Title : Towards a better comprehension of present and future Cyberbiosecurity Vulnerabilities Fostered by an Interdisciplinary Security Approach
Abstract:
The cyber-physical nature of biotechnology has led to fascinating advances in the biological, medical and life sciences but has also raised concern for new risks and potentials for misuse. Just as the emergence of the internet some decades ago led to a major revolution - which, by necessity was paralleled by the field of cyber-security - we are now facing the era of cyberbiosecurity with its own security vulnerabilities. Although the DNA synthesis industry has, since the invention of gene-length synthesis, worked proactively to ensure synthesis is carried out securely and safely, the larger life-science and bio- logical community has largely remained unaware of the many forms of vulnerabilities that arise at the cyber-physical interface of virtually all of the involved technologies, systems, and applications. The convergence of advances in biotechnology with laboratory automation, access to data, and computational biology has led to a sheer unimaginable host of risks and vulnerabilities. Cyber- security attacks and data breaches in the health care industry have reached hospital IT systems and critically impacted biomanufacturing processes. However, the concern is not `only’ about data protection. Current and future threats range from the potential for weaponized bioengineered pharmaceuticals and biomedical agents, to toxic plants and food products masquerading as certified goods. Comprehending these new dangers and determining where vulnerabilities reside, is no longer an option but of paramount and ultimate importance. Novel skills and approaches are needed to explore the unique cyberbiosecurity challenges at the nexus of cybersecurity, cyber-physical security and biosecurity as applied to biological and biomedical-based systems. Yet, cyberbiosecurity is just emerging as a new discipline and many of the new risks and vulnerabilities are poorly understood. To complicate matters, the life-science and medical community is not trained and `wired’ to anticipate or analyze intrusions, infringements, and crime. This leads to the critical challenge, how immediate and emerging risks even can be conceived and conceptualized. It is suggested that a theoretical approach that utilizes ideas underlying the development of the early internet (without the explicit protocols per se) can give a different perspective, leading to a better comprehension of previously unrecognized vulnerabilities, and also provide potentials for risk mitigation.