In pharmaceutical manufacturing plants, it is sometimes the case that there is no single place to view an inventory of manufacturing assets. Conversely there may be many data sources with manual processes required to compile a single view. This is a problem for the entire enterprise, not just manufacturing; it is a constant and ongoing balance of enterprise (IT) vs manufacturing (OT) tools, policies and proceedures.
Managing this asset information can become a significant manual effort. Without trustworthy data, there is an unclear view of the cybersecurity risk that assets contribute to the manufacturing plant and enterprise. The absence of good information makes planning of patching and lifecycle management exceedingly difficult.
This compels manufacturers to develop Configuration Management Databases (CMDB’s) to maintain inventories of the assets used at their production facilities. Here the BioPhorum Cyber Security members have been investigating the underlying use cases that drive the design, needs and benefits of each member’s CMDB application/s. Through a compare and share process, they have asked the questions “What are our peers doing?”. This paper starts to draw parallels and highlight differences. It gives an insight into the complex and diverse ways of setting up, maintaining, and managing a manufacturing shop floor CMDB.
With each new challenge, organizations are working to improve their response and reduce the time and effort required. Companies are all investing in routine patching where possible, reducing this activity in urgent situations, as well as investing in other mitigation options such as isolation where appropriate – more options means reduced impact. This paper provides a summary of what the members of the BioPhorum IT Cyber Security Workstream are doing.
As the maturity of digital manufacturing plants increases, so does the risk of a cybersecurity or other digital incident. A successful phishing attack, for example, could adversely impact manufacturing operations and potentially take a facility offline for hours, days or even longer. A company's ability to minimize the risk of a digital disaster in its manufacturing plants, and quickly restore operations if one occurs, is a vital area for investment to ensure delivery of drug products to patients. To do this, biopharmaceutical manufacturers must understand the cyber resilience at their differing plants and how each site fits into the context of their overall business.
This paper characterizes this framework, and the associated mixed environments, to illustrate the drivers and success metrics for the key functions of business management of information systems, and that of plant-floor instrumentation and controls engineering. For people working in this arena, this paper will help develop an understanding of this landscape and foster a cooperative approach to implementing network resilience and cybersecurity solutions that allow more robust and secure delivery of essential drug products to the market.