Cybersecurity is getting a lot of attention at the moment as the consequences of the Colonial pipeline hack ripple through Eastern gas stations. Biotechnology, is not immune from these problems. With it's dependence on cyberphysical systems such as digital data, interconnected software platforms, automation, and instruments, sensors, and devices connected to the internet, every device or computer with an internet connection, or employee who uses email, is vulnerable to cyberattacks.
Last December, the U.S. Department of Homeland Security issued a warning after the IBM Security X-Force team discovered a series of cyberattacks on companies and government organizations working to distribute coronavirus vaccines (1). According to IBM, the cyberattackers targeted processes for shipping, cold storage, and delivery. Many of the attacks involved phishing emails, designed to steal credentials to access to company systems, that were sent to personnel in companies producing containers for cold-chain storage.
In April, CBS News shared more details. The cyberattack on vaccines targeted 44 companies in 14 countries across Europe, North America, South America, and Asia. The targeted firms included biomedical research organizations, medical equipment manufacturers; pharmaceutical firms, surgical material makers, immunology experts and pharmacies distributing COVID-19 rapid tests. Also targeted were logistics and transportation companies, including eight companies in the automotive, aviation, maritime and transport services sectors across Italy, Korea, Japan, Colombia and the U.S.
Neither CBS News nor the New York Times articles mentioned hack-related damages, however, if hackers had been able to access company systems, they could have shut down refrigeration units and destroyed large batches of vaccines.
Vaccine makers aren't the only companies vulnerable to cyberattack. Multiple sectors of the bioeconomy including agriculture and food production, biological databases, medical devices, and supply chains are vulnerable.
Just like hackers use ransomware to hold computer files hostage, hackers could blackmail people with implanted medical devices like pacemakers or reprogram DNA synthesizers to make virulence genes. What if biologic data were altered or pathogen-tracking systems were compromised?
We need to be aware that our reliance on cyberphysical systems leaves us open to problems where attackers might gain access to networks and trigger problematic biological outcomes.
What can we do?
We can begin by learning about cyberbiosecurity. Cyberbiosecurity is a new field that combines combines cybersecurity, biosecurity, and biosafety in the effort to prevent malicious activities and protect the bioeconomy (3). This field is concerned with:
1. Identifying the potential for risk,
2. Developing, validating, and implementing safeguards,
3. Understanding the risks specific to the life sciences.
Specifically, cyberbiosecurity aims to identify and mitigate security risks fostered by the digitization of biology and biotechnology automation. According to Mueller (3), the biotech industry has been pretty naive. He cites several criminal cases concerning sabotage, corporate espionage, and extortion, and states that most people in the life sciences are ignorant of the dangers and consequently at greater risk.