What is Cyberbiosecurity?

According to Randall Murch, cyberbiosecurity involves the understanding, protection, mitigation, investigation, and attribution of unwanted surveillance, intrusions, and malicious and harmful activities which can occur within or at the interfaces of comingled life and medical sciences, that affect security, competitiveness, and resilience. Areas of concern include the privacy of patient data, the security of public health databases, the integrity of diagnostic test data, the integrity of public biological databases, the security implications of automated laboratory systems, disease surveillance and outbreak management data, and the security of proprietary biological engineering advances.

Biological information is measured, monitored, altered, and converted to digital information. Digital information can be used to manipulate biological systems. Cybersecurity is always important when digital information is propagated and stored through networks of connected electronic devices. Biosecurity refers to the threat to humans, living organisms and the environment, as the result of the exposures to biological agents, such as pathogens, that occur naturally or intentionally. Securing the information flow in systems, and providing cyberbiosecurity training to persons having authorized access, is critical for public health, economic security, and national security for every country.

Pathogen detection, identification, and tracking is shifting to methods relying on whole genomes. We increasingly rely on genome databases, and these databases are increasingly becoming the targets for cyberattacks from state sponsored but independent groups and the organized crime. The protection of the privacy of individuals, growers, and retailers is another major cyberbiosecurity challenge, as we need to collect pathogen genomic data from infected individuals or agricultural and food products during disease outbreaks to improve disease modeling and forecast.

The fact that genome databases are most utilized by the research community increases the risks, as the research community is not always following cybersecurity standards and best practices. The culture of trust and the willingness to share without considering information security rules is becoming a major vulnerability.

The access to pathogen sequences will lead to malicious use. Many genomes of animal and plant pathogens are accessible to all users of pathogen genome databases. We even had recommendations that open access to pathogen genomes should be promoted (Committee on Genomics Databases for Bioterrorism Threat Agents, 2004). The reduced cost of synthetic DNA technology and the advancement in synthetic biology reversed this approach, but many databases are still not properly secured.

Most security measures are designed to protect from external attacks. Insiders pose substantial threats, as they already have authorized access to critical systems. Insiders include employees of the organization, employees of trusted business partners, suppliers and service providers.

The threats posed by insiders can be unintentional or intentional, both of which should be accounted for in cyberbiosecurity assessments and training programs. Unintentional incidents include phishing or social engineering attacks from outside parties. They can be the results of negligence or misjudgement, and cyberbiosecurity training can dramatically reduce them. Intentional incidents include insiders that commit fraud for financial gain, or seek to sabotage the organization. It can be the result of bribery or blackmail from foreign governments, competing organizations, or the organized crime. Employees must be trained to recognize the modus operandi of such persons.

We can understand better the risks for our societies and the opportunities for many adversaries, from the UN Secretary-General's remarks to the Security Council on the COVID-19 Pandemic (09 April 2020). Antonio Guterres said:

"But the pandemic also poses a significant threat to the maintenance of international peace and security -- potentially leading to an increase in social unrest and violence that would greatly undermine our ability to fight the disease.

My concerns are many and widespread, but let me identify eight risks that are particularly pressing:

First, the COVID-19 pandemic threatens to further erode trust in public institutions, particularly if citizens perceive that their authorities mishandled the response or are not transparent on the scope of the crisis.

Second, the economic fallout of this crisis could create major stressors, particularly in fragile societies, less developed countries, and those in transition. Economic instability will have particularly devastating impacts for women, who make up the vast majority of those sectors worst affected. The large numbers of female-headed households in conflict-settings are especially vulnerable to economic shocks.

Third, the postponement of elections or referenda, or the decision to proceed with a vote – even with mitigation measures – can create political tensions and undermine legitimacy. Such decisions are best made following broad consultation aimed at consensus. This is not a time for political opportunism.

Fourth, in some conflict settings, the uncertainty created by the pandemic may create incentives for some actors to promote further division and turmoil. This could lead to an escalation of violence and possibly devastating miscalculations, which could further entrench ongoing wars and complicate efforts to fight the pandemic.

Fifth, the threat of terrorism remains alive. Terrorist groups may see a window of opportunity to strike while the attention of most governments is turned towards the pandemic. The situation in the Sahel, where people face the double scourge of the virus and escalating terrorism, is of particular concern.

Sixth, the weaknesses and lack of preparedness exposed by this pandemic provide a window onto how a bioterrorist attack might unfold – and may increase its risks. Non-state groups could gain access to virulent strains that could pose similar devastation to societies around the globe.

Seventh, the crisis has hindered international, regional and national conflict resolution efforts, exactly when they are needed most.

Many peace processes have stalled as the world responds to COVID-19.

Our good offices and mediation engagements have felt the impact.

Restrictions on movement may continue to affect the work of various confidence-based mechanisms, as well as our ability to engage in crisis diplomacy to de-escalate potential conflicts.

Eighth, the pandemic is triggering or exacerbating various human rights challenges.

We are seeing stigma, hate speech, and white supremacists and other extremists seeking to exploit the situation. We are witnessing discrimination in accessing health services. Refugees and internally displaced persons are particularly vulnerable. And there are growing manifestations of authoritarianism, including limits on the media, civic space and freedom of expression."

You may also visit Biosteganography

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com

Web: https://www.cyber-risk-gmbh.com

We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.

Understanding Cybersecurity in the European Union.

1. The NIS 2 Directive

2. The European Cyber Resilience Act

3. The Digital Operational Resilience Act (DORA)

4. The Critical Entities Resilience Directive (CER)

5. The Digital Services Act (DSA)

6. The Digital Markets Act (DMA)

7. The European Health Data Space (EHDS)

8. The European Chips Act

9. The European Data Act

10. European Data Governance Act (DGA)

11. The Artificial Intelligence Act

12. The European ePrivacy Regulation

13. The European Cyber Defence Policy

14. The Strategic Compass of the European Union

15. The EU Cyber Diplomacy Toolbox