BiosecurityDNA has gone digital – what could possibly go wrong?

By Jenna E. Gallegos and Jean Peccoud

Published 15 December 2017

Biology is becoming increasingly digitized. Researchers like us use computers to analyze DNA, operate lab equipment and store genetic information. But new capabilities also mean new risks – and biologists remain largely unaware of the potential vulnerabilities that come with digitizing biotechnology. In 2010, a nuclear plant in Iran experienced mysterious equipment failures which paralyzed Iran’s nuclear weapons program. Months later, a security firm was called in to troubleshoot an apparently unrelated problem, and found a malicious computer virus called Stuxnet, which was telling uranium-enrichment centrifuges to vibrate. Stuxnet demonstrated that cybersecurity breaches can cause physical damages. What if those damages had biological consequences? Could bioterrorists target government laboratories studying infectious diseases? What about pharmaceutical companies producing lifesaving drugs? As life scientists become more reliant on digital workflows, the chances are likely rising. The emerging field of cyberbiosecurity explores the whole new category of risks that come with the increased use of computers in the life sciences.

Biology is becoming increasingly digitized. Researchers like us use computers to analyze DNA, operate lab equipment and store genetic information. But new capabilities also mean new risks – and biologists remain largely unaware of the potential vulnerabilities that come with digitizing biotechnology.

The emerging field of cyberbiosecurity explores the whole new category of risks that come with the increased use of computers in the life sciences.

University scientists, industry stakeholders and government agents have begun gathering to discuss these threats. We’ve even hosted FBI agents from the Weapons of Mass Destruction Directorate here at Colorado State University and previously at Virginia Tech for crash courses on synthetic biology and the associated cyberbiosecurity risks. A year ago, we participated in a U.S. Department of Defense-funded project to assess the security of biotechnology infrastructures. The results are classified, but we disclose some of the lessons learned in our new Trends in Biotechnology paper.

Along with co-authors from Virginia Tech and the University of Nebraska-Lincoln, we discuss two major kinds of threats: sabotaging the machines biologists rely on and creating dangerous biological materials.

Computer viruses affecting the physical world
Months later, a security firm was called in to troubleshoot an apparently unrelated problem. They found a malicious computer virus. The virus, called Stuxnet, was telling the equipment to vibrate. The malfunction shut down a third of the plant’s equipment, stunting development of the Iranian nuclear program.

Unlike most viruses, Stuxnet didn’t target only computers. It attacked equipment controlled by computers.

The marriage of computer science and biology has opened the door for amazing discoveries. With the help of computers, we’re decoding the human genome, creating organisms with new capabilities, automating drug development and revolutionizing food safety.

Stuxnet demonstrated that cybersecurity breaches can cause physical damages. What if those damages had biological consequences? Could bioterrorists target government laboratories studying infectious diseases? What about pharmaceutical companies producing lifesaving drugs? As life scientists become more reliant on digital workflows, the chances are likely rising.