(CBS News) — Biology is becoming increasingly digitized. Researchers like us use computers to analyze DNA, operate lab equipment and store genetic information. But new capabilities also mean new risks – and biologists remain largely unaware of the potential vulnerabilities that come with digitizing biotechnology.
The emerging field of cyberbiosecurity explores the whole new category of risks that come with the increased use of computers in the life sciences.
University scientists, industry stakeholders and government agents have begun gathering to discuss these threats. We’ve even hosted FBI agents from the Weapons of Mass Destruction Directorate here at Colorado State University and previously at Virginia Tech for crash courses on synthetic biology and the associated cyberbiosecurity risks. A year ago, we participated in a U.S. Department of Defense-funded project to assess the security of biotechnology infrastructures. The results are classified, but we disclose some of the lessons learned in our new Trends in Biotechnology paper.
Along with co-authors from Virginia Tech and the University of Nebraska-Lincoln, we discuss two major kinds of threats: sabotaging the machines biologists rely on and creating dangerous biological materials.
Computer viruses affecting the physical world
In 2010, a nuclear plant in Iran experienced mysterious equipment failures. Months later, a security firm was called in to troubleshoot an apparently unrelated problem. They found a malicious computer virus. The virus, called Stuxnet, was telling the equipment to vibrate. The malfunction shut down a third of the plant’s equipment, stunting development of the Iranian nuclear program.
Unlike most viruses, Stuxnet didn’t target only computers. It attacked equipment controlled by computers.
The marriage of computer science and biology has opened the door for amazing discoveries. With the help of computers, we’re decoding the human genome, creating organisms with new capabilities, automating drug development and revolutionizing food safety.
Stuxnet demonstrated that cybersecurity breaches can cause physical damages. What if those damages had biological consequences? Could bioterrorists target government laboratories studying infectious diseases? What about pharmaceutical companies producing lifesaving drugs? As life scientists become more reliant on digital workflows, the chances are likely rising.
Messing with DNA
The ease of accessing genetic information online has democratized science, enabling amateur scientists in community laboratories to tackle challenges like developing affordable insulin.
But the line between physical DNA sequences and their digital representation is becoming increasingly blurry. Digital information, including malware, can now be stored and transmitted via DNA. The J. Craig Venter Institute even created an entire synthetic genome watermarked with encoded links and hidden messages.
Twenty years ago, genetic engineers could only create new DNA molecules by stitching together natural DNA molecules. Today scientists can use chemical processes to produce synthetic DNA.
The sequence of these molecules is often generated using software. In the same way that electrical engineers use software to design computer chips and computer engineers use software to write computer programs, genetic engineers use software to design genes.
That means that access to specific physical samples is no longer necessary to create new biological samples. To say that all you need to create a dangerous human pathogen is internet access would be an overstatement – but only a slight one. For instance, in 2006, a journalist used publicly available data to order a fragment of smallpox DNA in the mail. The year before, the Centers for Disease Control used published DNA sequences as a blueprint to reconstruct the virus responsible for the Spanish flu, one of the deadliest pandemics of all time.
With the help of computers, editing and writing DNA sequences is almost as easy as manipulating text documents. And it can be done with malicious intent.
First: Recognize the threat
The conversations around cyberbiosecurity so far have largely focused on doomsday scenarios. The threats are bidirectional.
On the one hand, computer viruses like Stuxnet could be used to hack into digitally controlled machinery in biology labs. DNA could even be used to deliver the attack by encoding malware that is unlocked when the DNA sequences are translated into digital files by a sequencing computer.
On the other hand, bad actors could use software and digital databases to design or reconstruct pathogens. If nefarious agents hacked into sequence databases or digitally designed novel DNA molecules with the intent to cause harm, the results could be catastrophic.
Read more and see videos, here.
