<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> <title>Dual Use Cyber and Biosecurity - Balancing Innovation and Risk Management</title> <meta name="description" content="Learn about dual-use cyber biosecurity challenges, where biological research and innovation face cyber risks. Explore strategies to mitigate risks while fostering technological advancement." > <meta name="keywords" content="Dual use biosecurity, cyber biosecurity risks, biological research security, dual use technology, biotechnology risks, cyber threats in biology, innovation vs risk, biological data security"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [ { "@type": "ListItem", "position": 1, "name": "Index", "item": "https://www.cyberbiosecurity.ch" }, { "@type": "ListItem", "position": 2, "name": "Dual Use", "item": "https://www.cyberbiosecurity.ch/Dual_Use_Cyberbiosecurity.html" }, { "@type": "ListItem", "position": 3, "name": "Espionage", "item": "https://www.cyberbiosecurity.ch/Espionage_Cyberbiosecurity.html" }, { "@type": "ListItem", "position": 4, "name": "Training", "item": "https://www.cyberbiosecurity.ch/Cyberbiosecurity_Training.html" }, { "@type": "ListItem", "position": 5, "name": " Impressum", "item": "https://www.cyber-risk-gmbh.com/Impressum.html" } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Organization", "name": "Cyber Risk GmbH", "url": "https://www.cyber-risk-gmbh.com", "logo": "https://www.cyber-risk-gmbh.com/Cyber_Risk_GmbH_Logo.jpg", "sameAs": [ "https://www.linkedin.com/company/71474270/admin/page-posts/published/", "https://x.com/Cyber_Risk_GmbH" ], "contactPoint": { "@type": "ContactPoint", "telephone": "+41-79-5058960", "contactType": "Customer Service", "areaServed": "Worldwide", "availableLanguage": "English" }, "founder": { "@type": "Person", "name": "George Lekatis" }, "description": "Cyber Risk GmbH is a leading provider of cyber risk and compliance training in Switzerland and worldwide.", "address": { "@type": "PostalAddress", "streetAddress": "Dammstrasse 16", "addressLocality": "Horgen", "addressRegion": "Canton of Z眉rich", "postalCode": "8810", "addressCountry": "CH" } } </script> <link rel="apple-touch-icon" sizes="180x180" href="apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="favicon-16x16.png"> <link rel="shortcut icon" type="image/x-icon" href="favicon.ico"> <link rel="manifest" href="manifest.json"> <meta name="msapplication-TileImage" content="mstile-150x150.png"> <meta name="theme-color" content="#ffffff"> <!-- Bootstrap --> <link href="css/bootstrap.min.css" rel="stylesheet"> <link href="css/style.css" rel="stylesheet"> <!--font-awesome--> <link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet"> <link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;500;600;700;800;900&display=swap" rel="stylesheet"> <!-- Owl Stylesheets --> <link rel="stylesheet" href="css/owl.carousel.css"> <link rel="stylesheet" href="css/owl.theme.default.css"> <!-- javascript --> <script src="js/jquery.min.js"></script> <script src="js/owl.carousel.js"></script> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> <style> img { display: block; margin-left: auto; margin-right: auto; } </style> <meta name="google-site-verification" content="I0CDxLn5hun_Esd7Gf8jIPUBQ1eIIcVNsUQQ9d4Dq8Q"> <style> .wrapper-banner { background: url("Dual Use 1008.JPG"); background-size: cover; background-position: center; } </style> <meta name="msvalidate.01" content="3992470AA0B488CE9CF07B1CD73A76D7"> <link rel="stylesheet" href="./style2.css"> <style> body { color: black; } </style> <style> a:link { color: blue; background-color: transparent; text-decoration: none; } a:visited { color: blue; background-color: transparent; text-decoration: none; } a:hover { color: red; background-color: transparent; text-decoration: underline; } a:active { color: blue; background-color: transparent; text-decoration: underline; } </style> </head> <body> <!-- Fixed navbar --> <div class="wrapper-menu"> <nav id="header" class="navbar navbar-fixed-top"> <div id="header-container" class="container navbar-container"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a id="brand" class="navbar-brand" href="https://www.disinformation.ch/"> <!--<img src="images/logo-black.png" alt="" class="shrink-logo"> --> </a> </div> <div id="navbar" class="collapse navbar-collapse"> <ul class="nav navbar-nav"> <li><a href="https://www.cyberbiosecurity.ch" target="_blank" >Index</a></li> <li><a href="https://www.cyberbiosecurity.ch/Dual_Use_Cyberbiosecurity.html" target="_blank" >Dual Use</a></li> <li><a href="https://www.cyberbiosecurity.ch/Espionage_Cyberbiosecurity.html" target="_blank" >Espionage</a></li> <li><a href="https://www.cyberbiosecurity.ch/Cyberbiosecurity_Training.html" target="_blank" >Cyberbiosecurity Training</a></li> <li><a href="https://www.cyber-risk-gmbh.com" target="_blank">Cyber Risk GmbH</a></li> <li><a href="https://www.cyber-risk-gmbh.com/Impressum.html" target="_blank">Impressum</a> </li> </ul> </div> <!-- /.nav-collapse --> </div> <!-- /.container --> </nav> <!-- /.navbar --> </div> <div class="container-fluid wrapper-banner"> <div class="container"> <div class="top-banner"> </div> </div> </div> <div class="container-fluid projects-wrapper"> <div class="container"> <div class="row"> <div class="section-title"> <h1>Dual Use and Cyberbiosecurity</h1> <br> <p class="text-left">Technology and research lead to advances in medical treatments, improve agricultural yields, enhance food security, and protect against biological threats. Genetic engineering can lead to breakthroughs in treating diseases, and artificial intelligence (AI) can help in predicting outbreaks.</p> <p class="text-left">Technology and research can also be <b> misused </b> to develop biological weapons, conduct bioterrorism, or perpetrate <b> bio-hacking attacks.</b> Genetic editing tools can be used to create harmful pathogens. Cyber attacks are employed to steal sensitive genetic data and sabotage bioinformatics systems. </p> <p class="text-left">The convergence of biotechnology with other technologies like AI, robotics, and nanotechnology <b> adds layers of complexity </b> to the cybersecurity challenges. Each technological domain brings its own set of cyber risks, and their convergence <b> amplifies </b> the potential for both innovative benefits and risks of misuse. </p> <p class="text-left">According to regulation (EU) 2021/821 (for the control of exports, brokering, technical assistance, transit and transfer of dual-use items), <b>dual-use items</b> are items, including software and technology, which can be used for <b> both civil and military purposes, </b> and includes items which can be used for the design, development, production or use of nuclear, chemical or biological weapons or their means of delivery, including all items which can be used for both non-explosive uses and assisting in any way in the manufacture of nuclear weapons or other nuclear explosive devices.</p> <p class="text-left">According to the regulation, <b>various categories of persons </b>are involved in dual-use items, including natural persons such as <b>service providers, researchers, consultants and persons transmitting dual-use items electronically. </b>It is essential that all such persons are aware of the risks, and the modus operandi of threat actors. </p> <p class="text-left">In particular, <b>academic and research institutions face distinct challenges </b> due to, inter alia, their general commitment to the free exchange of ideas and scientific developments. Persons working in these areas sometimes believe that knowledge is liberating, and should be free and the property of all humanity. But when knowledge is also a weapon in hybrid war, we must remember what Sun Tzu had said: <b>The supreme art of war is to subdue the enemy without fighting. </b></p> <p class="text-left">Who else is involved? <b> State-sponsored groups, foreign intelligence agencies, </b> the organized crime, and other cyber actors exploiting vulnerabilities at the intersection between biological activities and information security. The <b> human </b> element is almost always the weakest link in cybersecurity. </p> <p class="text-left">According to the <b> Global guidance framework for the responsible use of the life sciences, from the World Health Organisation (WHO),</b> there is a growing recognition that the ways in which biosafety, biosecurity and dual-use research have traditionally been defined in the context of life sciences research needs to be <b> updated.</b> </p> <p class="text-left">The <b> traditional </b> focus of laboratory biosecurity was on preventing <b> unauthorized </b> personnel from gaining access to biological agents in a laboratory. However, biosecurity increasingly includes measures to address <b> insider threats.</b> The <b>new </b> focus must include places not traditionally thought of as a laboratory, including hospitals, biomedical research institutions, genomic databases, biotechnology companies and facilities that manufacture medical countermeasures. </p> <p class="text-left">According to the WHO, new risks extend beyond pathogens and biology. For example, new developments in neurosciences could potentially be misused (e.g. to enhance or diminish human performance). Advances in nanotechnology and its applications in the life sciences have led to the development of nanocarriers that can improve the efficacy of drugs, but there are concerns that <b>nanoparticles could be misused </b>(e.g. being delivered as aerosols that could traverse the blood鈥揵rain barrier).</p> <p class="text-left">In addition, risks extend <b>beyond human diseases </b>to include potential harm to plants, animals and the environment. </p> <p class="text-left"> There is a need to consider the <b>dual-use potential of technology such as AI and its role in cyberwarfare and information warfare </b>. The scope of governance needs to be broadened to areas where life sciences <b>intersect and overlap</b> with other scientific disciplines. </p> <br> <p class="text-left"><b>Cybersecurity of Genomic Data</b></p> <p class="text-left">According to the National Institute of Standards and Technology, genomic data are generated from studying the structure and function of an organism's genome, which consists of genes and other elements that control the activity of genes. Examples of genomic data can include information on deoxyribonucleic acid (DNA) sequences, variants, and gene activity.</p> <p class="text-left">The world has entered an era of <b>accelerated biological innovation </b>built primarily upon the many uses of genomic data that include vaccine development and manufacturing, pharmaceutical development and manufacturing, disease diagnosis, and agricultural innovations that enable increased food production, biofuel development, basic and translational scientific research, consumer testing, genealogy, and law enforcement, among others. More uses continue to be discovered.</p> <p class="text-left"><b>Genetic sequencing </b>technology has advanced such that sequencing entire genomes is feasible and affordable. Whole or partial genome sequences for many microbial, plant, and animal species reside in open access, controlled access, or private databases within the National Institutes of Health (NIH), Federal Bureau of Investigation (FBI), and direct-to-consumer (DTC) genetic testing providers, to name a few. </p> <p class="text-left">As this era unfolds, there is <b>a new awareness of risks </b>to U.S. national security, its economy, its biotechnology industry, and its citizens due to <b>cybersecurity attacks targeting genomic data. </b> </p> <p class="text-left">Cyber attacks targeted at genomic data include <b> attacks against the confidentiality of the data, its integrity, and its availability. </b> </p> <p class="text-left">Cyber attacks against the <b> confidentiality </b> of the data can threaten our economy through theft of the intellectual property owned by the U.S. biotechnology industry, allowing competitors to gain an unfair economic advantage by accessing U.S. held genomic data.</p> <p class="text-left">Attacks against the <b> integrity </b> of the data can disrupt biopharmaceutical output, agricultural food production, and bio-manufacturing activity. </p> <p class="text-left"> Attacks against the <b> availability </b> of the data include encrypting for ransom, deletion of data, and disabling critical automated equipment used in research, development, and manufacturing. </p> <p class="text-left"> The potential harms of cyber attacks on genomic data threaten our national security as well, including enabling development of <b> biological weapons </b> and surveillance, oppression, and extortion of our citizens, military, and intelligence personnel based on their genomic data.</p> <p class="text-left">Cyber attacks targeted at genomic data can also <b> harm individuals by enabling intimidation </b> for financial gain, discrimination based on disease risk, and privacy loss from revealing hidden consanguinity or phenotypes including health, emotional stability, mental capacity, appearance, and physical abilities. </p> <p class="text-left"> In addition to the privacy risks that can arise because of a cyber attack, privacy risks unrelated to cybersecurity can arise when processing genomic data. These risks can arise when there is insufficient predictability, manageability, and disassociability in the genomic data processing. </p> <p class="text-left"> <b> Insufficient predictability </b> in data processing can result in privacy problems if individuals are not aware of what is happening with their genomic data. </p> <p class="text-left"><b> Insufficient manageability </b> in data processing can arise when the capabilities are not in place to allow for appropriately granular administration of genomic data. For example, individuals may need to be able to have some or all their genomic data deleted from a dataset. </p> <p class="text-left"> Permitting access to raw genomic data, instead of using appropriate privacy-enhancing technologies to extract only the necessary insights (without revealing the raw data), introduces privacy risks from insufficient disassociability in data processing. Each of these areas of privacy risks can disrupt the ability to realize the benefits of processing genomic data.</p> <p class="text-left">The U.S. research community, government, and private industry require <b>genomic data sharing </b>to advance scientific and medical research and to maintain the country鈥檚 competitive advantage in biotechnology. The transfer and sharing of genomic data are essential for understanding human health, improving wellbeing, and accelerating scientific inquiry and advancements. </p> <p class="text-left">The genomic data transferred and shared represent tens of millions of individuals who provide their information. In aggregate across all types of measurements, <b>these data are processed by thousands of entities (e.g., domestic, international, nonprofit, for-profit) </b>that store, access, manage, and use genomic and health-related data. These data sharing activities need adequate technological and policy controls that allow research and enable commerce, as well as respect the informed consent and privacy of the data subjects who expect protections from reidentification.</p> <p class="text-left">Loss of control of genomic data can cause risks to privacy, personal security, and national security, as <b>adversaries can use genomic data for nefarious reasons. </b> Genomic database breaches or other losses of data may result in thefts of intellectual property and put the U.S. at a competitive disadvantage in biotechnology. </p> <p class="text-left">Security threats may arise through the <b>creation of bioweapons </b>or compromised identities of national security agents. Cyber attacks <b>have occurred </b>on genomic databases, commercial entities storing genomic data, DNA sequencing instruments, and genomic software tools. Other attack scenarios and exploits include targeting hardware, firmware, software, the local network, cloud infrastructure, and physical security. </p> <p class="text-left">Existing cybersecurity and privacy risk management practices must be <b>tailored </b>to effectively address cyberbiosecurity challenges. We must <b>close the gaps that persist </b>in legislation, and international cooperation. Understanding the risks and challenges, not only the opportunities, is the first important step. </p> <hr> </div> </div> </div> </div> <div class="container-fluid projects-wrapper"> <div class="container"> <div class="row"> <div class="section-title"> </div> </div> </div> </div> <!--<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script> --> <script src="js/bootstrap.js"></script> <script> $(document).ready(function() { var owl = $('.cliend-logo'); owl.owlCarousel({ margin: 20, nav: true, loop: true, autoplay:true, autoplayTimeout:4000, responsive: { 0: { items: 1 }, 600: { items: 6 }, 1000: { items: 6 } } }) }) $(document).ready(function() { var owl = $('.testimonialstext'); owl.owlCarousel({ margin: 20, nav: true, loop: true, autoplay:true, autoplayTimeout:4000, responsive: { 0: { items: 1 }, 600: { items: 1 }, 1000: { items: 1 } } }) }) </script> <script> $(window).scroll(function() { if ($(document).scrollTop() > 50) { $('nav').addClass('shrink'); $('.add').hide(); } else { $('nav').removeClass('shrink'); $('.add').show(); } }); </script> </body> </html>