by Justin Hurt, GMU Biodefense PhD student
As part of National Defense University’s hosted topical discussion series, the Center for the Study of Weapons of Mass Destruction (CSWMD) hosted a symposium titled “The Digitization of Weapons of Mass Destruction (WMD): exploring the Impact of Digital Components of Emerging Technologies on January 17th, 2019 on Fort McNair. The discussion “The Digitization of Biology” presented a very pertinent conversation of the emerging concerns of new technologies in biodefense and biosecurity. Hosted by Dr. Diane DiEuliis of CSWMD, the panel included an initial topical discussion by Dr. Corey Hudson from Sandia National Laboratory regarding modeling genomic and synthetic biology facilities at scale. Next, Dr. Eleonore Pauwels of the United Nations University talked about biointelligence and the availability of knowledge. Finally, Supervisory Special Agent Ed You from the Federal Bureau of Investigation discussed ideas on how to address safeguards in the emerging bioeconomy.
Some trends that have been notable, especially in terms of synthetic biology, is that automation is becoming increasingly critical and pertinent for emerging biological technologies. The associated computational systems and machinery have inherent cyberbiosecurity risks, including privacy risks, system operation issues, manufacturing risks (that include issues with attributing who made what), and the risk of possible sabotage. As genomics grows, it becomes increasingly automated, thus increasing the system risks. As an emerging consumer product, genomics becomes harder to control and secure at scale. In addition, as an internet connected technology, firewalling becomes variable and not generally standardized. Modeling appropriate measures for large-scale genomics is important because it helps to understand the effects of big data, the similarities and differences between the plethora of different open source bioinformatics software systems which don’t always adhere to security best practices. This sometimes leaves personally identifiable information vulnerable as data fragments in an internet connected process. Of concern, and under study, is the threat of in-place data manipulation, which is the exploitation of data in the system to change some particular detail with malicious information to change the outcome of the genomics or synthetic biology process. Some emergent vulnerabilities for the genomics process that are being researched include the interaction between software and the outside world, the difficulties in maintaining restricted data input, the easy concealment of something malicious in big data, and the dual-use nature of precision biomedicine and associated technologies. Amongst the key mitigation procedures that should be considered are knowing the customer and limiting manufacturing to only what is necessary and what makes sense (in some sense a self-regulation measure), and using the select agent databases and control lists to prevent manufacturing of illicit materials.
As the merging of biotechnology and cybertechnology evolves, the concept of biointelligence becomes more important to help with the governance of such emerging technologies. The automation and connectivity of these technologies increases the need for appropriate curation, interpretation, and application of the products of the bioengineering process. Deep learning in combination with genomic editing can support the optimization and proper application of bioscience. However, the increased reliance on automation also present opportunities for illicit actors to produce pathogenic materials without the requirement for legacy bioagent feedstocks. The decentralization and miniaturization of biotechnologies allows for increased availability and portability, and the use of nanotechnologies and drones has provided new opportunities to disseminate bioproducts to customers. However, these all have their inherent dual-use risks, and realization and consideration of these risks is critical to properly developing the bioeconomy. The main barrier to illicit use does not lie in the provision of technological capability, but in the availability of knowledge. Understanding how biointelligence, or the knowledge of how biological systems interact with their environment and things introduced into the system, not only provides the ability to better treat those with disease and maladies, but also provides the opportunity for the improper use of biotechnology by bad actors on specific populations. As technology continues to evolve and be deployed, scientists and engineers must continue to consider the potential dual-use and biointelligence risks and promulgate measures to address these risks, as the technology moves too fast for comprehensive governmental or international regulation. The increase in foreign investment in biological datasets in the United States and elsewhere is also providing the ability of foreign governments to increase biointelligence availability. This must also be studied in relation to the desire for openness and sharing of information that is important to the advancement of science.
How are governments and regulatory authorities dealing with some of these risks? One process is through increased engagement with scientists, academics, industry, and even the biohacker community. Agencies like the FBI do this through their contacts built by specialized personnel within their regional field office areas of operation. There are existing regulatory measures in place for biothreats, but they almost always concentrate on the legacy biological agents, not necessarily emerging threat technologies and processes. The “bioeconomy” is the set of domains that include the multitude of technologies and commercial interests that affect biology, medicine, genomics, and associated information. Often, threats against the bioeconomy involve the availability or theft of information in cyberspace which might later be used for illicit purposes. Denial of service attacks against infrastructure could easily evolve into interfering with biotechnology procedures, commerce, or energy production processes. The advent of tools like CRISPR for genome editing are only as good as the data that can be analyzed before and after the process, and the desire to acquire more data for such techniques is driving much of the current bioeconomic trend. Coupled with the increasing desire for personalized medicine and health diagnostics to improve quality of life, this trend toward more big data also leads to increased informational vulnerabilities. Data risks are no longer limited to hacks of personal information such as dates of birth and social security numbers – the investments in collection of genetic information are growing (though both medical and consumer genetic testing enterprises) and partnerships between various medical and commercial interests in aggregating data that is becoming ever-more vulnerable to illicit or undesirable use. Realizing these risks as we develop our future digital processes and collaborations will be key to building in mitigating measures and securing our future data from improper use. There are no longer stovepipes of technology and science – it is all becoming interconnected by data and we must recognize how these interactions provide new pathways to knowledge and understanding as well as their inherent challenges.
The digitization of biological and medical science is providing exciting and promising new pathways for improving health and daily life for mankind and our environment. The possibilities for new treatments, better fitness, and less prevalence of genetic diseases are numerous. However, these technologies and the information associated with emerging techniques carry certain risks and vulnerabilities. It is through understanding these risks and continuing to develop mitigation strategies for them, especially during the technology conceptualization and development phases, that we can continue to build promising new tools to improve life with confidence while addressing how they should be properly used.