Title : Towards a better comprehension of present and future cyberbiosecurity vulnerabilities fostered by an interdisciplinary security approach
The cyber-physical nature of biotechnology has led to fascinating advances in the biological, medical and life sciences but has also raised concern for new risks and potentials for misuse. Just as the emergence of the internet some decades ago led to a major revolution - which, by necessity was paralleled by the field of cyber-security - we are now facing the era of cyberbiosecurity with its own security vulnerabilities.
Although the DNA synthesis industry has, since the invention of gene-length synthesis, worked proactively to ensure synthesis is carried out securely and safely, the larger life-science and bio-logical community has largely remained unaware of the many forms of vulnerabilities that arise at the cyber-physical interface of virtually all of the involved technologies, systems, and applications. The convergence of advances in biotechnology with laboratory automation, access to data, and computational biology has led to a sheer unimaginable host of risks and vulnerabilities. Cyber-security attacks and data breaches in the health care industry have reached hospital IT systems and critically impacted biomanufacturing processes. However, the concern is not `only' about data protection. Current and future threats range from the potential for weaponized bioengineered pharmaceuticals and biomedical agents, to toxic plants and food products masquerading as certified goods.
Comprehending these new dangers and determining where vulnerabilities reside, is no longer an option but of paramount and ultimate importance. Novel skills and approaches are needed to explore the unique cyberbiosecurity challenges at the nexus of cybersecurity, cyber-physical security and biosecurity as applied to biological and biomedical-based systems.
Yet, cyberbiosecurity is just emerging as a new discipline and many of the new risks and vulnerabilities are poorly understood. To complicate matters, the life-science and medical community is not trained and `wired' to anticipate or analyze intrusions, infringements, and crime. This leads to the critical challenge, how immediate and emerging risks even can be conceived and conceptualized. It is suggested that a theoretical approach that utilizes ideas underlying the development of the early internet (without the explicit protocols per se) can give a different perspective, leading to a better comprehension of previously unrecognized vulnerabilities, and also provide potentials for risk mitigation.
Presentation Learning Outcome
Historically, while the biotechnology and bioengineering community has placed considerable focus on safety issues (i.e., how might a product or service accidentally harm yourself or others), there has not been enough concern about security implications (i.e., how something could be used to intentionally harm others). Several programs and efforts, both within the United States and also internationally, have recognized the importance of developing a security mindset throughout the evolving bioengineering landscape and infrastructure. The Engineering Biology Research Council (EBRC) in the United States recently held a workshop funded by the Department of Homeland Security (DHS) and stressed the necessity of educational efforts. In addition to teaching security awareness to (young) researchers, it highlighted the potential value of asking in grant applications that, in addition to considering the safety implications of proposed work, applicants also demonstrate they have considered issues pertaining to security.
In this light, this talk introduces the potentials of ideas underlying (traditional) cyber-security principles as a tool for both education and exploration, to
• Disclaim the prevailing misconception that cybersecurity-related concerns in the bioeconomy can be dealt with using IT solutions alone;
• Help develop an increased understanding of and insights into dual-use possibilities fostered by emergent tools in biotechnology and bioengineering.
• Illustrate, when/how cyber-physical vulnerabilities could benefit from insights and lessons learned in the cybersecurity field.