A group of cyber-researchers with Israel's Ben-Gurion University (BGU) in the Negev has discovered an "end-to-end" cyber-biological attack that can trick scientists into unintentionally creating toxins or viruses in their laboratories, according to a paper published in Nature Biotechnology.
The research suggests that, despite the belief that a criminal needs to be in physical contact with a dangerous substance to produce and deliver it, the malware could sneak into a bio-engineer's computer and substitute a short sub-string in the DNA structure there so that a sequence could be unintentionally created, launching the production of a toxin.
"To regulate both intentional and unintentional generation of dangerous substances, most synthetic gene providers screen DNA orders which is currently the most effective line of defense against such attacks," said Rami Puzis, head of the BGU Complex Networks Analysis Lab. "However, outside the state, bioterrorists can buy dangerous DNA, from companies that do not screen the orders. Unfortunately, the screening guidelines have not been adapted to reflect recent developments in synthetic biology and cyberwarfare."
According to researchers, the discovery was made during an experiment with a suggested a "weakness" in guidance from the US Department of Health and Human Services for DNA providers. A purported breach could allow screening protocols to be circumvented using a generic obfuscation procedure, possibly making it harder for screening software to detect the DNA that could produce the toxin.
"Using this technique, our experiments revealed that that 16 out of 50 obfuscated DNA samples were not detected when screened according to the 'best-match' HHS guidelines," Puzis said.
BGU scientists said that synthetic gene engineering workflow automation, along with the potential breaches in cybersecurity, could pave the way for malware to interfere with a laboratory computer to alter DNA strands.
"This attack scenario underscores the need to harden the synthetic DNA supply chain with protections against cyber-biological threats," said Puzis. "To address these threats, we propose an improved screening algorithm that takes into account in vivo gene editing. We hope this paper sets the stage for robust, adversary resilient DNA sequence screening and cybersecurity-hardened synthetic gene production services when biosecurity screening will be enforced by local regulations worldwide".