There’s a new word on the street that packs a lot of punch: cyberbiosecurity, which is introducing a host of new multilayered threats to biodefense.
Members of the newly named Bipartisan Commission on Biodefense — formerly the Blue Ribbon Study Panel on Biodefense — last week sought a better understanding of cyberbiosecurity during an event it held in Washington, D.C., that brought together federal officials, as well as academic, private sector, and law enforcement experts to discuss how these two areas of science and technology are beginning to converge, making the nation increasingly unsafe and insecure.
“We are as a country not doing enough to secure ourselves against the rapid advancements in cyber and biotechnology around the world,” said U.S. Rep. Chrissy Houlahan (D-PA) during the commission’s Sept. 17 meeting, Cyberbio Convergence: Characterizing the Multiplicative Threat.
“And frankly, one of the key reasons why I decided to run for Congress rather than state or local office was that I felt as though there were not enough people in Congress who were thinking about this,” said the freshman lawmaker, who was trained as an engineer at Stanford University and MIT and previously served in the U.S. Air Force as a program manager focused on, among other things, ballistic missile defense.
Rep. Houlahan said it’s “worrisome” that there are only a handful of federal lawmakers who have a STEM education or background. In fact, she added, most Americans and members of Congress think cybersecurity and biosecurity are just ideas they’ve seen on TV shows and in science-fiction movies. But they pose “real and genuine threats,” said Houlahan, who serves as a member of the U.S. House Armed Services Committee.
What’s more alarming, Houlahan said, is that during conversations she’s had with high-ranking officials in the U.S. Department of Defense (DOD) and U.S. Department of Homeland Security, people don’t see the intersection of biosecurity and cybersecurity.
This lack of understanding, said Houlahan, has led to a lack of resources and a lack of personnel dedicated to advancing the nation’s defenses against such potential threats.
“And they really do have a very significant overlap,” the congresswoman said, “and we need to be thinking about them in tandem and as they dovetail with one another.”
America must better develop its biosecurity at home and improve the integration of the bio and cyber communities,” she said. “This is dangerous and we in Congress need to be legislating accordingly.”
Her suggested solutions included that members of Congress conduct more briefings and closed-door meetings to stay on top of the issues and that the problem be elevated through the proper channels, namely via federal policymaking.
For instance, the National Defense Authorization Act (NDAA) for Fiscal Year 2020, H.R. 2500/S. 1790, includes numerous Houlahan provisions, such as one to direct the DOD to assess vulnerabilities in the nation’s most sensitive biosecurity and pathogens data and recommend actions to Congress for remediating them.
Both chambers are now reconciling differences in their respective versions of the NDAA.
Following the lawmaker’s remarks, the Bipartisan Commission on Biodefense heard from several experts who sat on three different panels.
Panel one members discussed the vulnerability of pathogen and biomanufacturing data systems, including databases, digital sequences, software for designing novel DNA sequences, biomanufacturing supply chain data systems, and the use of DNA to store information.
“We are in an era of incredible technological advancement across a variety of sectors, including biomanufacturing,” said Kelvin Lee, director of the National Institute for Innovation in Manufacturing Biopharmaceuticals, and the Gore Professor in the Department of Chemical Engineering at the Delaware Biotechnology Institute at the University of Delaware.
The subsequent bioeconomy is moving forward “faster than ever” due to a number of converging technological advancements, Lee added.
At the same time, because of the increasing reliance on cyber and digital systems within the biotechnology community, he said it’s important for anyone associated with the bioeconomy to be educated about and follow best practices for digital biosecurity.
“As biotechnology becomes increasingly digital, for instance, the biotechnology community must pay particular attention to cybersecurity-related issues, such as data security, data integrity, and so forth,” said Lee.
And while the terms ‘biotechnology’ and ‘biosecurity’ are different, he said, they nevertheless raise the question about whether the nation needs “new solutions for new problems, or if the biotech sector needs to add cybersecurity earlier into its conversations.”
“Regardless of the terminology, digital threats can impact pharmaceutical manufacturing,” Lee said, such as via computer worms and other cyber-related impacts that potentially could have catastrophic effects on public health and the bioeconomy.
Quality controls and other mitigation efforts have been devised, Lee said, “but there will always be the potential for some level of unexpected natural kinetic drift in biological systems or even some malicious introduction and that would be difficult to predict, detect and mitigate.”
Lee also pointed to another area of concern: genetic information at the cyber biological interface. A failure here could result in economic losses to the industry, patient and public health impacts, potential exposure to employees of harmful agents, and an inability to respond rapidly to emerging public health threats.
“All of this needs to be assured,” said Lee.
The second panel of experts discussed the risks associated with the misuse of the biotechnology industry and how to reduce them.
For example, James Diggans, director of bioinformatics and biosecurity at Twist Bioscience, said federal lawmakers should require that a study be completed that details how much data should be made publicly available, noting that in the wrong hands, threats could turn into large-scale events.
During panel three, entitled Vulnerability of Intellectual Property and the Bioeconomy, two law enforcement experts addressed cyberbiosecurity policies around protecting intellectual property.
“We have to get working and we have to get working fast. There’s a lot to do,” said Peter Edge, vice president of corporate security for SOS International LLC, and the former acting deputy director of U.S. Immigration and Customs Enforcement.
For instance, Edge said that stakeholders and lawmakers should “take a good look at the convergence of biosecurity and cybersecurity,” because of the challenges these areas pose to public safety.
“There is an immediate need to adopt robust cybersecurity policies for safeguarding intellectual property and the economic activity generated by the research and innovation in the biological sciences,” Edge said.
From a law enforcement perspective, he said there are three things that need to be initiated: Strategic coordination between law enforcement and the intelligence communities; collaboration with the private sector; and coordination of the most secure methods for storing intellectual property and sharing that information between law enforcement, the intelligence communities and the private sector.
Several of the day’s panelists also agreed that cyberbiosecurity threats from China cannot be ignored and they are increasing.
“It is, in fact, what keeps me up at night,” said Rep. Houlahan.