On DNA Signatures, Their Dual-Use Potential for GMO Counterfeiting, and a Cyber-Based Security Solution

Abstract: This study investigates the role and functionality of special nucleotide sequences (“DNA signatures”) to detect the presence of an organism and to distinguish it from all others. After highlighting vulnerabilities of the prevalent DNA signature paradigm for the identification of agricultural genetically modified (GM) organisms it will be argued that these so-called signatures really are no signatures at all - when compared to the notion of traditional (handwritten) signatures and their generalizations in the m… Show more

“…Nonetheless, cyberbiosecurity is still in its infancy. There is still limited expertise to fully characterize and assess the emerging cyberbio risks [ 8 ], and it has been recognized that generic cyber and information security measures are insufficient [ [8] , [9] , [10] , [11] , [12] , [13] , [14] ].…”

“… CP “attackers may cause sensors to report false data or modify algorithms in control systems in ways that can jeopardize product quality, damage manufacturing equipment, and potentially induce occupational hazards.” [ 23 ] CP Regarding “smart labs” of the future: “adjustment of fan speeds in building ventilation systems… can lead to potential exposure of any building occupant to infectious microorganisms or their toxic products, contamination of the facility, or airborne release of pathogens to the surrounding external environment… changes to chemical concentration and/or holding time in liquid effluent decontamination systems which can result in premature discharge of infectious, toxic byproducts or genetically altered microorganisms to the municipal waste stream.” [ 21 ] CP “To obscure the identity and/or functional properties of the final product several biofoundries can be used, each synthesizing seemingly innocuous products representing only a portion of the final product.” [ 5 ] G, U Food, Agriculture, Water “The health and security… of agriculture and food systems is unclear from a cyberbiosecurity perspective. We reason that vulnerable critical links and nodes exist throughout this highly complex global and national ecosystem.” [ 39 ] V “a recent contamination event of an unauthorized GM Bacillus subtilis strain (Paracchini et al, 2017) in Europe could have been - or the same way could be - the consequence of exploiting gaps of prevailing DNA signatures.” “DNA signatures may intentionally be exploited to support the counterfeiting or even weaponization of GM organisms.” [ 14 ] CP,G “The identification and analysis of harmful genetic manipulations to utilize (covertly modified) plants (GMOs and non-GMOs) as an attack vector show that these concerns need to be taken seriously, raising the prospect not only of direct harm, but of the more likely effects in generating public concern, reputational harm of agricultural biotechnology companies, law-suits, and increased import bans of certain plants or their derived products.” [ 40 ] CP,G,U Water security exemplified via harmful algal blooms (HAB): “it is imperative to envision water security from the perspective of a cyber-physical system (CPS).” Attacks on HAB-monitoring systems include “data injection attacks, automated system hijacking attacks, node forgery attacks, and attacks on learning algorithms.” [ 68 ] CP a For the citations within quotations, please see the citing literature for details. …”

“…the Hazard Analysis Control Point system for the Fd + Ag sector or, more generally, The Infrastructure Survey Tool [ 36 ] or NIST guidelines [ 37 ]), it is recognized that fully scoping all the cyberbio risks, not to mention their relative likelihood and impact, is rather challenging [ 8 , 22 , 23 ]. Although some of the cyberbio vulnerabilities share compelling similarities to the early days of the internet [ 38 ], there are critical differences [ [9] , [10] , [11] , [12] , 14 ].…”

“… The problem of identifying what needs to be protected: Many of the novel cyberbio risks and threats ( Table 1 ) have not been fully scoped. They are difficult to characterize, and envisioning the complete risk landscape continues to be a challenge [ 8 , 14 , 23 , 39 , 40 ]. Identifying and hierarchizing the extent, impact and severity of various (including, hypothetical) new vulnerabilities is difficult.…”

“… There is no comprehensive model to effectively capture, assess, and address the motivations, capabilities, and approaches of those who may cause harm (see also Section 4.2 ). How protection is achieved and enforced: Existing solutions from the cyber domain are only geared at specific aspects of biosecurity and cybersecurity but do not address the overlap and the issues arising from this convergence [ 8 , 14 , 40 ]. Due to variations in types of threats, targets and potential impacts, it is not straightforward to determine the applicability and effectiveness of a possible solution.…”

Facing the 2020 pandemic: What does cyberbiosecurity want us to know to safeguard the future?

“…Nonetheless, cyberbiosecurity is still in its infancy. There is still limited expertise to fully characterize and assess the emerging cyberbio risks [ 8 ], and it has been recognized that generic cyber and information security measures are insufficient [ [8] , [9] , [10] , [11] , [12] , [13] , [14] ].…”

“… CP “attackers may cause sensors to report false data or modify algorithms in control systems in ways that can jeopardize product quality, damage manufacturing equipment, and potentially induce occupational hazards.” [ 23 ] CP Regarding “smart labs” of the future: “adjustment of fan speeds in building ventilation systems… can lead to potential exposure of any building occupant to infectious microorganisms or their toxic products, contamination of the facility, or airborne release of pathogens to the surrounding external environment… changes to chemical concentration and/or holding time in liquid effluent decontamination systems which can result in premature discharge of infectious, toxic byproducts or genetically altered microorganisms to the municipal waste stream.” [ 21 ] CP “To obscure the identity and/or functional properties of the final product several biofoundries can be used, each synthesizing seemingly innocuous products representing only a portion of the final product.” [ 5 ] G, U Food, Agriculture, Water “The health and security… of agriculture and food systems is unclear from a cyberbiosecurity perspective. We reason that vulnerable critical links and nodes exist throughout this highly complex global and national ecosystem.” [ 39 ] V “a recent contamination event of an unauthorized GM Bacillus subtilis strain (Paracchini et al, 2017) in Europe could have been - or the same way could be - the consequence of exploiting gaps of prevailing DNA signatures.” “DNA signatures may intentionally be exploited to support the counterfeiting or even weaponization of GM organisms.” [ 14 ] CP,G “The identification and analysis of harmful genetic manipulations to utilize (covertly modified) plants (GMOs and non-GMOs) as an attack vector show that these concerns need to be taken seriously, raising the prospect not only of direct harm, but of the more likely effects in generating public concern, reputational harm of agricultural biotechnology companies, law-suits, and increased import bans of certain plants or their derived products.” [ 40 ] CP,G,U Water security exemplified via harmful algal blooms (HAB): “it is imperative to envision water security from the perspective of a cyber-physical system (CPS).” Attacks on HAB-monitoring systems include “data injection attacks, automated system hijacking attacks, node forgery attacks, and attacks on learning algorithms.” [ 68 ] CP a For the citations within quotations, please see the citing literature for details. …”

“…the Hazard Analysis Control Point system for the Fd + Ag sector or, more generally, The Infrastructure Survey Tool [ 36 ] or NIST guidelines [ 37 ]), it is recognized that fully scoping all the cyberbio risks, not to mention their relative likelihood and impact, is rather challenging [ 8 , 22 , 23 ]. Although some of the cyberbio vulnerabilities share compelling similarities to the early days of the internet [ 38 ], there are critical differences [ [9] , [10] , [11] , [12] , 14 ].…”

“… The problem of identifying what needs to be protected: Many of the novel cyberbio risks and threats ( Table 1 ) have not been fully scoped. They are difficult to characterize, and envisioning the complete risk landscape continues to be a challenge [ 8 , 14 , 23 , 39 , 40 ]. Identifying and hierarchizing the extent, impact and severity of various (including, hypothetical) new vulnerabilities is difficult.…”

“… There is no comprehensive model to effectively capture, assess, and address the motivations, capabilities, and approaches of those who may cause harm (see also Section 4.2 ). How protection is achieved and enforced: Existing solutions from the cyber domain are only geared at specific aspects of biosecurity and cybersecurity but do not address the overlap and the issues arising from this convergence [ 8 , 14 , 40 ]. Due to variations in types of threats, targets and potential impacts, it is not straightforward to determine the applicability and effectiveness of a possible solution.…”

Facing the 2020 pandemic: What does cyberbiosecurity want us to know to safeguard the future?

Omicron

AI for Cyberbiosecurity in Water Systems—A Survey