The Vaccine Supply Chain Is Now the Most Valuable Cyber Target in the World

In July, the U.S. and U.K. accused Russia of trying to steal vaccine research. Russia and North Korea have targeted vaccine production facilities, attempting to steal information. This was the first in a number of publicly disclosed cyber-enabled attacks—some carried out by nation states, some not—on vaccine research, production, and distribution facilities. In October, cyber criminals reportedly caused a shutdown of global manufacturing systems of a laboratory that had just received permission to manufacture Russia’s Sputnik vaccine. The Solarwinds attack targeted the U.S. National Institutes of Health, while Russian criminal groups continue to launch attacks on U.S. hospitals. The recent Hafnium Windows server exploit also targeted the U.K.’s National Health Services.

Vaccine information is a poorly guarded treasure for malicious interference and foreign espionage, and the attacks we see on the news are the ones we know about. The true number of malicious attacks will be significantly higher. It might seem that stealing vaccine research isn’t a big deal: After all, we want everyone to get vaccinated, so why not share the information? But once someone has access to steal the vaccine, they have the access to do anything they want. It is not as if cyber criminals are going to steal all vaccine production research and spin up functional vaccine facilities elsewhere—and if they did, we’re not sure we’d even care. More vaccine is better. These criminals are trying to disrupt production, not counterfeit it. That leads to less vaccine and more deaths. The vulnerable vaccine supply chain is in desperate need of better security....