CHEM BIO PROTECTION
Potential Vulnerabilities Exist in Biosecurity Programs
Scientists have been increasingly able to digitize biological information to benefit the warfighter, from automating drug and vaccine development to collecting disease surveillance data.
But biologists remain largely unaware of the potential risks of digitizing biotechnology in ways that are important for national defense, according to one expert.
The results of a 2016 Defense Department-led study reveal that there are multiple potential vulnerabilities within critical biomanufacturing processes, said Randall Murch, a research lead and professor at Virginia Tech and a former FBI agent.
Murch examined the vulnerabilities of manufacturing vaccines and biotherapeutics that have implications for the wider national security community, he said. Several federal agencies, including the Defense Department and the Department of Health and Human Services, are now evaluating the study, he noted.
His team quickly realized the potential vulnerabilities of drug delivery systems, personalized medical devices, robotic surgery equipment and more, he said.
“All of these technologies … are accessible, usually from the outside of that system” provided a pathway exists or can be created, he added.
Those vulnerabilities include data that is collected, stored and then used for master technical documents in laboratories, which could then be collected and manipulated to reflect small changes that would cause harm, he said.
Adversaries could also potentially gain entry to a virtual private network to become “the man in the middle” of activities in progress, he noted. A scientist could be checking on a system’s performance from home and an intruder could be manipulating the parameters, “causing mayhem with the bioprocesses development, the fermentation processes, whatever it might be,” he added.
These vulnerabilities have implications for the supply chain of vaccines and pharmaceuticals that the defense community relies upon, Murch said.
“If somebody wants to know what you buy, where you’re buying it, who you’re buying it from and how it’s going to be delivered to you, … you can learn a lot from getting behind somebody’s firewall,” he added.
Murch noted that the team working on the Defense Department-funded study did not find a specific vulnerability at the University of Nebraska, which was used as a test bed. But he added that recent stories, such as the 2017 cyber attack on pharmaceutical giant Merck, further demonstrate the risks.
Small companies in particular should be aware of the potential vulnerabilities in their systems, as well as government research-and-development facilities that perform biomanufacturing, he said.
Murch said the Defense Department should be paying more attention to this problem as it makes larger investments in cybersecurity technologies.
“It makes no sense to me to pay people a lot of money to develop vaccines if you don’t protect yourself,” he said.