Developing an Australian cyberbiosecurity mindset
4 Nov 2021|

How easy is it for a motivated actor to access your DNA, and why should you even care? These questions have long led to a Pandora’s box few are willing to open; Covid-19 has changed that. Even if you’ve never given your DNA away, your third cousins may have compromised your privacy if they’ve decided to trace their genomic origins on Ancestry.com. Now that might be okay for most people today, but it could be a problem if the DNA of Australian special forces personnel were compromised via targeted attacks on third cousin data stored by Ancestry.com or 23andMe. Welcome to the world of cyberbiosecurity.

Security issues arising from the ongoing convergence between the life sciences and the information sciences have become much more topical since the advent of Covid-19. Yet, even prior to the pandemic, the US Bipartisan Commission into Biodefense was investigating the issue. A 2019 hearing of the commission, titled ‘Cyberbio convergence: characterising the multiplicative threat’, raised issues such as the vulnerability of pathogen and biomanufacturing systems, biological risk mitigation, and the vulnerability of intellectual property in the national and global bioeconomy.

These are issues that arise from the moment of cyberbio convergence we are living through. Advances in the life sciences have made biological systems easier to engineer at ever increasing speeds and ever decreasing costs. It is exactly this type of convergent acceleration that enabled 20 years of research into mRNA to be translated into a global Covid-19 vaccine rollout in less than 12 months.

There are massive health and bioeconomic benefits to be derived from this convergent moment. But as with all technological breakthroughs, there will also be risks. The challenge of the post-Covid world is to maximise the upsides of advances in biotechnology while minimising the downsides. That is why a cyberbiosecurity mindset is so important.

The reason that 2020 is so significant from a biotechnology point of view is because it marked the first time in the information age when the relationship between life and its digital mirror became inverted. Up until 2020, we had typically harvested information from the living environment by one or more mechanical means—a satellite, drone, medical protocol or DNA sequencer. This was a one-way process, harvesting information from the living environment and storing it in a digital twin. In 2020 we went backwards: we digitally designed vaccines and pushed them back into the living environment. Now that it’s been done once, it will be done again, and the US government’s recently announced Apollo program funding for biodefence is specifically designed to accelerate these biodesign timelines.

This is why Australia needs a cyberbiosecurity mindset, because we are now living in an age where information moves between living and cyber systems in a two-way flow. That two-way flow brings net benefits. It empowers us to respond to emerging infectious diseases among humans, animals and crops. It empowers an emerging circular economy based on carbon waste reuse. And it empowers the biomanufacturing of advanced materials such as experimental spider silk aviation composites. These are all opportunities where Australia would have a massive comparative advantage if we were to support our bioeconomy to properly pivot and move up the value chain.

Yet, this two-way information flow also brings new risks, and one of those risks is how it can empower new types of grey-zone warfare. Cyberattacks on vaccine manufacturing supply chains, hospitals and digital stores of genomic data are just some of the less exotic cyberbio threats out there. The more exotic ones include engineered pathogens that mimic the symptoms of common diseases, or identifying individuals with autoimmune disorders and provoking fatal immune systems events, known as cytokine storms. These types of grey-zone tactics all fall within what one might call the Havana syndrome playbook. Detection will be difficult, attribution will be difficult, and mitigation will be costly. Technological adaptation and acceleration will be the norm.

I explored the underpinning trends of grey-zone ambiguity and cyberbiosecurity earlier in the year from an academic standpoint. It’s now time for the policy–practitioner interface of defence, security, intelligence and diplomacy to catch up. Australia risks sleepwalking into a world where we are the technology takers of cyberbio systems that are compromised by vulnerabilities we can’t imagine are possible. Policymakers need to fund a deep dive on these issues with technicians and scientists, especially as Australia moves towards funding a host of critical biomanufacturing facilities that will support pandemic preparedness, carbon waste reuse and a next-generation bioeconomy.

While the advance of technology creates benefits that we can all enjoy, it also creates emergent security issues that cannot be known in advance. If we want to enjoy the economic, health and security benefits of a burgeoning bioeconomy, then we need to do the hard work on anticipating and mitigating the risks. Perhaps more importantly, we need to do this work in a world of techno-strategic dynamism that is fuelling an acceleration of technological change and adaptation.