Cyberbiosecurity: A Critical Frontier in Southeast Asia
Synopsis
In an era where biotechnology is advancing at an unprecedented pace, the intersection of cyber and biosecurity has emerged as a crucial area of concern. This growing field, known as cyberbiosecurity, remains underappreciated and inadequately addressed, particularly in Southeast Asia. To effectively mitigate the risks associated with this intersection, a comprehensive approach is essential—one that encompasses raising awareness, capacity building, and engaging the biotechnology sector.
Commentary
At the recently concluded Annual Biorisk Conference on Strengthening Global Partnerships on Biosafety and Biosecurity, experts from the Asia-Pacific region highlighted a pressing biological risk that warrants immediate attention: cyberbiosecurity. This emerging field addresses the vulnerabilities and risks that arise at the confluence of cybersecurity and biosecurity, a concern that has become increasingly critical with the rapid advancement of biotechnology.
As synthetic biology moves towards digitization and automation, it generates both biosecurity and cybersecurity risks. The World Health Organization (WHO) Laboratory Biosecurity Guidance issued in 2024 underscores the potential cyber threats facing bioscience laboratories and facilities. These threats include unauthorized access to sensitive information, operational disruptions due to cyberattacks, and sabotage of laboratory security systems, among others.
Why Cyberbiosecurity Matters
The digitization of biotechnology has led to the storage and processing of vast amounts of genetic data and research outcomes in digital formats. This shift necessitates robust security measures to protect these assets from cyberattacks. Life science laboratories are increasingly adopting advanced information and operational technologies to enhance their capabilities in preventing, detecting, and responding to catastrophic biosecurity events, including pandemics and biological weapon threats.
In Southeast Asia, several high-containment laboratories are working with biological agents for medical, therapeutic, and research purposes. However, the increasing reliance on computer-based systems and cloud technologies amplifies the risks associated with handling biological materials. Cyberattacks targeting these facilities could compromise the security of sensitive biological agents, especially as the use of Artificial Intelligence (AI) in cloud computing continues to rise, creating new vulnerabilities.
AI-enabled cyber threats pose a growing risk to biosecurity, with potential exploits targeting laboratory machines such as DNA synthesizers. These vulnerabilities could lead to unauthorized access, disruption of biosecurity protocols, or even the introduction of malware.
The Need for Cyberbiosecurity in Southeast Asia
The urgency of enhancing cyberbiosecurity in Southeast Asia cannot be overstated. Countries like Singapore, Thailand, Malaysia, Indonesia, and the Philippines have established national cybersecurity strategies and biosecurity policy frameworks. However, a significant challenge remains: the lack of a cohesive policy framework that directly addresses cyberbiosecurity. Existing regulations often treat cybersecurity and biosecurity in isolation, leading to critical gaps in protection.
Experts in the region have noted that cyberbiosecurity issues are poorly understood within the life science and biotechnology communities. There is a pressing need for increased awareness and understanding of the cybersecurity risks associated with digital lab data and biological samples. Organizations must adopt a proactive mindset and strategy to enhance cybersecurity measures, particularly against identity-related attacks and unauthorized remote access to facilities handling biological materials.
Way Forward for Cyberbiosecurity
The unique intersection of cyberphysical systems and biological systems in bioscience laboratories highlights the critical need for enhanced cyberbiosecurity measures. Collaboration between biosecurity risk management experts and cybersecurity professionals is essential to develop standards, technical guidance, and best practices that integrate cyberbiosecurity with existing biorisk management practices.
National efforts should focus on creating cyber training environments that simulate biosecurity-related processes. Cyberbiosecurity assessments must encompass not only IT and operational technology infrastructure but also regulatory information systems. Raising awareness is crucial, given the current lack of understanding of cybersecurity risks in laboratories.
Regional and national networks of biorisk practitioners play a vital role in strengthening cyberbiosecurity within the biotechnology community. National biosecurity associations in Southeast Asia are beginning to incorporate cyberbiosecurity into their training programs. The Asia-Pacific Biosafety Association has also included cyberbiosecurity workshops in its recent biorisk conference, helping stakeholders understand new threats and measures.
Capacity building is essential for developing a skilled workforce capable of addressing the complexities of cyberbiosecurity. Governments, academic institutions, and industry stakeholders should collaborate to offer specialized training programs, workshops, and certifications. An example of this is the Toxin and Venom Research Laboratory Biosecurity and Cyberbiosecurity Workshop held in May 2023, which brought together researchers from Malaysia, Thailand, and Singapore.
The biotechnology sector’s involvement is crucial for advancing cyberbiosecurity initiatives. As a predominantly private industry, the sector must engage with governments to develop innovative solutions and share resources. Collaborative efforts between public and private sectors can lead to the development of cutting-edge technologies and best practices that enhance cyberbiosecurity across the region.
Conclusion
Cyberbiosecurity must be prioritized within the life science and biotechnology sectors, ensuring that cybersecurity and biosecurity are addressed in an integrated manner. To tackle the complex challenges posed by cyberbiosecurity threats, Southeast Asia must adopt a comprehensive approach that includes raising awareness, capacity building, and engaging the biotechnology sector. The current fragmented approach leaves critical vulnerabilities that could be exploited by malicious actors, underscoring the urgent need for action.
About the Authors
Jeselyn and Julius Cesar Trajano are, respectively, Research Analyst and Research Fellow with the Centre for Non-Traditional Security Studies (NTS Centre) at the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. They recently participated in the Asia-Pacific Biosafety Association’s Annual Biorisk Conference held in the Philippines from 3 to 6 September 2024.