Medical device and pharmaceuticals - where is ICS cyber security

May 13, 2013
December 2011, I attended the POLCYB meeting in Los Angeles. A major pharmaceutical manufacturer attended. The pharmaceutical representative mentioned they had not addressed ICS cyber security as they had simply not considered it and there was no regulatory driver.

December 2011, I attended the POLCYB meeting in Los Angeles. A major pharmaceutical manufacturer attended. The pharmaceutical representative mentioned they had not addressed ICS cyber security as they had simply not considered it and there was no regulatory driver.

April 11th, 2013, I attended the San Francisco Electronic Crimes Task Force Medical Device Security Conference ( see previous blog on the meeting). If they didn't continue to repeat the words "medical device", the conference could have been an electric, water, chemical, mass transit, manufacturing, etc ICS cyber security conference. The discussions and presentations demonstrated the medical device community was generally in denial, or unaware, about ICS cyber security.

May 10th, 2013, I had a discussion with a representative from a small pharmaceutical company. When I mentioned cyber security, he said it didn't affect them as they were small and their systems were isolated. When we talked further, he stated that a small company on the other side of the country had access to the programmable logic controller (PLC) controlling their manufacturing process. He went on to say that their contractual documents only addressed confidentiality not security and there was no regulatory driver to look further.

Even though these are anecdotal, it appears many in the medical device and pharmaceutical industries do not understand and are not addressing ICS cyber security.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.