Potential Vulnerabilities Exist in Biosecurity Programs

CHEM BIO PROTECTION

Potential Vulnerabilities Exist in Biosecurity Programs

4/10/2018
By Vivienne Machi

Photo: iStock

Scientists have been increasingly able to digitize biological information to benefit the warfighter, from automating drug and vaccine development to collecting disease surveillance data.

But biologists remain largely unaware of the potential risks of digitizing biotechnology in ways that are important for national defense, according to one expert.

The results of a 2016 Defense Department-led study reveal that there are multiple potential vulnerabilities within critical biomanufacturing processes, said Randall Murch, a research lead and professor at Virginia Tech and a former FBI agent.

Murch examined the vulnerabilities of manufacturing vaccines and biotherapeutics that have implications for the wider national security community, he said. Several federal agencies, including the Defense Department and the Department of Health and Human Services, are now evaluating the study, he noted.

His team quickly realized the potential vulnerabilities of drug delivery systems, personalized medical devices, robotic surgery equipment and more, he said.

“All of these technologies … are accessible, usually from the outside of that system” provided a pathway exists or can be created, he added.

Those vulnerabilities include data that is collected, stored and then used for master technical documents in laboratories, which could then be collected and manipulated to reflect small changes that would cause harm, he said.

Adversaries could also potentially gain entry to a virtual private network to become “the man in the middle” of activities in progress, he noted. A scientist could be checking on a system’s performance from home and an intruder could be manipulating the parameters, “causing mayhem with the bioprocesses development, the fermentation processes, whatever it might be,” he added.

These vulnerabilities have implications for the supply chain of vaccines and pharmaceuticals that the defense community relies upon, Murch said.

“If somebody wants to know what you buy, where you’re buying it, who you’re buying it from and how it’s going to be delivered to you, … you can learn a lot from getting behind somebody’s firewall,” he added.

Murch noted that the team working on the Defense Department-funded study did not find a specific vulnerability at the University of Nebraska, which was used as a test bed. But he added that recent stories, such as the 2017 cyber attack on pharmaceutical giant Merck, further demonstrate the risks.

Small companies in particular should be aware of the potential vulnerabilities in their systems, as well as government research-and-development facilities that perform biomanufacturing, he said.

Murch said the Defense Department should be paying more attention to this problem as it makes larger investments in cybersecurity technologies.

“It makes no sense to me to pay people a lot of money to develop vaccines if you don’t protect yourself,” he said.

Topics: Chem Bio Protection, CBRN, Research and Development

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES