David Moreno | Dreamstime.com
Dreamstime M 179161962 5eaaff7960286

Changing Requirements and Security Concerns During COVID-19

April 30, 2020
Successfully pivoting and working remote mean understanding and addressing qualifications and security concerns.

Operating within this temporary new norm isn't easy for anyone. And, numerous considerations exist for manufacturers keeping the lights on during today’s new norm. This is true whether the business is pivoting to help address urgent needs resulting from the ongoing pandemic or actively leveraging a mix of on-premise and remote technologies to effectively operate.

While digital technology has proven empowering as increasingly more manufacturers leverage remote technology, navigating the new broader threat landscape is rightfully a viable concern. And, as a result, manufacturers need to plan and properly secure devices that are fast becoming more complex machines with complex functions, explains Ellen Boehm, senior director of IoT product management at Keyfactor.

“Any new connected device expands IoT attack vectors; cyber-attackers are exploiting the global crisis, and hardening device security is critical. In the case of connected medical devices, security risks can be life impacting,” says Boehm. “The pandemic is changing the way we work today, but it will also shift the industry moving forward. Manufacturers must pivot their capabilities and the way they design, develop and test remotely; these new processes may mean more automation on factory floors and the introduction of smart control systems that reduce human interaction. This is the reality today, and companies will have to accept it as a long-term scenario."

Andy Riley, executive director at Nuspire tells IndustryWeek, the move to broader mobile device and remote access usage during this pandemic will highlight the continued erosion of the network perimeter and focus attention on endpoint security. “Companies are sure to find gaps in their remote access and mobile device strategies through this increased attention resulting in improved configuration standards that will provide benefits well after the emergent operations period is over,” he says.

Unfortunately, unsavory characters recognize the opportunity to exploit the current environment. And, as such, COVID-19 phishing emails are everywhere. According to the latest Bitdefender research, the curve of coronavirus-themed cyber threats has not flattened, and the manufacturing vertical is one of the hardest hit.

“The global daily evolution of COVID-themed threats shows consistent effort from cybercriminals and a continued interest in exploiting fear and misinformation about the global pandemic to get victims to click on malicious links, open malicious attachments, or even download and install malware,” report authors write. “Coronavirus-themed threats will likely continue under the form of spear phishing emails, fraudulent URLs and event malicious applications, all exploiting fear and misinformation in order to trick victims into unwillingly giving away personal, sensitive or financial information.”

Pivoting to medical?

Other considerations exist for those manufacturers now entrenched in creating medical grade devices or personal protection equipment. After all, equipping a non-medical factory to manufacture medical devices is a serious undertaking, according to Deborah Jennings-Conner, Director of Global Life & Health Sciences, Regulatory & Testing Assurance at UL. 

“The FDA governs this through the Quality System Regulation QSR CFR 21 part 820 which is a framework of basic requirements for manufacturers to follow.  Having a sound quality management system (QMS) is key to ensure that the products produced which enter the US market are safe and effective medical devices as cleared by the FDA,” says Jennings-Conner.  “Personnel should be adequately trained on device defects that could occur from improper job performance. Design controls are one of the major causes of device recalls and the manufacturer must ensure the device design is correctly translated into production specifications and produced according to plan.  Design changes pertaining to the product, components, packaging, labeling, or similar, cannot arbitrarily be changed mid-production.  Procedures covering processes from purchasing to production, to dealing with non-conforming products from the production line are a few examples of areas must be documented and maintained.  Under the Emergency Use Authorizations (EUAs) during the COVID-19 public health emergency, the FDA may issue guidance allowing flexibility in demonstrating full QMS compliance in order to help expand the availability of critical medical equipment and their accessories during this pandemic.”

According to Conner-Jennings, production and process controls are key areas a manufacturer must not take lightly. “Establish procedures and implement processes to ensure the product produced meets the design specifications. Substitution of components not approved by the design, making software changes that have not been validated, and allowing non-conforming finished products to be shipped, are examples of a manufacturer’s inability to produce a product that meets its predetermined design specifications and which may not be safe and effective in the field,” she says. “These critical non-conformances should not occur within a well-designed medical device manufacturing process and could lead to adverse events that are required to be reported to the FDA.”

About the Author

Peter Fretty | Technology Editor

As a highly experienced journalist, Peter Fretty regularly covers advances in manufacturing, information technology, and software. He has written thousands of feature articles, cover stories, and white papers for an assortment of trade journals, business publications, and consumer magazines.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!