COVID-19 vaccines are literally worth more than gold. That’s the kind of value that criminal elements and other bad actors like to exploit.
Behind the scenes, governments and industry are adding new layers of security to prevent them from stealing the new biologic medicines or their digital recipes. The most visible sign that COVID vaccines are no ordinary shipments is the presence of armed U.S. marshals on the floor of distribution centers and in vehicle escorts.
“Throughout the process we’ve been concerned with protecting intellectual property, protecting data as well as physical theft,” U.S. Army Brig. Gen. Michael “Mac” McCurry, the director of security and assurance for Operation Warp Speed, said in an exclusive interview.
“There’s all kinds of people interested in what we were undertaking. There’s foreign interests [ like intelligence services], criminal elements and individuals that just like to cause havoc,” he said, “and groups that might have special interests counter to what we’re delivering.”
Billions of vaccine doses will be shipped worldwide in what is likely the most anticipated pharmaceutical production and immunization campaign in history. Every step of the vaccines’ development has been closely followed by the media. The departure of FedEx and UPS trucks with the first loads of Pfizer (NYSE: PFE) and Moderna (NASDQ: MRNA) vaccines was broadcast around the world on television. And with 1.7 million deaths worldwide during the pandemic, manufacturers and logistics companies face unprecedented pressure to rush shipments to the public while also maintaining stringent controls on temperature and delivery accuracy.
Experts say organized crime groups are aware of the value of each vaccine dose and are looking for ways to intercept shipments. Earlier this month IBM’s security subsidiary issued a report on malicious cyber actors targeting the COVID-19 cold chain.
In an unusual move befitting a national emergency, the U.S. government is providing extra security above the stringent steps pharmaceutical companies and their transport providers normally take.
McCurry said Operation Warp Speed, the public-private task force coordinating vaccine logistics, is leveraging a wide array of law enforcement and security capabilities, as well as industry partners such as the Healthcare Distribution Alliance and the Pharmaceutical Cargo Security Coalition.
Operation Warp Speed is led by the departments of Defense and Health and Human Services (HHS). The FBI and Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) are playing key security roles.
“Every day we’re comparing notes,” said McCurry, a 34-year Army veteran who headed aviation on the Army’s headquarters staff at the Pentagon before being detailed to Operation Warp Speed in May. “We’re researching and mapping out supply chains, gauging risk on each movement. We’re vetting participants in advance of their inclusion, with a liberal dose of tracking and monitoring technology” to prevent any supply chain disruption.
McCurry recently briefed 1,556 state, county and local law enforcement agencies on how to link up with state health care jurisdictions to provide final-mile security for FedEx Express (NYSE: FDX) and UPS (NYSE: UPS) package vans, as well as dosing sites such as pharmacies and doctors’ offices.
Operation Warp Speed built off a preexisting relationship between HHS and the U.S. Marshals Service to protect vaccine movements. U.S. marshals also provide security for the Strategic National Stockpile, which supplements state and local medical supplies and equipment during public health emergencies. Items in the stockpile, such as ventilators and personal protective equipment, are used as a short-term stopgap buffer when the immediate commercial supply of materials is not available or sufficient.
“The marshals are there for the first mile to get it into the hands of the shippers who are providing white-glove service and moving it to the jurisdictions … and that shippers have the right security apparatus on site,” McCurry told FreightWaves.
Pharmaceutical Supply Chain Threat
Pharmaceuticals may represent a small percentage of overall cargo thefts, but their value is typically much higher than for regular merchandise. A loss is very disruptive to drugmakers’ supply chains, especially to those who are delayed in receiving lifesaving drugs. Security experts say cargo thieves have been especially active this year hijacking shipments of personal protective equipment being rushed around the world to protect against COVID infection.
In addition to diversion of these critical supplies, stolen vaccines could be sold on the black market and even adulterated with more diluent to make them go farther. Even when stolen medicines are recovered, they often have to be destroyed out of concern that they have not been kept at proper temperatures and have diminished efficacy.
“The true cost of a lost pharma cargo is estimated to be between five to seven times the value of the product because of the domino effect it creates, including widespread product recalls, to say nothing of the reputational damage to companies,” said Thorsten Neumann, president of the Europe, Middle East and Africa region for the Transported Asset Protection Association (TAPA), in a statement last month.
“Product losses are clearly the biggest threat but contamination of pharma cargoes during a cargo crime – even if they are not actually stolen – can be just as damaging,” he added.
IBM Security X-force said cyber actors are sending phishing and spear-phishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails have posed as requests for quotations for participation in a vaccine program. IBM said the COVID vaccine phishing campaign spanned six countries and targeted organizations likely associated with Gavi, the Vaccine Alliance, and its Cold Chain Equipment Optimization Platform program. They include UNICEF and the European Commission’s Directorate-General for Taxation and Customs Union.
Who is behind the hacking program is unclear, but cybersecurity experts and officials suspect nations such as Russia, Iran and others of trying to steal information about the vaccines and other COVID treatments.
If vaccine thefts do occur, “the impact on the global community will be much more far-reaching than the theft of a single shipment of vaccines,” Neumann said.
TAPA provides incident reports to members, which helps companies avoid routing deliveries through cargo crime hot spots. The group also publishes standards and issues certifications for facility and truck security, as well as security for fully loaded truckloads while parked.
In some parts of the world, truck shipments may travel in secure convoys with military support to ensure safe delivery, according to TAPA.
“Our general approach has been to inform, harden and monitor in preparation to respond if necessary,” McCurry said. “Watching these threats, providing advisories out to our industry partners and offering services to harden networks around them and monitor them, that’s how we’ve collaborated with industry.”