Cyber-Biosecurity: Are we ready?

Bertrand Russell once said, ‘War doesn’t determine who is right−only who is left”, thus ‘we need to update, upgrade and be prepared for our own survival’. These words sound more relevant in the contemporary phase in the wake of fast changing global scenario and emerging inevitability for updating virtually by spilled of seconds.

Amalgamation of biotechnological and information technology advancement in the 21st century has altered our world at the fundamental level which is evident in the area of health, manufacturing, and food security. Humankind has also witnessed malicious bugs like Y2K and Wanna cry in biological and cyber field respectively. We have reached new landmarks on our understanding of how biological systems work and also discovered ways to meaningfully manipulate these systems as per our advantage/ requirement. Biotech tools, such as gene drives, can deliberately engineer inheritable genetic traits into wild populations, offering a powerful new way to escape from certain vector-borne diseases.

Gene editing tools such as CRISPR-CAS9 (Clustered Regularly Interspaced Short Palindromic Repeats associated protein-9 nuclease) are being used globally for quick and precise gene editing. Researchers like to use computers to analyze DNA, operate lab machines and store genetic information. In the health sector, the digitization of biology & metabolic engineering accelerated the development of new vaccines, drugs, and painkillers. Agriculture is becoming smarter/digitized, with farmers relying on data-driven decision acquired through sensors planted in the ground, satellites guiding tractor movements and other new practices. But these emerging capabilities come with a whole new category of vulnerabilities and risks.

Also Read: IIT Kanpur Braces Up to Prevent Cyber Attacks

IIT-kanpur-cyber-security

Over the last five years “technological barriers to acquire and use biological weapon has been significantly eroded.” The security impact of biotech advances goes beyond bioweapon. For example, developments in metabolic pathway engineering also offer opportunities to produce illegal drugs such as heroin. Scientists have already identified how to make the active compounds in other narcotics, such as for cannabis and precursors of LSD. What if a terrorist group or a despotic regime tries to spread modified organisms aimed at striking troops, frightening civilians, or putting food production in disarray? The failed attempt of Japanese cult to obtain Ebola strains from South Africa is one such indicator.

Recently Jean and coworkers (2018) highlighted the risks of using gene sequencing technologies to corrupt the databases by altering sequences or annotations. In this article, computer scientists designed a DNA sample that when sequenced, resulted in a data file which enabled the hacker to control the sequencing computer remotely and gave access to the hacker to make changes in DNA sequences. These alterations could delay a research program causing capital, labor loss or can be used in act of terrorism for uncontrolled production of toxins or infectious agents. To mitigate these risks, the culture of the life sciences community needs to shift from trusting blindly to a highly aware and trained community. This also requires intricate relationships between the computational and experimental dimensions of product development workflows.

The diverse nature of pathogens and toxins with their potential to be used as a biowarfare agent (BW) could be attributed to multiple factors. These include infectivity (the number of organisms required to cause disease), virulence (the severity of the disease caused), transmissibility (ease of spreading from person to person), and incubation period (the time from exposure of a biological agent to the onset of illness). All these attributes are manageable by modern biotechnology and information related to such experimentation trials is key to any covert attack using these for BW.

Similarly, in the cyber world, there is a diversity of malicious codes. These include viruses (programs that replicate in target machinery); worms (self-sustaining programs) and carriers such as a trojan horse to perform a legitimate function with malicious activity. Additionally, Botnets, or networks of computers infected with malicious code, can be coordinated to perform distributed denial of service attacks. For biological weapons, delivery vehicles range from advanced aerial spray technology to contamination of food products or water, while malicious code in cyberspace can be delivered by usage portals, email, web browsers, chat clients, web-enabled applications, and updates. The cyber threat has expanded dramatically in recent years with a series of damage. Terrorists are using cyber capabilities over traditional methods to target 104 countries including India.

Also Read: Time To Take Some Intelligent Decisions

intelligent-desicions

Governments and security experts have singled out the life sciences sector as being significantly vulnerable to cybercrime. In cybersecurity terms, innovation is fast 50 Volume 3 | Issue 3 | July-September 2018 becoming a double-edged sword for life sciences clients. Recently FireEye disclosed the threat posed by two Advance Persistent Threat (APT) groups which gained access to the environment of a leading pharmaceutical company for up to three years prior to detection. They stole IP and business data from the victim, information on bio cultures, products, cost reports, and other details pertaining to the company’s operations abroad. There is nothing more important to a pharmaceutical organization than the formula for one of its new drugs.

For cyber biosecurity, employee training should be given priority. It can greatly increase an organization’s general awareness of these new risks. Similar to biosafety training, cybersecurity training modules and policies should be introduced. Secondly, organizations should perform a thorough analysis of its exposure to cyber biosecurity risks not covered by existing biosafety and biosecurity policies.

Training exercises based on this type of analysis will encourage participants to review their workflows and identify their vulnerabilities. It is high time now to evolve a policy framework to detect and prevent security threats that may compromise life sciences assets. It includes guidelines on synthetic DNA targeted companies that provide DNA synthesis services to monitor research focus and relates features.

Bioinformatics software is still not hardened against attack. Encouragement of widespread adoption of standard software best security practices like input sanitization, the use of memory safe languages or bounds checking at buffers, and regular security audits is necessary. Patching still remains challenging as the analysis software are often located in individually managed repositories and not regularly updated. One solution is to use a centralized repository to manage updates and deliver patches, similar to the APT package manager.

These could also be signed to ensure their authenticity. In the case of file sharing, the sequencing files themselves could be signed by verified research groups before uploading them to centralized databases. This is just the glimpse of the long list of strategies that need immediate deployment, continuous review, and improvement with time.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: