I Am The Cavalry’s Josh Corman and Beau Woods were featured in The Verge discussing their work on a task force within the Cybersecurity and Infrastructure Security Agency (CISA) focused on protecting the COVID-19 vaccine supply chain from cyber threats.
Excerpts from The Verge:
“Last fall, a tiny company no one had ever heard of was keeping Josh Corman up at night. It was one of the only groups in the world that made an ingredient that pharmaceutical companies like Moderna and Pfizer / BioNTech needed to make the mRNA COVID-19 vaccines. And it didn’t employ a single cybersecurity expert.”
“You could sneeze on that one company, and they would be disrupted. And if they were disrupted, we’d be living in a very different world right now because they were so critical to those mRNA candidates,” says Corman.
“‘Operation Warp Speed is generally described as being around the 30 biggest companies related to vaccines — research, delivery, and all the way to shipping out to states,’ says Beau Woods, a senior adviser at CISA working on the COVID-19 task force.”
“But there were more companies involved with the vaccine development, production, and distribution process than just the ones on that list. Each of those 30 or so companies have their own supply chains,” Woods says.
“We identified people who were never nominated at all, but bubbled up right to the top. Those were some of the most critically important weak links in the chain,” Corman says.
“A lot of them are smaller. In some cases, they’d have fewer than 100 people, and may not have traditionally looked at cybersecurity threats, Woods says. Because they were involved in the vaccine process, they were targets for hackers, but they didn’t have the know-how to protect against threats. That’s where we focused, he says.”
“The task force was able to offer services like scanning company systems for cybersecurity vulnerabilities and custom cyberintelligence tools, Woods says. But one of the most important parts of outreach was just creating a relationship with the company so that CISA was able to quickly relay any important information.”
“‘Part of it is just working out that trust, so that when they pick up the phone, they know who you are,’ he says. The work the task force did on the vaccine supply chain could also be a model for other projects in the future, he says. ‘A lot of times when the government works with the private sector, they’re most engaged with larger organizations because they don’t have connections with the smaller ones,’ Woods says. This work showed that many times, the riskiest areas are actually those smaller organizations.”
“So far, the COVID-19 vaccine development and distribution process hasn’t been delayed by any cyberattacks.”