Freelance journalist and copywriter, Textual Healing

February 18, 2021

Sign up to free email newsletters

Download

Whitepaper: Effective Techniques for Robust OT Security

Vaccine security

Global COVID vaccination programme fraught with security challenges

Julian Hall explores the security challenges behind rolling out vaccination programmes, as authorities worldwide contend with physical and cyber threats to operations.

COVID-VaccinationSecurity-21The UK Government’s target of 15 million vaccines administered by mid-February was met this weekend, and with it the UK has reached an important milestone. However, not everyone in vulnerable categories has been reached and the lifting of restrictions, particularly social distancing, looks increasingly dependent on a more comprehensive vaccine rollout.

What of the security operation behind the rollout? The Government will only say that it takes the security of vaccines “extremely seriously” and that, to ensure this, it’s working directly with suppliers and national and international law enforcement agencies, discussing, among other things, “counterfeiting measures and secure transport.”

So, what are the logistics involved in getting the vaccine to those who need it?

Worldwide, the vaccine rollout has not been without incident. Among these incidents were Moderna vaccine vials being stolen from a Florida hospital and then there are the widespread reports of scammers offering vaccines to the elderly or vulnerable (a recent report involved fraudsters stealing the identities of doctors to sell vaccines), and vaccine data itself has been hacked into for the purposes of discrediting it.

On both a physical and cyber security level, the vaccine has meant an additional challenge for authorities, but one that is imperative to meet.

Transportation and tracking

Speaking to asmag.com, the CEO of Malaysian electronic security system integration firm Maxitulin, Verghese Thirumala, explained the kind of physical security threat faced by the transportation of the vaccine.

“In most cases, the possibility of an attack is the highest at last mile of delivery,” he said. “Normally, the vaccines would be moved from a manufacturing facility to the departure airport from where it goes to the destination airport and then to the distribution centres. From the distribution centres, the vaccines then start spreading out. If you look at the history, between Nov 2019 and Nov 2020, 58 cases of pharmaceutical thefts have been reported by Transported Assets Protection Association (TAPA).”

Thirumula underlines the importance of drivers using various types of trackers, including a standard one powered by batteries and a solar on. “They should also have RFID Bluetooth trackers, which are small devices that you can place in four or five different parts of the vehicle. If somebody’s able to hijack the vehicle, they’ll definitely cut off the tracker. These Bluetooth trackers that use RFID ultra-high frequency range would help identify the last tracked GPS point.”

Storage logistics

In terms of on-site stockpiles, rising incidences of terrorism in the years before the pandemic have changed the rules around storing hazardous substances. As Marketing Manager of Technocover, Terry Batten informs, “sites which manage certain specially listed pathogens or toxins must notify the Home Office and their security arrangements are subject to approval by NaCTSO (National Counter Terrorism Security Office).”

“Depending on the assessed risks specific to a site, secure storage will rely on a multi-layered system of security technology and management protocols,” says Batten, adding “this may include perimeter security, CCTV, biometrics, alarms and an adopted system of access control, allowing different levels of site movement for authorised personnel.”

Underscoring all of this is the adoption of the LPCB (Loss Prevention Certification Board) approval system for critical assets and infrastructure. Accepted by the UK government as an appropriate certification regime alongside CPNI badged systems, LPCB approval is a sign that equipment has been tested under the conditions of a simulated attack.

In the US, several healthcare systems responded to a piece by Forbes and indicated that they keep their supply of COVID-19 vaccines in locked rooms, with limited access. For example, the pharmacies belonging to South Dakota-based group Sanford Healthcare system are, reports asmag.com, “all locked rooms, covered by video cameras and equipped with bulletproof glass.” The COVID-19 vaccines lie within these rooms, inside padlocked freezers. No one is taking any chances!

Back in the UK, the threat of theft and scams has been flagged by the NHS, particularly the theft of vaccine packaging that could help fraudsters con elderly or vulnerable people that they are having a legitimate injection. To combat this threat vaccination centres have been asked to store packaging securely and destroy it “either through existing confidential waste processes in GP surgeries and hospital hubs or stored in secure containers and shredded on site at the mass vaccination centres.”

In addition, Barkers Fencing has highlighted that interest in high-security fencing for vaccine centres has increased in recent months. The company advises that high-security fencing can provide the first layer of security against potential intruders, with a minimum of CPNI or LPS1175 B3 (previously SR2) rated products providing the ideal solution to delay attacks using tools such as drills, gas torches and crowbars. For higher risk sites, LPS 1175 C5 rated products can protect against powered tools. While security gates and turnstiles that have equivalent levels of protection should also be considered.

What are vaccine manufacturers doing to combat security threats?

When contacted by IFSEC Global about potential security threats, Pfizer responded and said that it wastaking meticulous steps to reduce the risk of counterfeiting,” adding that the company “tracks trends very carefully and have processes in place to identify threats to the legitimate supply chain.”

Among these measures were “detailed logistical plans and tools to support effective vaccine transport, storage and continuous temperature monitoring”, an example of which was “utilising GPS-enabled thermal sensors in every thermal shipper with a control tower that will track the location and temperature of each vaccine shipment across their pre-set routes.”

Pfizer was keen to add that patients should never try to secure a vaccine online — “no legitimate vaccine is sold online — and only to get vaccinated at certified vaccination centers or by certified healthcare providers.”

Vaccine hackers

Counterfeit goods are not the only online threat, of course. Leading the charge on cyber security threats is the NCSC – the National Security Centre, part of GCHQ.

Last April, the NCSC collaborated with its counterparts in the United States – the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) – to expose new cyber threats and scams that were using government branding and purported to be about COVID-19. Then, the following July, the NCSC and Canada’s Communications Security Establishment (CSE) exposed Russian attacks on coronavirus vaccine development.

“Since the outbreak of COVID-19, the National Cyber Security Centre’s top priority has been the cyber security and resilience of the UK’s health sector,” said a spokesperson. “This includes ongoing and proactive support to vaccine research, manufacturing, and supply chains in order to reduce and mitigate the risks of cyber attacks impacting on their vital work.”

“Working alongside our allies, the NCSC is committed to protecting our most critical assets, the health sector, and crucial vaccine research and development against threats.”

Advice and guidance for businesses of all sizes can be found on the NCSC website.

Subscribe to the IFSEC Global weekly newsletter

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Global's essential weekly newsletter. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments