Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Bio-crimeandCOVID-19MariamElgabryDAWESCentreforFutureCrime,UCLJillDandoInstitute
TheproblemBio-crimeistheexploitationofbiologicaltools,data,devicesandsystemsforcriminalpurposes.Decreasingcostsandincreasingaccessibilityofbiotechnologyandbiologicaldatamakethiseasier.Intheearly2000’sDNAsequencingcost$100millionandrequiredhighlyspecialisedinstitutionsandexpertise.Today,thiscostsjustunder$200andcanbeboughtonline.ThepandemiccausedbyCOVID-19wasnotthefirstandunfortunatelywillnotbethelast.TheglobalharmcausedthroughCOVID-19providesextortionandterroristopportunitiesforthoseabletosynthesiseandreleasenewpotentiallycatastrophicvirusesorclaimtheycandoso.
Whatweknowaboutbio-crimeandhowweknowitOurcurrentknowledgeofbio-crimeislimitedtohistoricalevidenceofbio-warfareandpastbiosecurityregulationsuchastheBiologicalWeaponsConventionof1972.Werecentlyconductedasystematicreviewtoextractallpeer-reviewedstudiesintheacademicliteraturethatdiscussedformsofemergingbio-crimewithaviewtoinformingtheirprevention.Thereviewshowedeightpotentialcrimeharveststhatwereenabledbybiotechnologyincluding,cyber-bio-crime,bio-hackingandillegalgeneediting.Twentypercentofthearticlesdescribedattackmechanismsthatinvolvedvirusengineeringformalignuse.
WhatwethinkmighthappenintheCOVID-19pandemicThecurrentestimatefortheglobaleconomicimpactofCOVID-19is$9trillion.Initialfindingsfromoursurveyresearchhaveindicatedthatthepandemicandthecontroversiesofitsoriginmayintroduceanappealing“businessmodel”fornefariousactors,lookingtocauseharmataglobalscale.ThisaccordswithInterpol’slatestpublicationdiscussingthepandemicasanopportunityforoffenderstoincreaseordiversifytheiractivities.Healthdataareincreasinglyvaluableandarepoorlysecured.DuringtheCOVID-19pandemic,forexample,opportunistichackershavetakenadvantageoftheBrnoUniversityHospital(andCOVID-19testingcentre)intheCzechRepublicbyinterceptingkeyclinicaldatabasesandcausingsuspensionofscheduledoperations.OtherhackershavetriedphishingscamsintheUSusingthenamesoftheWorldHealthOrganisationandtheUSCentresforDiseaseControlandPrevention.Weexpectthesekindsofattacktoincrease.Wealsoexpectattackstoextendtowardsformsofcyber-bio-crime,whereintegratedbiotechnologyisexploitedthroughthecombinedmeansofcomputers/Internetandbiological/biochemicalmaterial.Forexample,computer-controlledbiologicalinstrumentsmaybeinterceptedtosubvertbio-manufacturingorbio-processingsystems.TheUK’sattempttooutsourceCOVID-19testingkitsfromEurofins(Luxemburg),whichwerefoundtobecontaminatedwiththeCOVID-19virus,demonstratesthepotentialimpactofcyber-bio-crimeonhealth.AnincreaseinbiohackingandDIYbioprojectsduringthepandemiccanbeexpected.TherearereportsofbiohackersdevelopingsolutionsremotelyforDIYcoronavirusdetectionmethodstobecarriedoutathome(ifinfected)oratacommunitylab(ifnotinfected)—usinganonlineprotocol.
SomeideasinresponseItisevidentthatbiosecurityneedstoberedefinedandredesigned.Wepropose:
Aboutthisseries:Thisisbrief14ofaseriesofshort,speculativepapersdevelopedbytheUCLJillDandoInstitutetosupportthepoliceservicesduringthecurrentpandemic.Theraisond’êtreoftheseriesisfullydescribedat:https://www.ucl.ac.uk/jill-dando-institute/research/COVID-19-special-papers
• Cyber-biosecuritypolicyandstandardstostrengthenpreparednesstoactduringapandemic• Experimentalapproachtobiosecuritybyintroducing“ethicalhacking”foridentifyingand
addressingrisksinatimelyfashion• “Vulnerabilitydisclosureforlaboratories”tocomplementtheexperimentalapproachforearly
detectionandmanagementofsecurityvulnerabilitiesThefollowingmeasuresmightbeconsideredbypractitioners:
- Knowledgetransfer:raisingawarenessofbiocrimerisksandeducatingstakeholderssuchastheCounterTerrorismpolicingnetworkisessential.Inaddition,asweexpectbiotechnologytobecomemorewidespreadandwidelyused,frontlinepoliceofficersneedtobeuptodateonwhattoexpectwhenresponding(e.g.itemstypicallyfoundinalabthataresafetouseandwhatitemsareredflags).Thiswouldenableeffectivedetectionofbiocrimethattoday,eithergoesunreportedormisclassifiedbydirectingincidentstospecialistgroups(e.g.Forensics,ActionFraud).
- Reporting:foreffectivebiocrimeprevention,detectionandincidenttrackingisnecessary.Taggingcrimeeventsfromfrontlinepolicingandotherdepartments(e.g.Forensics,ActionFraud)willrequireacombinedeffortofeducatingpractitionersincategorizingincidentscorrectlyandthepublicby(forexample)engagingwiththemediatoincreaseawarenessoftherisks(andexpectedstandards).Atthesametime,implementingchannelsforthesafereportingandrecordingofevents.
- Intelligencegathering:toencouragelinksandactivityincommunitylabs,toengagewithadiversityofgroups(e.g.biohackersandhackers)whileenhancingcommunicationchannelsoffindings(bothpositiveandnegative)andresponsibleresearchandinnovation.
- Supplychaincontrols:tore-assess(andwhereneededtorestructure)currentbiotechnologysupplychainsandapplycontrolsoftestingforimportedandapprovedproductstocheckonproductqualityandsuppliers.Incorporationofsupplychaintrackingandmanagementssystemscouldassist.Introductionoflicensesandregistrationsofpurchasedkitsmayalsoassist.
- Cyberhygiene:needstobeimplemented(e.g.Cyber-essentialsintheUK)tomakesuredataarewellsecured.Toaddresscyber-bio-security,biotechnologysystemsgeneratinghealthdataneedbecomplianttocybersecuritystandards,whichuntiltodayNHStrustsfailtopasscybersecurityassessments,evenaftertheWannaCryransomwareattack.
RelevantresourcesYetisen(2018).Biohacking.Elsevier.DDCMS.(2018).CodeofPracticeforConsumerIoTSecurity.https://www.gov.uk/government/publications/secure-by-designElgabry,M.,Nesbeth,D.,&Johnson,S.D.(2020).Asystematicreviewprotocolforcrimetrendsfacilitatedbysyntheticbiology.SystematicReviews,9(1),22.https://doi.org/10.1186/s13643-020-1284-1Gradon,K.(2020).CrimeInTheTimeOfThePlague:FakeNewsPandemicAndTheChallengesToLaw-EnforcementAndIntelligenceCommunity.SocietyRegister,4(2),133–148.Peccoud,J.,&Murch,R.(2017).Cyberbiosecurity:FromNaiveTrusttoRiskAwarenessCyberbiosecurity:SecuringtheEmergingDomainofBiomanufacturingTrendsinBiotechnology