Cyberbiosecurity Training for the Board

Cyberbiosecurity: Navigating the No-Man’s Land at the Frontier of Technology and Biology

In modern risk landscapes, the most dangerous threats are no longer confined to a single domain. Instead, they emerge where disciplines overlap, responsibilities blur, and governance structures have not yet caught up. One of the most critical and least understood of these frontiers is cyberbiosecurity, a domain that exists at the intersection of biology, digital systems, and national security. It is, in effect, a no-man’s land: a complex, high-stakes space that is poorly mapped, under-governed, and often overlooked.

A “no-man’s land” is traditionally defined as an area that is not owned or controlled by any one party, often because it lies in contested or dangerous territory. In the context of cyberbiosecurity, this term is not a metaphor, it is an operational reality. Few organizations have cross-functional teams capable of securing the full spectrum of vulnerabilities that span from synthetic DNA design platforms to cloud-connected laboratory automation, from machine learning models used in drug discovery to the underlying IT infrastructure and export control implications. The result is a vacuum of expertise: biologists do not typically speak the language of cybersecurity, while CISOs and IT professionals are rarely trained in bioengineering or the regulatory frameworks governing biological material.

This “no-man’s land” includes a convergence of fields: life sciences, synthetic biology, biomanufacturing, robotics, laboratory instrumentation, patient-facing healthcare systems, information security, and artificial intelligence. Each is a silo in its own right, governed by separate teams, budgets, and compliance regimes. But adversaries, from cybercriminals to state-sponsored actors, do not respect these boundaries. They target the interfaces, exploiting the areas between disciplines. A single intrusion can leverage cybersecurity weaknesses to manipulate biological outputs. A compromised lab robot or firmware update could silently alter the production of a biologic drug. An AI model trained on corrupted genomic data can be manipulated to produce dangerous sequences without detection. These are not theoretical risks, they are already emerging.

For Boards of Directors, this represents a fundamental governance challenge. If the organization has no consolidated map of its bio-digital assets and protection strategies, it cannot defend them. If security reviews only cover IT systems, and not the smart centrifuges, DNA printers, or AI inference engines that drive scientific progress, the enterprise remains blind to the most insidious forms of attack.

In our training programs, we assist Boards and professionals in understanding the risks in this critical no-man’s land. Participants will understand better these hybrid risks, ask the right questions across departments, and build the oversight structures necessary to close this dangerous gap in institutional awareness and protection. Effective governance at the Board level starts not with perfect answers, but with sharper questions.

Our Briefings for the Board:

We offer custom briefings for the Board of Directors and executive management, tailored to the specific needs of each legal entity. Our briefings can be short and comprehensive, or longer, depending on the needs, the content of the program and the case studies.

Alternatively, you may choose one of our existing briefings. You can find all information below.

Delivery format of the training program

a. In-House Instructor-Led Training. This format is specifically designed and customized for individuals within a particular company or organization, including board members, executive management, risk managers, and employees. An instructor from Cyber Risk GmbH, approved by the client, will travel to the client’s chosen location to deliver the training. The content and delivery are tailored to meet the specific needs of the client, as outlined in the contract.

b. Online Live Training. This real-time, synchronous training takes place in a live virtual meeting room via platforms such as Zoom, Webex, or Microsoft Teams. Instructors from Cyber Risk GmbH, approved by the client, customize the delivery method (e.g., interactive or non-interactive) to suit the client’s needs. The instructor leads the session and addresses questions based on the client’s specific requirements and the terms of the contract.

c. Video-Recorded Training. This professional, pre-recorded training format is tailored to the client’s needs and contract specifications. Instructors from Cyber Risk GmbH, approved by the client, record the content in a professional studio. The pre-recorded material, including future updates, is licensed to the client for internal training purposes. Clients can integrate the videos into their internal learning management systems. Available programs include Orientation Video Training and Compliance Video Training.

1. No, it is not just cybersecurity. It is cyberbiosecurity, and it is about Hybrid Risk.

Overview

Let’s be clear: Cyberbiosecurity is not simply a niche extension of cybersecurity. It is about hybrid risk, a convergence of cyber and biological threats and vulnerabilities that cross institutional, disciplinary, and regulatory boundaries.

In this session, we challenge the outdated assumption that cyber risk exists in isolation. As with other forms of hybrid risk, where cyber operations are embedded in geopolitical maneuvering, economic warfare, and supply chain sabotage, cyberbiosecurity represents a strategic intersection of technological innovation and national security exposure. This is no longer a theoretical issue. The convergence of synthetic biology, AI-driven bioengineering, cloud-integrated lab systems, and connected medical platforms has created a new, unstable threat surface that is not owned by any one team and rarely governed by any one framework.

Board-level governance must evolve. Cyberbiosecurity is a no-man’s land: few organizations have the internal capability to understand, monitor, and defend the interface between biotechnology, laboratory systems, AI models, and digital infrastructure. While cyber teams secure servers and endpoints, and R&D protects IP, the vulnerabilities between them (bio-digital devices, AI-trained DNA printers, autonomous biomanufacturing, and patient-genomics systems) are often left exposed. This gap is not only technical; it is strategic and systemic.

An effective hybrid risk framework must identify the multi-domain threats that could emerge from the compromise of digital systems in life sciences, map their cascading effects across legal, regulatory, reputational, and societal domains, and build cross-disciplinary resilience. We must stop thinking in silos, like “this is a cyber issue,” “that’s a bio risk”, and instead think in terms of converged risks, where attacks on AI, automation, and bio-assets are components of larger state-driven or industrially motivated operations.

Boards must abandon the outdated model of “cyber as an IT risk” with a cyberbiosecurity lens embedded within hybrid threat governance. It leads to new questions: Who owns security at the intersection of AI, bioengineering, and cloud systems? Are our research partners vetted for dual-use sensitivity? Could an insider in our lab environment compromise not just data, but biological outcomes?

This tailored training can provide real-world case studies needed to develop actionable oversight.

Target Audience

This presentation will be delivered exclusively in person during a quarterly Board meeting, featuring tailored case studies specific to an organization’s needs. It will not be available online or via Zoom or similar applications.

Duration

Our briefings can be as short as 30 minutes while remaining comprehensive, or longer, depending on the needs, the program content, and the case studies. We always tailor the program to the needs of each client.

Instructor

George Lekatis. For information about his background and experience, you may visit: https://www.cyber-risk-gmbh.com/About.html

2. State-sponsored but independent hacking groups. The long arm of countries that exploit legal pluralism and make the law a strategic instrument

Overview

According to Article 51 of the U.N. Charter: “Nothing in the present Charter shall impair the inherent right of individual or collective self-defense if an armed attack occurs against a Member of the United Nations, until the Security Council has taken measures necessary to maintain international peace and security.”

But is a cyber-attack comparable to an armed attack?

There is no international consensus on a precise definition of a use of force, in or out of cyberspace. Nations assert different definitions and apply different thresholds for what constitutes a use of force.

For example, if cyber operations cause effects that, if caused by traditional physical means, would be regarded as a use of force under jus ad bellum, then such cyber operations would likely also be regarded as a use of force.

Important weaknesses of international law include the assumption that it is possible to isolate military and civilian targets with sufficient clarity, and to distinguish a tangible military objective to be attained from an attack.

More than 20 countries have announced their intent to use offensive cyber capabilities, in line with Article 2(4) and Article 51 of the United Nations (UN) Charter.

Unfortunately, these capabilities will not help when the attackers are State-sponsored groups, and the States supporting them, claim that not only they are not involved, but also that their adversaries (the victims) have fabricated evidence about it. This is a very effective disinformation operation.

Adversaries have already successfully exploited weakness of non-authoritarian societies, especially the political and legal interpretation of facts from different political parties. It is difficult to use offensive cyber capabilities in line with democratic principles and international law, as it is almost impossible to distinguish with absolute certainty between attacks from States and attacks from State-sponsored independent groups.

Even when intelligence services know that an attack comes from a State that uses a State-sponsored independent group, they cannot disclose the information and the evidence that supports their assessment, as disclosures about technical and physical intelligence capabilities and initiatives can undermine current and future operations. This is the “second attribution problem” – they know but they cannot disclose what they know.

As an example, we will discuss the data breach at the U.S. Office of Personnel Management (OPM). OPM systems had information related to the background investigations of current, former, and prospective federal government employees, U.S. military personnel, and those for whom a federal background investigation was conducted. The attackers now have access to information about federal employees, federal retirees, and former federal employees. They have access to military records, veterans' status information, addresses, dates of birth, job and pay history, health insurance and life insurance information, pension information, data on age, gender, race, even fingerprints.

But why?

Aldrich Ames, a former intelligence officer turned mole, has said: “Espionage, for the most part, involves finding a person who knows something or has something that you can induce them secretly to give to you. That almost always involves a betrayal of trust.”

Finding this person is much easier, if you have data easily converted to intelligence, like the data stolen from the U.S. Office of Personnel Management (OPM). This leak is a direct risk for the critical infrastructure.

There are questions to be answered, and decisions to be made, not only about tactic and strategy, but also political and legal interpretation.

We tailor the program to meet specific requirements. You may contact us to discuss your needs.

Target Audience

The program is highly beneficial for the Board of Directors, C-suite executives, and professionals with privileged access to sensitive corporate information.

Duration

Instructor

Our instructors are professionals with extensive, real-world experience in their respective fields. They are equipped to deliver full-time, part-time, or short-form programs, all customized to suit your specific requirements. Beyond teaching, our instructors provide hands-on guidance, offering real-world insights that help bridge the gap between theory and practice. You will always be informed ahead of time about the instructor leading your program.

3. Cyber espionage, and the role of the Board.

Overview

Intelligence is the collection of information that have military, political, or economic value.

Intelligence refers to both:

- information that is collected by clandestine means,

- information available through conventional means.

Espionage is a set of intelligence gathering methods.

The Oxford’s English Dictionary defines espionage as “the practice of spying or of using spies, typically by governments, to obtain political and military information.”

The Merriam-Webster's Dictionary has a slightly different opinion. Espionage is “the practice of spying or using spies, to obtain information about the plans and activities especially of a foreign government or a competing company.”

The U.S. Federal Bureau of Investigations (FBI) defines economic espionage as "the act of knowingly targeting or acquiring trade secrets to benefit any foreign government, foreign instrumentality, or foreign agent."

According to the 2019 Situation Report of the Swiss Federal Intelligence Service (FIS): "Espionage is driven by a variety of different motives and has more than one aim. For example, states strive, using information obtained by their intelligence services, to gain a fuller picture of the situation in order to improve the effectiveness of their actions.

It can furthermore be observed that information is increasingly being procured with the aim of influencing (in so-called influence operations) or damaging the actions of rivals. Both can be achieved through the selective publication of information. The aim of such activities is often to weaken the cohesion of international groups or institutions and thereby to restrict their ability to act."

Cyber is a prefix used to describe new things that are now possible as a result of the spread of computers, systems, and devices, that are interconnected. It relates to data processing, data transfer, or information stored in systems.

With the word cyber we also refer to anything relating to computers, systems, and devices, especially the internet.

The prefix cyber has been added to a wide range of words, to describe new flavors of existing concepts, or new approaches to existing procedures.

Intelligence gathering involves human intelligence (HUMINT - information collected and provided by human sources), signals intelligence (SIGINT - information collected by interception of signals), imagery intelligence (IMINT), measurement and signature intelligence (MASINT), geospatial intelligence (GEOINT), open-source intelligence (OSINT), financial intelligence (FININT), etc.

HUMINT is the oldest form of intelligence gathering. Cyber-HUMINT refers to the strategies and practices used in cyberspace, in order to collect intelligence while attacking the human factor.

Cyber-HUMINT starts with traditional human intelligence processes (recruitment, training, intelligence gathering, deception etc.), combined with social engineering strategies and practices.

Cyber espionage includes:

- unauthorized access to systems or devices to obtain information,

- social engineering to the persons that have authorized access to systems or devices, to obtain information.

Cyber espionage involves cyber attacks to obtain political, commercial, and military information.

Cyber espionage and traditional espionage have similar or the same end goals. Cyber espionage exploits the anonymity, global reach, scattered nature, the interconnectedness of information networks, the deception opportunities that offer plausible deniability.

Economic and industrial espionage, including cyber espionage, represents a significant threat to a country’s prosperity, security, and competitive advantage. Cyberspace is a preferred operational domain for many threat actors, including countries, state sponsored groups, the organized crime, and individuals. Artificial Intelligence (AI) and the Internet of Things (IoT) introduce new vulnerabilities.

Cyber economic espionage is the targeting and theft of trade secrets and intellectual property. It is usually much larger in scale and scope, and it is a major drain on competitive advantage and market share.

According to Burton (2015), cyber threats can be classified into four main categories: Cybercrime, cyber espionage, cyberterrorism, and cyber warfare.

Cybercrime is crime enabled by or that targets computers. Criminal activities can be carried out by individuals or groups who have diverse goals such as financial gain, identity theft, and damaging property. Usually cybercrime is financially motivated.

Cyber espionage activities are conducted by state-sponsored cyber attackers "for the purpose of providing knowledge to the states to obtain political, commercial, and military gain" (Burton, 2015).

According to Denning, cyberterrorism is “the convergence of cyberspace and terrorism" that covers politically motivated hacking and operations intended to cause grave harm such as loss of life or severe economic damage.

Cyber Warfare involves the use of computers and systems to target an enemy’s information systems. The use of cyber power in military operations is an important force multiplier. Since the armed forces are highly dependent on information technologies and computer networks, disruption of these systems would provide great advantages.

Cyberspace is regarded as the fifth domain of warfare after land, sea, air, and space. NATO Secretary General Jens Stoltenberg announced in June 2016 that “the 28-member alliance has agreed to declare cyber an operational domain, much as the sea, air and land are”.

According to the 2019 Situation Report of the Swiss Federal Intelligence Service (FIS): "Espionage operations which have come to light reveal that cyber tools and other communications reconnaissance instruments are being used in parallel and in interaction with human sources.

Depending on the objective, information is also being procured exclusively via cyberspace. The latter has gained in importance insofar as the use of cyber-based information-gathering tools has proven successful for many actors.

Cyber espionage is difficult to detect, the perpetrators can hardly be successfully prosecuted, as the purported country of origin does of course not help to elucidate the affair and determination by the means of intelligence of the origins of the cyber-attack (ʻattributionʼ) can simply be denied based on the lack of provability."

A major challenge today is the lack of awareness and training. Many organizations and companies continue to believe that cyber security is a technical, not a strategic discipline. They believe that cyber security involves the protection of systems from threats like unauthorized access, not the awareness and training of persons that have authorized access to systems and information.

Target Audience

Duration

Instructor

4. Counter-Elicitation for Professionals With Privileged Access.

Overview

The trusting executive. The accomplished professional who speaks at conferences. The passionate scientist sharing ideas in online communities. Individuals with access to sensitive information will network at conventions, participate in discussions, or engage in interviews, unknowingly exposing themselves to risk.

Could they effectively protect proprietary information from a skilled individual who befriends them to gain access to what they know?

Elicitation is an effort in which a seemingly regular conversation is contrived to extract sensitive information, without raising suspicion that specific facts are being sought. The elicitation techniques are subtle, non-threatening, deniable, and effective. Elicitors manipulate individuals into sharing valuable information without realizing its significance. This is also one of the oldest forms of espionage.

Like other social engineering tactics, elicitation exploits a person’s psychological and social weaknesses, including:
• The tendency to be polite and helpful, especially with new acquaintances.
• The desire to appear knowledgeable and credible in professional discussions.
• A failure to recognize the true value of information being shared during an “interesting” conversation.

Executives and other high-value targets are unaware that some of their encounters are in reality carefully orchestrated attempts to gather sensitive information.

This briefing raises awareness about elicitation risks and equips participants to understand:

• How elicitation techniques are used to manipulate conversations and extract valuable information.
• Why trusting or accomplished individuals are often prime targets.
• Practical strategies to recognize and deflect elicitation attempts while maintaining professionalism.

By providing the key people in an organization with these critical skills, we empower them to safeguard sensitive information, protect their organizations, and navigate professional interactions with greater confidence and security.

Target Audience

The program is highly beneficial for the Board of Directors, C-suite executives, and professionals with privileged access to sensitive corporate information.

Duration

Instructor

Christina Lekati, psychologist, security training expert. To learn about her you may visit: https://www.cyber-risk-gmbh.com/About_Christina_Lekati.html

Christina Lekati, Social Engineering Training Expert

5. Cyber Proxies and the role of the Board.

Overview

The word proxy is interesting. In Latin, procuro means manage, administer - from pro (“on behalf of”) and curo (“I care for”).

Today a proxy is a person or entity who is authorized to act on behalf of another person or entity.

Countries expand their global intelligence footprint to better support their growing political, economic, and security interests around the world, increasingly challenging existing alliances and partnerships. They employ an array of tools, especially influence campaigns, to advance their interests or undermine the interests of other countries. They turn a power vacuum into an opportunity.

Countries use proxies (state-sponsored groups, organizations, organized crime, etc.) as a way to accomplish national objectives while limiting cost, reducing the risk of direct conflict, and maintaining plausible deniability.

With plausible deniability, even if the target country is able to attribute an attack to an actor, it is unable to provide evidence that a link exists between the actor and the country that sponsors the attack.

According to Tim Maurer, proxy is an intermediary that conducts or directly contributes to an offensive cyber operation that is enabled knowingly, actively or passively, by a beneficiary who gains advantage from its effect.

Cyber proxies are valuable actors in political warfare. This is the employment of military, intelligence, diplomatic, financial, and other means, short of conventional war, to achieve national objectives. It encompasses the exploitation of computer networks and platforms, electronic warfare, psychological operations, and information operations.

For some countries, the main battlespace is the mind. With information and psychological warfare, these countries can morally and psychologically depress the enemy’s armed forces personnel and civil population.

In 2019, the United States spent $732 billion on defense, compared to Russia’s $65.1 billion. It is obvious that Russia and other countries in similar position will try to find less expensive means to counter big, expensive U.S. weapons and systems. Cyber espionage is especially economical when countries conduct activities through proxies.

Countries actively create fertile grounds for malicious activities to occur. Cyber actors (which include cyber criminals, hacktivists, and political, economic and religious groups) are continually operating from within the sphere of influence of the sponsoring country with the understanding that their illegal activities will be tolerated, as soon as they will also support the objectives of the sponsoring country.

As John Carlin, former Assistant U.S. Attorney General for National Security has stated, what you’re seeing is the world’s most sophisticated intelligence operations when it comes to cyber espionage, using the criminal groups for their intelligence ends, and protecting them from law enforcement.

Cyber threats posed by cyber proxies must be managed, and the laws must be changed in this area. Publicly attributing malicious cyber activity to a country in a timely manner and holding that country accountable is difficult, but necessary. If international law is unable to solve these problems, national policies will ignore international law and confront cyber adversaries through rapid attribution and offensive countermeasures, to deter future aggression.

Target Audience

Duration

Instructor