Summary

• Hacking biological data (ex: medical health data, food production data, water supply data, and scientific data) has more economic/health/security costs than most commercial data. 
• Hacks on expensive/critical biotech equipment are also being developed. These could be weaponised. 
• Biosafety/biosecurity researchers, industry employees, and industry leaders are not aware of the latest cybersecurity risks/solutions. The healthcare and agrifood industries especially are critically important and underprepared.

Context: this is a summary of an interview on the intersection of cybersecurity and biosecurity (full recording here). I invited Dr. Kathryn Millet to speak about it. She is the founder of a biosecurity consultancy called Biosecure and the creator of the course, Next Generation Biosecurity: Responding to Biorisks in the 21st Century. 

Raw Notes:

• Every technology we develop has 'dual use risks.' Ie. Both potential benefits and potential risks. 
• Traditional biorisk management is about locking up pathogens and toxins away from people. So that authorised workers aren't harmed and unauthorised releases don't happen.
• Biological weapons don't just present a cost to the healthcare industry. They can also threaten food security, national security, political stability, and economic stability. 
• Biotechnology is becoming faster, cheaper, easier, and smaller to use. This is making it easier for individuals to create benefits/risks. Whereas traditionally, it would take enormous government efforts to enable this. 
• There is increasing automation and digitisation in biotech equipment and data. This makes the equipment/data vulnerable to cybersecurity threats as well as biosecurity threats. 
• Why is cybersecurity + biosecurity a neglected intersectional problem? 
  • Hacks on biotech equipment/data have larger costs than average commercial equipment/data. 
  • But leadership/employees in agrifood/healthcare industries are less aware of cutting-edge cybersecurity. 
  • At the same time, cybersecurity is generally neglected as a 'positive externality' (everyone would be better off if all companies invested in cybersecurity, but individual companies have an incentive to save costs by neglecting cybersecurity).
• Older, larger companies using biotechnology often have older (legacy) software and equipment that's less secure. Newer, smaller companies using biotechnology are often more concerned with getting production running quickly to get revenue than cybersecurity protocols. 
• There are shared solutions for improving both preparedness for naturally ocurring pandemics and security against biological weapons. So there is some opportunity for people to collaborate, regardless of which cause they estimate to be more risky.
• Right now, there's a lot of disagreement on what cyberbiosecurity means. Researchers aren't collaborating much on it and industry-academia collaborations are near non-existent. It's the beginning of the field. 
• Kathryn doesn't believe in adding restrictive regulations to scientists working with dangerous biological materials/data. She believes much more in educating these scientists to make individual decisions about (cyber)biosecurity. Also, increasing transparency/open source monitoring of these scientists' work.

Useful Links:

• Dr. Kathryn Millet's course. 
• A summary of her course that I wrote.