Sandia Helps Safeguard Biological Data Threatened during COVID-19 Pandemic

The risk associated with using dated security measures for a modern, automated process is rising in light of current events

Sandia and BioBright are working to develop better security of automated facilities in the bioeconomy.
Sandia and BioBright

LIVERMORE, CA, and BOSTON, MA — October 6, 2020: A partnership between Sandia National Laboratories and the Boston firm BioBright LLC to improve the security of synthetic biology equipment has become more relevant after the United States and others issued warnings that hackers were using the COVID-19 pandemic to increase their activities.

“In the past decade, genomics and synthetic biology have grown from principally academic pursuits to a major industry,” said computational biology manager Corey Hudson. “This shift paves the way toward rapid production of small molecules on demand, precision health care, and advanced materials.”

Sandia and BioBright are working to develop better security for this new commercial field. Right now, large amounts of sensitive data about patients’ health and pharmaceutical information are being handled with security models developed two decades ago for academic needs and not industrial risks, Hudson said.

Many of the facilities responsible for ushering in this growth in synthetic biology scaled up from these academic models. This has meant that the digital environment responsible for automating these facilities has not grown with the same sophistication. According to Hudson, the situation potentially leaves open the risk of data theft or targeted attack by hackers to interrupt production of vaccines and therapeutics or the manufacture of controlled, pathogenic, or toxic materials.

Charles Fracchia, BioBright CEO, said: “Modern synthetic biology and pharmaceutical workflows rely on digital tools. Instruments and software that were designed before security was such an important consideration.”

The risk associated with using dated security measures for a modern, automated process is rising in light of current events. On May 5, the Department of Homeland Security and the Cybersecurity, Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre issued a joint alert warning that malicious hackers were exploiting the COVID-19 pandemic as part of their attacks.

Earlier work by Hudson and his team focused on identifying, reporting, and mitigating vulnerabilities in genomics and genomic operations within synthetic biology.

“You have a genetic sequencer that is producing terabytes of data,” Hudson said. “Those data are being transferred, through a series of software, until you identify the genetic variants. The clinical decisions are made from those results.”

Hudson and his team are collaborating with Fracchia’s team at BioBright, a company that provides secure data collection and analysis to biotech and pharmaceutical companies. They are working to help better secure synthetic biology operations and genomic data across industry, government and academia, protecting America’s bioeconomy and digital infrastructure. Using Emulytics, a research initiative developed at Sandia for evaluating realistic threats against critical systems, the teams are developing countermeasures to the risks. 

“We can examine the data and see how to make the entire system safer and more secure,” Hudson said.

The initial work done by Hudson his team was funded through Sandia’s Laboratory Directed Research and Development program. The collaboration with BioBright is funded by the Defense Advanced Research Projects Agency through the Safe Genes project.