Dangerous Liaisons: Terrorism and Pharma - Pharmaceutical Executive

ADVERTISEMENT

Dangerous Liaisons: Terrorism and Pharma


Pharmaceutical Executive


Pharma's HR department: A potential gap in corporate security

The 2001 "Amerithrax" anthrax letter attack uncovered gaps in Defense Department screening of scientists with access to dangerous substances, and management's inadequate monitoring of changes in employee personality due to potential triggers.

The anthrax-containing letters sent to the Senate were traced to lone-wolf defense scientist Bruce Ivins at the Army's Fort Detrick research labs. Ivins is believed to have begun mailing his letters because of his anger at loss of funding for a research project. So respected was Ivins that he was assigned by the Department of Defense to assist the FBI in seeking the anthrax-letter terrorist—and for months, actually sent investigators in wrong directions.

What should trouble pharma HR is that Ivins' credentials and experience would have made him a candidate for a top research position at just about any global drug company where he might have applied for employment. Ivins' managers failed to take note of personality traits that might have tipped them off that something was wrong, especially after his anthrax vaccine was placed on a development back burner. Management might have detected issues brought to the attention of the FBI by a former university colleague that he had persistently harassed for years. In fact, Ivins had performed poorly on psychiatric tests, but the results weren't followed up.

Unchecked CVs

Equally troubling to pharma HR should be the multiple mistruths in the CV of Steven Hatfill, the scientist falsely accused of being the originator of the anthrax letters. When reporters began researching Hatfill, they uncovered multiple academic degrees and honors he had never received. All these claims should have been verified before Hatfill was given access to some of the nation's most virulent organism stores.

What should not be missed by pharma HR is that someone with a profoundly falsified CV did gain access to laboratories where his incompetence could have endangered coworkers and the nation. Resumes for those with such potential access must be rigorously examined, and all claimed degrees, published papers, and experience validated.

Dangers for support staff

In February, armed thieves disguised as police broke through the perimeter fence of the Brussels airport and stole more than $50 million in gems from the cargo hold of a airliner about to take off. The security gaps that enabled such a precise theft appear to have been guided by inside information by airport personnel. Following the Brussels theft, an airline security specialist made observations about airport security that may merit considerations for possible parallels for pharmaceutical companies:

"Ground crews are largely unseen by the general public. But in much the same way as flight crews, they have intimate knowledge about their work environment. They also have unrestricted access to the exterior and interior of aircraft. Despite this access, these employees are not subject to the same security screenings as passengers and most flight crews."

The Brussels incident suggests the industry needs to consider tighter screening of all who enter their facilities, including those who clean premises—both offices and labs. Many such functions are outsourced to companies paying minimum wage, and—despite blanket assurances and signed commitments—minimally checking immigration status. Unsecured computers left logged on, passwords and codes for copying machines taped to inside desk drawers, loose documents on desks, notebooks beside experiments left running at night—all represent potential security risks.

Cyber-attacks reveal every industry's vulnerability




Until recently, an international competitor or a terrorist group wishing to obtain and capitalize on a pharma company's confidential technology would have had to recruit multiple scientists and manufacturing engineers, or insert operatives as employees capable of stealing lethal organisms or chemicals. Today, however, criminal, political, and terrorist groups might use teams of dedicated hackers to steal the same information an intruding terrorist masquerading as a scientist might try to obtain. And evidence suggests they are doing just that.

According to a 2011 report by the US financial news network Bloomberg, international hackers have already penetrated the networks of top pharma companies (Pfizer and Abbott), at least one medical device company (Boston Scientific)—and even the US FDA's Parkland, Maryland computer bank. The hackers, likely Chinese from their IP addresses, appear to have broken into the computer systems of the hotel Internet services provider iBahn, used by traveling executives around the world. In addition to being able to view both unencrypted and encrypted e-mails, security authorities believe the iBahn hackers may have inserted malware to the laptops of those executives, enabling them to capture passwords typed by the executives.


ADVERTISEMENT

blog comments powered by Disqus

Source: Pharmaceutical Executive,
Click here