07/06/2022 | Digital Innovation

Process Protection

Security in terms of products and the way they are produced and delivered has always been paramount in the pharmaceutical industry. But the increase in digitisation brings with it new challenges.

Product and process security for the pharmaceutical and chemical industries are caught between cyber security (IT) issues and traditional process issues (OT). Although the transition to automation, networking and Industry 4.0 has been going on for a long time, the opportunities have no boundaries. Within the intensive exchanges between IT experts and those with high levels of authourity on OT matters, it is important to find ways that bring digitization and security together. The human factor will obviously have to remain for safety reasons for the foreseeable future, which is why it’s important that this is backed by intensive training. There are still those keen to point out that classic hardline systems not connected to WiFi are the most secure. On the other hand, it‘s a fact that the creativity of criminal hackers is increasing all the time and new gateways are being found, such as via so-called social hacking or the smuggling of prepared USB sticks.

Potentials, risks and laws: the status quo

At the same time, systems controlled by smart sensors bring greater efficiency and productivity. More data than ever can be brought together and evaluated quickly, which leads to greater transparency and increased knowledge. Being able to control several systems remotely also has a clear advantage, which is why even the most sensitive areas such as the pharmaceutical and chemical industries are gradually moving in the direction of networking, sensor technology and the like.

The increasing requirements in the area of IT and cyber security provide the framework for the current discussion about product and process security. Whether it’s the Cyber Security Law in China, the IT Security Law 2.0 of the Federal Office for Information Security in Germany or the Cyber Security Law CISA in the USA, companies that are assigned to critical infrastructures will have to comply with a broad variety of requirements to prove that they have implemented clearly defined IT security measures. This has been a long journey so far and the issues are becoming more sophisticated, as various technological trends are now playing significant roles.

The Industrial Internet of Things (IIoT)

Driven by the IT priorities, modern systems are created under the buzzword Industrial Internet of Things in which all systems and devices are networked and form their own, individual, networks. There is a strong focus on increasing optimisation with a view to enhancing productivity and efficiency and, in turn, ensuring the competitiveness of companies.

Using the technology of edge computing, data should be analysed close to the data source in order to be able to do so without the involvement of either central nodes or data centres. So-called distributed ledger technologies are now being considered as ways of making such systems inaccessible from the outside. Examples of this can often include well-known examples such as blockchain, for which adjustments in terms of scalability are still necessary in the IoT application, and IOTA (cryptocurrency), a tangle-based approach.

The human factor

At the moment, the trend towards autonomous driving has sparked intense debate on safety in terms of the relationship between algorithms and the input by humans. Who or what has the ability to make an instant decision in an emergency, for example – and which decision is ultimately the right one? The same applies to the situation that exists within companies, where the areas to be controlled are many times more complex than those involving road traffic. A high degree of awareness and extensive expertise are both required to ensure that employees do not become a point of attack, but rather a control instance.

This is something that can only be achieved through continuous training in all areas of product and process safety, because of the simple fact that what was valid yesterday may already be outdated by tomorrow.

Certification of AI

Trust in technology is taken to extremes by systems or machines that are able to learn autonomously and write their own algorithms. Even if this results in systems that can be far more powerful than concepts that are developed by people, the question of security remains to the fore, nevertheless This is why work is taking place on an international scale and at all levels to streamline regulation and certification requirements and achieve the clearest possible framework for the use of AI and machine learning. This is the prerequisite for implementing corresponding concepts in the process industry.

Track and trace rolled out

When it comes to product safety, Track and Trace has long been an issue, with the focus on traceability from origin to the end product or even to the consumer. The current focus is on further deepening and detailing mechanisms to prevent manipulation and - in the case of pharmaceutical companies - to ensure an active substance reaches the patient in an unadulterated form. The process extends to branding and coating tablets to prevent confusion with counterfeits.

Secure process in a digital world

Finally, a brief look at current trends shows that networking will increase and digitisation is making its way more and more into the process industry. However, this makes attacks potentially more lucrative, so that the threat from cyber attacks becomes even more critical. The bundling of know-how, the industry-wide exchange of experts and the prioritizing of product and process security including cyber security in companies will therefore be the key to future success and the security of critical infrastructures.

A sector at risk on the home front

Threats to the chemical industry are significant, given its place within the essential fabric of many countries, alongside the likes of food, energy and water. Added to that, the link between the chemical and pharmaceuticals sector makes the protection of plants even more important, specifically since 2020 when officebased employees were forced to work from home. IT departments found themselves having to increase security around database log-ins, password protection and authentication. While ransomware attacks have been grabbing the headlines, much more common and insidious forms of attack come in the form of phishing, catfishing - such as the use of fake persona - and pretexting.


Dr Alexander Möller

Keywords in this article:

#product and process security

Find more contributions:

Detailed search in the magazine


Always up to date

With our newsletter you will receive current information on ACHEMA on a regular basis. You are guaranteed not to miss any important dates.

Subscribe now