Pfizer restructured its IT and OT divisions following a security mandate from the company's board of directors.

In a bid to bolster its cybersecurity defenses, pharmaceutical giant Pfizer started implementing an "industrial firewall" between enterprise IT and manufacturing Operations Technology (OT) as early as 2015. Since then, the company has continuously added segmentation measures on the production floor.

This move was part of a larger strategy, as Pfizer's IT and engineering organizations combined forces to form a comprehensive security program in 2018. This program, now fully integrated, houses an in-house Security Operations Center (SOC) staffed with both IT and OT professionals.

Segmentation in Pfizer's production environment allows for data flow between IT and OT, but limits data traffic. This approach helps prevent cyberattacks from latching onto OT environments from IT environments, a lesson learned from the NotPetya ransomware attack.

The collaboration between Pfizer's IT and OT professionals has made significant strides in the last six months. Overcoming issues with segmentation or convergence requires combining resources, a fact that was determined during a technology audit conducted in 2018. This audit aimed to identify necessary partnerships, security consultancy firms, and technologies for implementation.

According to Fortinet's 2020 State of Operational Technology and Cybersecurity Report, 53% of companies have internal network segmentation in place. However, more than three-quarters of the companies with SOCs "do not have all OT activities centrally visible" to the SOC.

The availability of real-time data is slowed when all components are "dependent on data moving from the manufacturing floor to the cloud." This dependency can pose a challenge, especially in the context of the user experience within OT, which includes industrial internet of things, data lakes, and Industry 4.0 ideals. Companies must strike a balance between big data and Industry 4.0 initiatives, and security, when addressing issues with data flows.

Nick Cappi, VP of product management and technical support at PAS, stated that segmentation makes a lot of sense. However, it's crucial to remember that the user experience within OT could be impacted by excessive air gapping.

Pfizer's board directed its manufacturing arm to improve the security of its production floor systems, focusing on OT and industrial control systems (ICS), following a ransomware attack on another pharmaceutical company. The attack on Pfizer's production environment took out their production environment, underscoring the importance of robust cybersecurity measures.

As of 2020, almost half of companies don't have a technical operations center (TOC) or a security operations center (SOC). This statistic highlights the need for more companies to follow Pfizer's lead in prioritising cybersecurity, especially in the critical area of OT and ICS.

Pfizer restructured its IT and OT divisions following a security mandate from the company's board of directors.