As we continue to endeavor down the digital rabbit hole, we’ve also seen a multitude of cyber-attacks coincide with the rise of digital and cloud technology adoption. As with the ongoing Russian hack or the recent breach of Cyber giant FireEye, the true fear from these cyber attacks are not limited to just privacy breach and financial lost, but rather concern the physical health of the victims.
A biological cyber attack?
A research team for Ben Gurion University alerted, in a recently published academic article, to a new and far more dangerous type of cyber attack. The fear now is that cyber criminals could disrupt the work of Biologists -, creating hazardous compounds in the lab while the computing shows and the lab workers think that a safe medicine or vaccine is being made.
According to the Ben Gurion University research team’s findings, a vulnerability in a U.S. Department of Health’s protocol could lead synthetic DNA manufacturers to be exposed to cyber attacks. The vulnerability made it possible to bypass strict filtering processes and further complicate the security software’s ability to identify the harmful DNA sequence.
The team, led by Dr. Rami Puzis from the Software and Systems Engineering Department, added that the vulnerability they discovered comprised of numerous DNA reliability failures, which enable cyber attacks where a poisonous DNA is injected into a routine shipment. This kind of new threat demonstrates how malicious code can disrupt biological processes.
Despite there being simpler cyber attacks that impact biological testing, the researches noted in their findings a cyber vulnerability scenario in three different levels of bio-engineering workflow: At the software level, at the incoming DNA inventory scans, and at the biological protocol levels.
“There are easier ways for a bio-terrorist to inflict harm”
In a conversation with Geektime, Dr. Puzis explains how the team discovered the potential breach point: “We realized that policies had been dictated by assumptions that hadn’t taken in account the availability and accessibility of existing genetic editing tools on the market today. Today’s availability of genetic editing tools allows the private individual access to create new DNA sequences. These, on one hand, are able to pass under the radar of initial screenings, and on the other hand, can be easily reconstructed to identify the poison, which should have been caught during the initial screening stages.”
Puzis adds that the research team is collaborating with enterprises in order to help them prevent exposure to his vulnerability: “They were given a few different examples with which companies could test their systems against malicious DNA. Even when a company reports their results to us, we never expose them. Anyways, even if some companies are exposed to this vulnerability, they can now quickly rush to fix the problem.”
According to Puzis, biologists, and organizations prepared for DNA-targeted cyber attacks, it won’t be an easy solution, and cannot be mended only by utilizing standard cyber tools. “There is a need for part of the traditional cyber tools like signatures, alongside dedicated algorithms for scanning DNA sequences.”
Have any past attacks been identified? Or, any POCs to determine best practices?
Puzis: “There was a POC of the attack to better learn how to defend agaisnt it. At this time, there are easier ways for bio-terrorists to inflict harm, but with advanced technologies and regulations in place, more and more companies will have to run DNA screenings. We must verify that once synthetic DNA screening is as standard as scanning for viruses on your desktop, then the malicious DNA screening technology must be on par.”
Puzis further adds that from trials performed by his team showed that 16 out of 50 malicious DNA sequences were left undiscovered based on U.S. screening policies: “This attack scenario highlights the need to strengthen the synthetic DNA supply chain with security measures to prevent bio-cyber attacks. In order to tackle these threats, we provide an improved filtering algorithm, which takes into account the availability of genetic editing tools and gene shuffle.”