Pharmaceutical
The pharmaceutical industry faces very similar problems to manufacturing, with the difference that R&D is carried out under greater time pressure and at very high cost. Here, ensuring confidentiality is of paramount importance because of the real threat of industrial espionage.
Difficulties raised by digitalisation
Challenges
CIA versus AIC
Normally, the CIA triad works as a rule of thumb in an organization as a model to guide policies for information security - confidentiality is the most important factor to consider here. However, infrastructures this huge and important cannot consider to compromise Availability even for a short period of time. CIA becomes AIC when it comes to cyber-physical systems, and this shift in perspective often requires a completely different set of skills from cybersecurity experts. Furthermore, pharma companies work with special materials and they handle these materials in automated and digitalised systems for efficiency (since R&D is that expensive).
Hybrid infrastructure
They have large, sprawling hybrid (converged IT and OT) infrastructures - which create specific security exposures and require different skills to defend. In addition, they are often spread across multiple sites. As in other types of manufacturing, legacy systems, vendors and a lack of transparency are problems here too.
When being prepared is not enough
No matter how regulated an industry is, how cautious and rigorous the members of this industry are, regarding cybersecurity, something always can happen, which may result in environmental or health damage, due to different chemichals of the manufacturing process. Even the safest system can be compromised with enough time and effort, and when this happens, the best professional help is needed.
