But with automation comes increased cybersecurity risk
Now that COVID-19 vaccines are being introduced, the globe is embarking on the monumental challenge of distribution, ultimately into the arms of five billion or more people around the world. Pandemic experience has already made clear that supply chains can come under strain and underperform during times of crisis. The logistics of COVID-19 vaccine distribution will present newer challenges, as the effort will require government involvement, high levels of transparency, complex data exchanges, overcoming capacity constraints, and defenses against cyber-espionage.
Governments are likely to be the primary customers purchasing the vaccine doses, one reason why “governments have moved towards a more active role in medical supply chains,” noted Katja Busch, chief commercial officer at DHL. Governments also have an interest in mitigating theft, diversion, and counterfeiting, and will, according to a recent report from Descartes, “demand that logistics companies provide door-to-door tracking and visibility as well as the condition of the shipment.” Governments must also motivate skeptical publics to take the vaccines, another reason for supply-chain stringency.
Shipment visibility will require extensive data sharing among stakeholders, which is why governments, noted a recent DHL report, need to “specify clear data-capability requirements” and “standardized formats.”
Air Freight Capacity
The reliance on air cargo presents another set of problems. Air cargo capacity has become “insufficient and constrained” thanks to pandemic disruptions, according to Mikael Lind, a professor at Research Institutes of Sweden. There are also multiple “dead spots” in the visibility chain, noted Chris Jones, executive vice president at Descartes, because of the several handoffs typical in air cargo transportation.
“The limited cold chain infrastructure” and “the short expiration dates of vaccines,” said Lind, also underscore the need for end-to-end visibility of vaccine shipments. “Increased visibility and transparency of vaccine logistics data,” he said, “literally equates to more lives saved.”
All of these factors point to a requirement for an electronic ecosystem to facilitate the logistics of COVID vaccines. No existing platform covers all the visibility needed for a COVID vaccine response, the DHL report noted, but “there are five advancements in digital supply chain technology that have converged to help provide end-to-end visibility of COVID-19 vaccine shipments,” said Descartes’ Jones.
Tracking tags. The latest “are shipment-centric, work across the multiple parties that handle air cargo shipments, and can track the condition of the shipment including, temperature, humidity, light, shock and smoke,” said Jones. Recent advances in electronics have made the tags smaller, easier to deploy, less expensive to produce, and more rugged, he added, with longer tracking ranges and battery lives.
Mesh networks. “Mesh network technology fill in the dead spots that exist in airports and other points across the end-to-end pharmaceutical cold chain,” said Jones. They cost less to implement, are “more resilient,” and “can be located across the logistics chain in airports, air cargo stations, and loading docks to automatically capture the movement and status of shipments.”
Mobile apps. They help “track shipments at any point in the pharmaceutical cold chain and query their condition,” said Jones. Smartphones “provide greater flexibility to capture data, receive or deliver shipments, or interrogate shipment status on-demand. Any size of logistics organization can participate in the logistics chain by downloading the tracking app.”
The cloud. “A cloud-based tracking platform,” said Jones, is required “to scale and provide a unified shipment status.” A common repository that unifies end-to-end tracking data, he added, “is essential to eliminating the silos of tracking information that exist today. With one version of the truth, all participants will know the status of a shipment and be able to use that information to make better decisions.”
Open architecture. “Interoperability is going to be critical as no one technology provider will be able to deliver all of the tags and tracking hardware required,” said Jones. “The tracking network must allow any technology provider that meets tag or tracking standards to participate. This will increase the velocity of deployment, foster innovation, and help to keep costs down.”
The pandemic has accelerated the deployment of these technologies, Jones noted, and will continue to improve supply-chain operations for pharmaceuticals and other sensitive and high-value shipments. (See box in next column)
Cyber risks
The high degree of automation required to properly manage vaccine supply chains also heightens the risk of cybersecurity breaches. Remote employees working on unsecure servers was one risk identified in a Cybersecurity and Infrastructure Security Agency report from July. “Hackers could target” sensors “monitoring vaccine cold chains or use other targeted efforts,” the agency warned, “to undermine distribution or sow chaos.”
Soon after the availability of COVID vaccines had been announced in early December, IBM cybersecurity analysts uncovered an email phishing scheme targeting global COVID vaccine supply chains, and urged cold-chain companies to be “vigilant” and “on high alert.” Fraudulent emails impersonating an executive from China’s Haier Biomedical, a legitimate member of the COVID-19 vaccine supply chain, targeted organizations in Europe, South Korea, and Taiwan associated with the cold chain equipment program of Gavi, The Vaccine Partnership, an effort dedicated to providing vaccines to developing countries that includes the World Health Organization, UNICEF, the World Bank, and the Bill & Melinda Gates Foundation.
The purpose of the campaign “may have been to harvest credentials to gain future unauthorized access,” said an IBM report of the investigation, to gain insight into processes, methods, and plans to distribute a COVID-19 vaccine. “This includes information regarding infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it” and to “conduct cyber espionage and collect additional confidential information from the victim environments for future operations.”
While the identity of the bad actors is currently unknown, the report concluded that the targeting and nature of the targeted organizations “point to nation-state activity,” yet another reason for governments to step into this arena.