by Jenna E. Gallegos
and Jean Peccoud
Modern advances come with new liabilities.
Biology is becoming increasingly digitized.
Researchers like us use
computers to analyze DNA, operate lab equipment and store genetic
information. But new capabilities also mean new risks - and
biologists remain largely unaware of the potential vulnerabilities
that come with digitizing biotechnology.
The emerging field of cyberbiosecurity explores the whole new
category of risks that come with the increased use of computers in
the life sciences.
University scientists, industry stakeholders and government agents
have begun gathering to discuss these threats.
We've even hosted
FBI agents from the Weapons of Mass Destruction Directorate here at
Colorado State University and previously at Virginia Tech for
crash courses on
synthetic biology and the associated cyberbiosecurity risks.
A year ago, we
participated in a U.S. Department of Defense-funded
project to assess the security of
biotechnology infrastructures. The results are classified, but
we disclose some of the lessons learned in
our new Trends in Biotechnology
Virginia Tech and the
University of Nebraska-Lincoln, we discuss two major kinds of
affecting the physical world
In 2010, a nuclear
plant in Iran experienced mysterious equipment failures.
Months later, a
security firm was called in to troubleshoot an apparently unrelated
problem. They found a malicious computer virus.
The virus, called
Stuxnet, was telling the equipment to vibrate. The malfunction
shut down a third of the plant's equipment, stunting development of
the Iranian nuclear program.
viruses, Stuxnet didn't target only computers. It attacked equipment
controlled by computers. The marriage of
computer science and biology has opened the door for amazing
With the help of computers, we
decoding the human
creating organisms with new capabilities
demonstrated that cybersecurity breaches can cause physical damages.
those damages had biological consequences?
bioterrorists target government laboratories studying
pharmaceutical companies producing lifesaving drugs?
As life scientists
become more reliant on digital workflows, the chances are likely
Messing with DNA
The ease of
accessing genetic information online has democratized science,
enabling amateur scientists in community laboratories to tackle
But the line
between physical DNA sequences and their digital representation is
becoming increasingly blurry. Digital information, including
can now be
stored and transmitted via DNA.
The J. Craig Venter
Institute even created an entire synthetic genome (Design
and Synthesis of a Minimal Bacterial Genome)
watermarked with encoded links and hidden messages.
Twenty years ago,
genetic engineers could only create new DNA molecules by stitching
together natural DNA molecules. Today scientists can use chemical
processes to produce synthetic DNA.
The sequence of
these molecules is often generated using software.
In the same way
that electrical engineers use
software to design computer chips and computer engineers use
software to write
computer programs, genetic engineers use software to design
That means that
access to specific physical samples is no longer necessary to create
new biological samples.
To say that all you
need to create a dangerous human pathogen is internet access would
be an overstatement - but only a slight one. For instance, in 2006,
a journalist used publicly available data to order a fragment of
smallpox DNA in the mail.
The year before,
the Centers for Disease Control (CDC) used published DNA sequences as a
reconstruct the virus responsible
for the Spanish flu, one of
the deadliest pandemics of all time.
With the help of
computers, editing and writing DNA sequences is almost as easy as
manipulating text documents.
And it can be done with malicious
Participants in CSU's
for the FBI got hands-on training in
the techniques of biotechnology.
Anne Manning, CC BY-ND
First - Recognize the
around cyberbiosecurity so far have largely focused on doomsday
The threats are bidirectional.
On the one hand,
computer viruses like Stuxnet could be used to hack into digitally
controlled machinery in biology labs. DNA could even be used to
deliver the attack by encoding
that is unlocked when the DNA sequences are translated into digital
files by a sequencing computer.
On the other hand,
bad actors could use software and digital databases to design or
reconstruct pathogens. If nefarious agents
hacked into sequence databases or digitally designed novel DNA
molecules with the intent to cause harm, the results could be
And not all cyberbiosecurity threats are premeditated or criminal.
errors that occur while translating between a physical DNA molecule
and its digital reference are common. These errors might
not compromise national security, but they could cause costly delays
or product recalls.
risks, it is not unusual for researchers to order samples from a
collaborator or a company and never bother to confirm that the
physical sample they receive matches the digital sequence they were
changes and new technologies could help increase the security of
life science workflows.
For instance, voluntary
are already in place to help DNA synthesis companies screen orders
for known pathogens. Universities could
institute similar mandatory guidelines for any outgoing DNA
There is also
currently no simple, affordable way to confirm DNA samples by whole
genome sequencing. Simplified protocols and user-friendly software
could be developed, so that screening by sequencing becomes routine.
The ability to
manipulate DNA was once the privilege of the select few and very
limited in scope and application. Today, life scientists rely on a
global supply chain and a network of computers that manipulate DNA
in unprecedented ways.
time to start thinking about the security of the digital/DNA
interface is now, not after a new Stuxnet-like cyberbiosecurity