Cyberbiosecurity: From Naive Trust to Risk Awareness

January 31, 2018 ladam Policy, References 0

Trust within the biotechnology community creates vulnerabilities at the interface between cyberspace and biology

Jean Peccoud, Jenna E. Gallegos, Randall Murch, Wallace G. Buchholz, Sanjay Raman,
Cyberbiosecurity: From Naive Trust to Risk Awareness,
Trends in Biotechnology,
Volume 36, Issue 1,
2018,
Pages 4-7,
ISSN 0167-7799,
https://doi.org/10.1016/j.tibtech.2017.10.012.

Definitions

Biosafety policies are designed to prevent unintentional exposure to pathogens or accidental release of biological agents from laboratories into the environment. Protective clothing, sterilization procedures, and airlocks are all examples of biosafety measures. Biosecurity policies, however, are generally associated with travel, supply chains, terrorist activities, and defense. These policies are designed to protect against the spread of agents that threaten health, food supplies, and other assets. Breaches of biosecurity can be accidental (such as a traveler bringing contaminated material from overseas) or intentional (bioterrorism).

[…] Cyberbiosecurity aims at understanding the new risks emerging at the frontier between cyberspace and biology in order to develop policies to manage them.

Concept of naive trust

It is not uncommon for scientists to share data and samples without taking any precautions to ensure the intended use is benign or the shared material is as expected. Consider the following scenario. After reading an article in a high-impact journal, a faculty member contacts the author to request the plasmids described. The plasmids arrive in the mail, and a student immediately starts measuring the expression of the genes encoded on the plasmid. After 6 months of unsuccessful attempts to reproduce the published data, they decide to sequence the plasmids. They observe major discrepancies that explain the failure of their experiments. These plasmids came from a reputable laboratory and the data had been scrutinized by a rigorous peerreview process. Yet, the integrity of the relationship between the biological samples and the data describing these physical samples (the published sequences) was somehow compromised, resulting in a financial loss corresponding to 6 months of effort by a graduate student. This loss could have been prevented by spending US$100 to sequence the plasmids and waiting a few days before using them. This all too common scenario exemplifies shortcomings in the life sciences community’s tendency to naively trust that physical sequences match the digital sequences theoretically associated with them.

[…]

Instead of getting a benignly faulty plasmid, for example, the recipient might have received a sample containing a gene designed to produce a harmful product

Recommendations

* training programs to make employees aware of cyber–biological risks should be developed.

* organization performs a systematic analysis of its exposure to cyberbiosecurity risks not covered by existing biosafety and biosecurity policies

* develop new policies aimed at preventing and detecting security incidents that may compromise life sciences assets.