RESUMEN

Tools and methods of precision medicine are developing rapidly, through both iterative discoveries enabled by innovations in biomedical research (e.g., genome editing, synthetic biology, bioengineered devices). These are strengthened by advancements in information technology and the increasing body of data-as assimilated, analyzed, and made accessible-and affectable-through current and emerging cyber-and systems- technologies. Taken together, these approaches afford ever greater volume and availability of individual and collective human data. Machine learning and/or artificial intelligence approaches are broadening this dual use risk; and in the aftermath of COVID-19, there is growing incentive and impetus to gather more biological data from individuals and their environments on a routine basis. By engaging these data-and the interventions that are based upon them, precision medicine offer promise of highly individualized treatments for disease and injury, optimization of structure and function, and concomitantly, the potential for (mis) using data to incur harm. This double-edged blade of benefit and risk obligates the need to safeguard human data from purloinment, through systems, guidelines and policies of a novel discipline, cyberbiosecurity, which, as coupled to ethical precepts, aims to protect human privacy, agency, and safety in ways that remain apace with scientific and technological advances in biomedicine. Herein, current capabilities and trajectories precision medicine are described as relevant to their dual use potential, and approaches to biodata security (viz.- cyberbiosecurity) are proposed and discussed.

RESUMEN

In a bioeconomy that relies on synthetic DNA sequences, the ability to ensure their authenticity is critical. DNA watermarks can encode identifying data in short sequences and can be combined with error correction and encryption protocols to ensure that sequences are robust to errors and securely communicated. New digital signature techniques allow for public verification that a sequence has not been modified and can contain sufficient information for synthetic DNA to be self-documenting. In translating these techniques from bacteria to more complex genetically modified organisms (GMOs), special considerations must be made to allow for public verification of these products. We argue that these approaches should be widely implemented to assert authorship, increase the traceability, and detect the unauthorized use of synthetic DNA.

Asunto(s)

RESUMEN

High-containment laboratories (HCLs) conduct critical research on infectious diseases, provide diagnostic services, and produce vaccines for the world's most dangerous pathogens, often called high-consequence pathogens (HCPs). The modernization of HCLs has led to an increasingly cyber-connected laboratory infrastructure. The unique cyberphysical elements of these laboratories and the critical data they generate pose cybersecurity concerns specific to these laboratories. Cyberbiosecurity, the discipline devoted to the study of cybersecurity risks in conjunction with biological risks, is a relatively new field for which few approaches have been developed to identify, assess, and mitigate cyber risks in biological research and diagnostic environments. This study provides a novel approach for cybersecurity risk assessment and identification of risk mitigation measures by applying an asset-impact analysis to the unique environment of HCLs. First, we identified the common cyber and cyberphysical systems in HCLs, summarizing the typical cyber-workflow. We then analyzed the potential adverse outcomes arising from a compromise of these cyber and cyberphysical systems, broadly categorizing potential consequences as relevant to scientific advancement, public health, worker safety, security, and the financial wellbeing of these laboratories. Finally, we discussed potential risk mitigation strategies, leaning heavily on the cybersecurity materials produced by the Center for Internet Security (CIS), including the CIS Controls®, that can serve as a guide for HCL operators to begin the process of implementing risk mitigation measures to reduce their cyberbiorisk and considering the integration of cyber risk management into existing biorisk management practices. This paper provides a discussion to raise awareness among laboratory decision-makers of these critical risks to safety and security within HCLs. Furthermore, this paper can serve as a guide for evaluating cyberbiorisks specific to a laboratory by identifying cyber-connected assets and the impacts associated with a compromise of those assets.

RESUMEN

Cyberbiosecurity is an emerging field that relates to the intersection of cybersecurity and the clinical and research practice in the biosciences. Beyond the concerns that usually arise in the areas of genomics, this paper highlights ethical concerns raised by cyberbiosecurity in clinical neuroscience. These concerns relate not only to the privacy of the data collected by imaging devices, but also the concern that patients using various stimulatory devices can be harmed by a hacker who either obfuscates the outputs or who interferes with the stimulatory process. The paper offers some suggestions as to how to rectify these increasingly dire concerns.

Asunto(s)

RESUMEN

Agriculture has adopted the use of smart technology to help meet growing food demands. This increased automation and associated connectivity increases the risk of farms being targeted by cyber-attacks. Increasing frequency of cybersecurity breaches in many industries illustrates the need for securing our food supply chain. The uniqueness of biological data, the complexity of integration across the food and agricultural system, and the importance of this system to the U.S. bioeconomy and public welfare suggests an urgency as well as unique challenges that are not common across all industries. To identify and address the gaps in awareness and knowledge as well as encourage collaborations, Virginia Tech hosted a virtual workshop consisting of professionals from agriculture, cybersecurity, government, and academia. During the workshop, thought leaders and influencers discussed 1) common food and agricultural system challenges, scenarios, outcomes and risks to various sectors of the system; 2) cyberbiosecurity strategies for the system, gaps in workforce and training, and research and policy needs. The meeting sessions were transcribed and analyzed using qualitative methodology. The most common themes that emerged were challenges, solutions, viewpoints, common vocabulary. From the results of the analysis, it is evident that none of the participating groups had available cybersecurity training and resources. Participants were uncertain about future pathways for training, implementation, and outreach related to cyberbiosecurity. Recommendations include creating training and education, continued interdisciplinary collaboration, and recruiting government involvement to speed up better security practices related to cyberbiosecurity.

RESUMEN

DNA technology is rapidly moving towards digitization. Scientists use software tools and applications for sequencing, synthesizing, analyzing and sharing of DNA and genomic data, operate lab equipment and store genetic information in shared datastores. Using cutting-edge computing methods and techniques, researchers have decoded human genome, created organisms with new capabilities, automated drug development and transformed food safety. Such software applications are typically developed to progress scientific understanding and as such cyber security is never a concern for these applications. However, with the increasing commercialisation of DNA technologies, coupled with the sensitivity of DNA data, there is a need to adopt a security-by-design approach. In this paper we investigate bio-cyber security threats to genomic-DNA data and software applications making use of such data to advance scientific research. Specifically, we adopt an empirical approach to analyse and identify vulnerabilities within genomic-DNA databases and bioinformatics software applications that can lead to cyber-attacks affecting the confidentiality, integrity and availability of such sensitive data. We present a detailed analysis of these threats and highlight potential protection mechanisms to help researchers pursue these research directions.

Asunto(s)

RESUMEN

As the entire world is under the grip of the coronavirus disease 2019 (COVID-19), and as many are eagerly trying to explain the origins of the virus and cause of the pandemic, it is imperative to place more attention on related potential biosafety risks. Biology and biotechnology have changed dramatically during the last ten years or so. Their reliance on digitization, automation, and their cyber-overlaps have created new vulnerabilities for unintended consequences and potentials for intended exploitation that are mostly under-appreciated. This study summarizes and elaborates on these new cyberbiosecurity challenges, (1) in terms of comprehending the evolving threat landscape and determining new risk potentials, (2) in developing adequate safeguarding measures, their validation and implementation, and (3) specific critical risks and consequences, many of them unique to the life-sciences. Drawing other's expertise and my previous work, this article reviews and critically interprets our current bio-economy situation. The goal is not to attribute causative aspects of past biosafety or biosecurity events, but to highlight the fact that the bioeconomy harbors unique features that have to be more critically assessed for their potential to unintentionally cause harm to human health or environment, or to be re-tasked with an intention to cause harm. It is concluded with recommendations that will need to be considered to help ensure converging and emerging biorisk challenges, in order to minimize vulnerabilities to the life-science enterprise, public health, and national security.

RESUMEN

Genetic information is being generated at an increasingly rapid pace, offering advances in science and medicine that are paralleled only by the threats and risk present within the responsible systems. Human genetic information is identifiable and contains sensitive information, but genetic information security is only recently gaining attention. Genetic data is generated in an evolving and distributed cyber-physical system, with multiple subsystems that handle information and multiple partners that rely and influence the whole ecosystem. This paper characterizes a general genetic information system from the point of biological material collection through long-term data sharing, storage and application in the security context. While all biotechnology stakeholders and ecosystems are valuable assets to the bioeconomy, genetic information systems are particularly vulnerable with great potential for harm and misuse. The security of post-analysis phases of data dissemination and storage have been focused on by others, but the security of wet and dry laboratories is also challenging due to distributed devices and systems that are not designed nor implemented with security in mind. Consequently, industry standards and best operational practices threaten the security of genetic information systems. Extensive development of laboratory security will be required to realize the potential of this emerging field while protecting the bioeconomy and all of its stakeholders.

RESUMEN

Synthetic biology has the potential to positively transform society in many application areas, including medicine. In common with all revolutionary new technologies, synthetic biology can also enable crime. Like cybercrime, that emerged following the advent of the internet, biocrime can have a significant effect on society, but may also impact on peoples' health. For example, the scale of harm caused by the SARS-CoV-2 pandemic illustrates the potential impact of future biocrime and highlights the need for prevention strategies. Systematic evidence quantifying the crime opportunities posed by synthetic biology has to date been very limited. Here, we systematically reviewed forms of crime that could be facilitated by synthetic biology with a view to informing their prevention. A total of 794 articles from four databases were extracted and a three-step screening phase resulted in 15 studies that met our threshold criterion for thematic synthesis. Within those studies, 13 exploits were identified. Of these, 46% were dependent on technologies characteristic of synthetic biology. Eight potential crime types emerged from the studies: bio-discrimination, cyber-biocrime, bio-malware, biohacking, at-home drug manufacturing, illegal gene editing, genetic blackmail, and neuro-hacking. 14 offender types were identified. For the most commonly identified offenders (>3 mentions) 40% were outsider threats. These observations suggest that synthetic biology presents substantial new offending opportunities. Moreover, that more effective engagement, such as ethical hacking, is needed now to prevent a crime harvest from developing in the future. A framework to address the synthetic biology crime landscape is proposed.

RESUMEN

Technological innovation has become an integral and inescapable aspect of our daily existence as almost everything of significance in our world now has a cyber (i.e., relating to, or involving computers, computer networks, information technology, and virtual reality) component associated with it. Every facet of our lives is now touched by technology. As such, we're experiencing a digital transformation. Unfortunately, both as individuals and as a society, we're inadequately prepared to embrace the myriad of vulnerabilities presented by cybertechnologies. Unintended cyber vulnerabilities present significant risks to individuals, organizations, governments and economies. Here, we identify current cybersecurity vulnerabilities found in the life science enterprise and discuss the many ways in which these vulnerabilities present risk to laboratory workers in these facilities, the surrounding community and the environment. We also consider the cyberbiosecurity benefits associated with numerous innovations likely to be present in the laboratory of the future. The challenges associated with cyberbiosecurity vulnerabilities are not insurmountable; they simply require thoughtful consideration by equipment designers, software and control systems developers, and by end users. Organizations and the individuals that comprise them must respect, value, and protect their data. End users must train themselves to look at every piece of laboratory equipment and every process from a cyberbiosecurity perspective. With this approach, cyberbiosecurity vulnerabilities can be minimized or eliminated to the benefit of workers, life science organizations, and national security.

RESUMEN

This study investigates the role and functionality of special nucleotide sequences ("DNA signatures") to detect the presence of an organism and to distinguish it from all others. After highlighting vulnerabilities of the prevalent DNA signature paradigm for the identification of agricultural genetically modified (GM) organisms it will be argued that these so-called signatures really are no signatures at all - when compared to the notion of traditional (handwritten) signatures and their generalizations in the modern (digital) world. It is suggested that a recent contamination event of an unauthorized GM Bacillus subtilis strain (Paracchini et al., 2017) in Europe could have been-or the same way could be - the consequence of exploiting gaps of prevailing DNA signatures. Moreover, a recent study (Mueller, 2019) proposes that such DNA signatures may intentionally be exploited to support the counterfeiting or even weaponization of GM organisms (GMOs). These concerns mandate a re-conceptualization of how DNA signatures need to be realized. After identifying central issues of the new vulnerabilities and overlying them with practical challenges that bio-cyber hackers would be facing, recommendations are made how DNA signatures may be enhanced. To overcome the core problem of signature transferability in bioengineered mediums, it is necessary that the identifier needs to remain secret during the entire verification process. On the other hand, however, the goal of DNA signatures is to enable public verifiability, leading to a paradoxical dilemma. It is shown that this can be addressed with ideas that underlie special cryptographic signatures, in particular those of "zero-knowledge" and "invisibility." This means more than mere signature hiding, but relies on a knowledge-based proof and differentiation of a secret (here, as assigned to specific clones) which can be realized without explicit demonstration of that secret. A re-conceptualization of these principles can be used in form of a combined (digital and physical) method to establish confidentiality and prevent un-impersonation of the manufacturer. As a result, this helps mitigate the circulation of possibly hazardous GMO counterfeits and also addresses the situation whereby attackers try to blame producers for deliberately implanting illicit adulterations hidden within authorized GMOs.

RESUMEN

Cyberbiosecurity lies at the intersection of cybersecurity and biosecurity and addresses the protection of valuable biological material and associated information. As an emerging concept, cyberbiosecurity requires the integration of training strategies targeted to both current and future professionals; as well as an increased awareness in the wider stakeholder community. As the discrete discipline of cyberbiosecurity continues to develop, initial training efforts are likely to include workshops and specialized training that bridge the disciplines of information technology (IT) and life sciences. Potential threats, risks, and vulnerabilities will be defined, cooperative relationships formed, and collaborative solutions developed. As the scope of the training framework for assessing potential threats is adapted to various audiences, in-service trainings will ensure awareness and understanding of threats relevant to specific industries. This framework may also be incorporated into existing curricula across IT and science fields. The scope of potential threats is vast, and eventual specialization will likely fall within the realm of IT professionals, who carry the capability for action. In this paper, we identify stakeholders in the development of cyberbiosecurity training; discuss current training methods, educational requirements, and credentialing for professionals in cybersecurity, biosecurity, and life sciences; suggest mechanisms for integration of cyberbiosecurity training into existing training approaches; and discuss potential for future development of specialized professionals.

RESUMEN

The expanding digitization of the biological sciences places greater value on the data generated, information extrapolated and knowledge gained. Failing to protect data will affect a company or country's ability to position itself optimally in the forthcoming fourth industrial revolution. Further, more reliance on automation, distribution, and outsourcing in biotechnology makes its infrastructure a target. The equipment and service providers that drive physical research and development are also all connected online. Failing to protect these resources from intrusion increases the risk of accidental or deliberate harm, for example by the loss of control over biological products. Robust cybersecurity measures are therefore critical for both securing the data generated by the biotechnology sector as well as securing key infrastructure. Cyber-biosecurity is emerging multidisciplinary field that combines cybersecurity, biosecurity, and cyber-physical security as relates to biological systems (Murch et al., 2018). To better identify the perceived risks at the interface between cybersecurity and biosecurity, Biosecure conducted a pilot study that surveyed the opinions of a discrete set of international field leaders in biotechnology and cybersecurity. The survey was carried out online from October-November 2017. Key findings of the survey showed that cyber-biosecurity risks were considered to be difficult to characterize due to variations in types of threats, targets and potential impacts, and compounded by a notable variation between the level of sophistication or maturity of mitigation and response measures. Further research is therefore necessary bringing together the different communities focusing on these issues to develop a common language, better define the threats and discuss potential ways forward in addressing risks.

RESUMEN

Pathogen detection, identification, and tracking is shifting from non-molecular methods, DNA fingerprinting methods, and single gene methods to methods relying on whole genomes. Viral Ebola and influenza genome data are being used for real-time tracking, while food-borne bacterial pathogen outbreaks and hospital outbreaks are investigated using whole genomes in the UK, Canada, the USA and the other countries. Also, plant pathogen genomes are starting to be used to investigate plant disease epidemics such as the wheat blast outbreak in Bangladesh. While these genome-based approaches provide never-seen advantages over all previous approaches with regard to public health and biosecurity, they also come with new vulnerabilities and risks with regard to cybersecurity. The more we rely on genome databases, the more likely these databases will become targets for cyber-attacks to interfere with public health and biosecurity systems by compromising their integrity, taking them hostage, or manipulating the data they contain. Also, while there is the potential to collect pathogen genomic data from infected individuals or agricultural and food products during disease outbreaks to improve disease modeling and forecast, how to protect the privacy of individuals, growers, and retailers is another major cyberbiosecurity challenge. As data become linkable to other data sources, individuals and groups become identifiable and potential malicious activities targeting those identified become feasible. Here, we define a number of potential cybersecurity weaknesses in today's pathogen genome databases to raise awareness, and we provide potential solutions to strengthen cyberbiosecurity during the development of the next generation of pathogen genome databases.

RESUMEN

The life sciences now interface broadly with information technology (IT) and cybersecurity. This convergence is a key driver in the explosion of biotechnology research and its industrial applications in health care, agriculture, manufacturing, automation, artificial intelligence, and synthetic biology. As the information and handling mechanisms for biological materials have become increasingly digitized, many market sectors are now vulnerable to threats at the digital interface. This growing landscape will be addressed by cyberbiosecurity, the emerging field at the convergence of both the life sciences and IT disciplines. This manuscript summarizes the current cyberbiosecurity landscape, identifies existing vulnerabilities, and calls for formalized collaboration across a swath of disciplines to develop frameworks for early response systems to anticipate, identify, and mitigate threats in this emerging domain.

RESUMEN

Cyberbiosecurity is an emerging discipline that addresses the unique vulnerabilities and threats that occur at the intersection of cyberspace and biotechnology. Advances in technology and manufacturing are increasing the relevance of cyberbiosecurity to the biopharmaceutical manufacturing community in the United States. Threats may be associated with the biopharmaceutical product itself or with the digital thread of manufacturing of biopharmaceuticals, including those that relate to supply chain and cyberphysical systems. Here, we offer an initial examination of these cyberbiosecurity threats as they stand today, as well as introductory steps toward paths for mitigation of cyberbiosecurity risk for a safer, more secure future.

RESUMEN

The DNA synthesis industry has, since the invention of gene-length synthesis, worked proactively to ensure synthesis is carried out securely and safely. Informed by guidance from the U.S. government, several of these companies have collaborated over the last decade to produce a set of best practices for customer and sequence screening prior to manufacture. Taken together, these practices ensure that synthetic DNA is used to advance research that is designed and intended for public benefit. With increasing scale in the industry and expanding capability in the synthetic biology toolset, it is worth revisiting current practices to evaluate additional measures to ensure the continued safety and wide availability of DNA synthesis. Here we encourage specific steps, in part derived from successes in the cybersecurity community, that can ensure synthesis screening systems stay well ahead of emerging challenges, to continue to enable responsible research advances. Gene synthesis companies, science and technology funders, policymakers, and the scientific community as a whole have a shared duty to continue to minimize risk and maximize the safety and security of DNA synthesis to further power world-changing developments in advanced biological manufacturing, agriculture, drug development, healthcare, and energy.

RESUMEN

Progress in modern biology is being driven, in part, by the large amounts of freely available data in public resources such as the International Nucleotide Sequence Database Collaboration (INSDC), the world's primary database of biological sequence (and related) information. INSDC and similar databases have dramatically increased the pace of fundamental biological discovery and enabled a host of innovative therapeutic, diagnostic, and forensic applications. However, as high-value, openly shared resources with a high degree of assumed trust, these repositories share compelling similarities to the early days of the Internet. Consequently, as public biological databases continue to increase in size and importance, we expect that they will face the same threats as undefended cyberspace. There is a unique opportunity, before a significant breach and loss of trust occurs, to ensure they evolve with quality and security as a design philosophy rather than costly "retrofitted" mitigations. This Perspective surveys some potential quality assurance and security weaknesses in existing open genomic and proteomic repositories, describes methods to mitigate the likelihood of both intentional and unintentional errors, and offers recommendations for risk mitigation based on lessons learned from cybersecurity.

RESUMEN

The convergence of advances in biotechnology with laboratory automation, access to data, and computational biology has democratized biotechnology and accelerated the development of new therapeutics. However, increased access to biotechnology in the digital age has also introduced additional security concerns and ultimately, spawned the new discipline of cyberbiosecurity, which encompasses cybersecurity, cyber-physical security, and biosecurity considerations. With the emergence of this new discipline comes the need for a logical, repeatable, and shared approach for evaluating facility and system vulnerabilities to cyberbiosecurity threats. In this paper, we outline the foundation of an assessment framework for cyberbiosecurity, accounting for both security and resilience factors in the physical and cyber domains. This is a unique problem set, but despite the complexity of the cyberbiosecurity field in terms of operations and governance, previous experience developing and implementing physical and cyber assessments applicable to a wide spectrum of critical infrastructure sectors provides a validated point of departure for a cyberbiosecurity assessment framework. This approach proposes to integrate existing capabilities and proven methodologies from the infrastructure assessment realm (e.g., decision science, physical security, infrastructure resilience, cybersecurity) with new expertise and requirements in the cyberbiosecurity space (e.g., biotechnology, biomanufacturing, genomics) in order to forge a flexible and defensible approach to identifying and mitigating vulnerabilities. Determining where vulnerabilities reside within cyberbiosecurity business processes can help public and private sector partners create an assessment framework to identify mitigation options for consideration that are both economically and practically viable and ultimately, allow them to manage risk more effectively.