despite operating in a highly regulated environment, ICS networks used in pharma manufacturing lack basic controls required to ensure that FDA requirements are being met. For example, most control devices such as PLCs, remote terminal units (RTUs) and DCS controllers lack authentication, use default passwords, and fail to encrypt their communication. This makes it virtually impossible to prevent unauthorized changes to these systems.  

To make matters worse, the lack of event logs makes it very difficult to identify changes. This lack of visibility and control in ICS networks prevents the early detection of incidents, whether caused by cyberattacks or human error. As a result, problems are often detected too late – usually after disruptions have occurred and damaged goods are produced.

Enabling accurate, secure and continuous pharma manufacturing processes

The primary security challenge in pharma manufacturing, similar to most industries, is visibility into engineering activities. In ICS networks, changes to control logic, PLC firmware and configuration are executed over proprietary, vendor-specific protocols known as the control plane.

Each OT vendor uses their own implementation of the IEC-61131 standard for programmable controllers, and since these are rarely documented, it creates a “black box” syndrome.

Since changes to critical assets controlling manufacturing processes are executed using proprietary vendor-specific protocols, there is no standard way to monitor and detect changes – whether malicious or unintentional – until it’s too late.

How can Tenable’s industrial cybersecurity solution help?

Tenable’s OT security platform, Tenable.ot, enables engineers and security personnel to secure and control pharma manufacturing processes. The platform monitors and tracks all ICS activity, including engineering-level access to control devices. Using patent-pending technology, Tenable offers full visibility into the critical control plane activity, uniquely identifying changes made to firmware, logic, code and hardware configuration.

Tenable.ot also allows pharmaceutical manufacturing companies to meet FDA requirements, protect their intellectual property and reduce the risk of a damaging security breach by offering the following capabilities:

  • Full tracking of ICS activities enables manufacturers to verify that no unauthorized changes are made to ICS and other sensitive processes
  • Real-time alerts provide early detection of suspicious and unauthorized access so engineering staff can quickly address the issue and avert or minimize damage
  • Logging of detailed information about each incident, whether legitimate or malicious, allows engineers to quickly pinpoint the cause of the incident and shorten mitigation times
  • Comprehensive audit trail helps engineers ensure maintenance was performed on schedule, while enabling security teams to identify unauthorized changes and determine the root cause
  • Replacement of error-prone manual tracking with efficient and accurate automated asset management processes, which helps reduce costs and resource investments

For more best practices in securing your supply chain from cyber threats, check out Tenable’s solution overview for pharma manufacturing.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a Demo

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.

Request a Demo


Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.