Safeguarding biological data

By Michael Ellis Langley

Thursday, October 22, 2020

Sandia partners to improve equipment security threatened during pandemic

data network illustration
BLOCKING BIOHACKERS — This illustration depicts a cyber adversary attempting to access computer systems and equipment that contain genetic data. A collaboration between Sandia and BioBright LLC is yielding a security protocol to secure that data. (Image courtesy of BioBright LLC)

A partnership between Sandia and the Boston firm BioBright LLC to improve the security of synthetic biology equipment has become more relevant after the United States and others issued warnings that hackers were using the COVID-19 pandemic to increase their activities.

“In the past decade, genomics and synthetic biology have grown from principally academic pursuits to a major industry,” said Sandia computational biology manager Corey Hudson. “This shift paves the way toward rapid production of small molecules on demand, precision healthcare and advanced materials.”

Sandia and BioBright are working to develop better security for this new commercial field. Right now, large amounts of sensitive data about patients’ health and pharmaceutical information are being handled with security models developed two decades ago for academic needs and not industrial risks, Corey said.

Many of the facilities responsible for ushering in this growth in synthetic biology scaled up from these academic models. This has meant that the digital environment responsible for automating these facilities has not grown with the same sophistication. According to Corey, the situation potentially leaves open the risk of data theft or targeted attack by hackers to interrupt production of vaccines and therapeutics or the manufacture of controlled, pathogenic or toxic materials.

“Modern synthetic biology and pharmaceutical workflows rely on digital tools — instruments and software that were designed before security was such an important consideration,” said BioBright CEO Charles Fracchia.

The risk associated with using dated security measures for a modern, automated process is rising in light of current events. On May 5, the U.S. Department of Homeland Security, U.S. Cybersecurity & Infrastructure Security Agency and U.K. National Cyber Security Centre issued a joint alert warning that malicious hackers were exploiting the COVID-19 pandemic as part of their attacks.

Sifting through terabytes

Earlier work by Corey and his team focused on identifying, reporting and mitigating vulnerabilities in genomics and genomic operations within synthetic biology.

“You have a genetic sequencer that is producing terabytes of data,” Corey said. “Those data are being transferred, through a series of software, until you identify the genetic variants. The clinical decisions are made from those results.”

Corey and his team are collaborating with Fracchia’s team at BioBright, a company that provides secure data collection and analysis to biotech and pharmaceutical companies. They are working to help better secure synthetic biology operations and genomic data across industry, government and academia, protecting America’s bioeconomy and digital infrastructure. Using Emulytics, a research initiative developed at Sandia for evaluating realistic threats against critical systems, the teams are developing countermeasures to the risks.

“We can examine the data and see how to make the entire system safer and more secure,” Corey said.

The initial work done by Corey and his team was funded through Sandia’s Laboratory Directed Research and Development program. The collaboration with BioBright is funded by the Defense Advanced Research Projects Agency through the Safe Genes project.