Here we present another current scenario with regard to biosecurity. This time it is a scenario about cyber attacks. While many of us were enjoying a well-deserved Christmas break, network security specialists were working overtime to protect internal networks in many organizations against a cyber attack. A serious vulnerability was discovered in widely used software. During this time, have you considered that this can also have major consequences for biosecurity?

The scenario: cyber attack

In December 2021, a serious vulnerability was found in Apache Log4j. This is software that is widely used in web applications and all kinds of other systems. The National Cyber ​​Security Center (NCSC) of the Ministry of Justice and Security warned of potentially major damage and therefore advised organizations to prepare for a possible attack. Such a vulnerability that can lead to a cyber attack can also have major consequences for biosecurity in your organization. How easily can sensitive information be accessed by hackers during a cyber attack? Can hackers remove or change this information and what are the consequences for your organization?

Risks and mitigation suggestions

When unauthorized persons gain access to an organization's internal network, they can gain access to sensitive information, such as locations where high-risk pathogens are stored or research results on such pathogens. This can not only damage the organization's image, but also make it more vulnerable to possible abuse, such as theft. In addition, deletion or modification of sensitive information can affect information availability and business continuity. After a cyber attack, it is important to know which sensitive information may have been accessible, but it is more important to protect sensitive information adequately, or not to share it at all via the network. Examples of protecting sensitive information are the use of standalone computers for this type of information, or encryption of the information. Your IT department can advise on this.
The National Cyber ​​Security Center also offers advice on how to protect yourself against cyber attacks, for example on Basic cybersecurity measures | National Cyber ​​Security Center (ncsc.nl).

Share your scenario

Would you like to discuss further with the Biosecurity Office about how to deal with this scenario, do not hesitate to contact us. If you encounter a biosecurity scenario that you would like to share with colleagues, let us know! The Biosecurity Office can be reached via [ignore]biosecurity@rivm.nl[/ignore].