When you think of dual-use, you might associate it with research on high-risk pathogens, but have you ever considered that dual-use research could also take place within the informatics department of a university/research center? Last week, a news article was published highlighting a recently published study that provides a detailed description of how a suppression system in a biological laboratory can be hacked.
The scenario: Hacked system for suppression
A research was conducted within a major American university to explore the possibility of hacking suppression systems in biological laboratories. The team not only disrupted the system in a real laboratory, but the researchers also provided a detailed explanation of how the hack should be executed. While addressing security vulnerabilities in laboratories is crucial, by publishing their paper online, the researchers have made the potentially dangerous outcomes of the study known to anyone with an internet connection. The news article cites this research as an example of a worrisome trend in life sciences: Scientists conduct dual-use research with little oversight and then freely publish their findings.
Risks and action perspective
Dual-use research, which generates knowledge that can serve both beneficial and malicious purposes, comes in various forms, making it challenging to recognize and effectively oversee this type of research. The Dual-Use Quickscan can be used as a tool to aid in this process, which also includes considerations for knowledge and technology. Additionally, it is important to consider how to effectively incorporate dual-use screening into the standard practices of an organization without adding unnecessary burdens to the already extensive administrative procedures for research.
In this scenario, not only is the dual-use aspect central, but it also involves cyberbiosecurity. As cyberbiosecurity becomes increasingly important, it is crucial for the biosafety and ICT departments to collaborate in identifying potential risks. Furthermore, the behavior of employees is a significant factor. Careless behavior can result in sensitive information falling into the wrong hands. Therefore, it is important for employees to be aware that handling sensitive information securely depends on various aspects such as policy, classification, access, and exchange.
Two recommended readings for more information on cyberbiosecurity are "Cyberbiosecurity Implications for the Laboratory of the Future" and "Cyberbiosecurity: A Call for Cooperation in a New Threat Landscape."
Sharing Your Scenario
If you would like to discuss how to handle this scenario with the Biosecurity Office or if you have encountered a biosecurity scenario that you would like to share with colleagues in the field, please feel free to contact us. The Biosecurity Office can be reached at [ignore]biosecurity@rivm.nl[/ignore].