Sophos Cloud Optix
If you were in the security business a dozen years ago, you’ll remember all the speculation around cellphone malware. The iPhone and other smartphones weren’t yet ubiquitous and attacks against such devices were discussed in the context of some distant future.
Today, malware-infected phones and attacks exploiting them are the norm. You could say it’s old news at this point.
With that in mind, security experts are starting to eye another huge leap in technological advancement that isn’t making many headlines today but will in the coming years – mixing biology with technology.
There’s a lot of promise in the work being done around synthetic biology and computing devices. But there’s also potential peril in melding the two. We may be years away from dealing with the security risks of such a thing, but some are convinced it’s only a matter of time before the perils are as real as phone-based attacks are today.
US Army explores putting bacteria into electronics
A good example of what’s to come was outlined in a recent Ars Technica article. Writer Eric Tegler describes an US Army Research Laboratory (ARL) initiative to integrate living organisms – synthetic biology – into living and non-living (abiotic) systems to perform material synthesis, enhance human performance, provide environmental sensing and control autonomous biohybrid devices.
From the article:
Bacteria could be genetically engineered to have both biological tasting or smelling capabilities and to interface with electronics to form an advanced biosensor. Scientists may even one day reach a point where they can engineer microorganisms in functional groups (consortia) that act like symbiotic systems, with different types of bacteria providing complementary functions. The goal would be to develop their coordination and hardiness up to the point where we’re essentially able to 3D print biological structural materials like lumber.
Jacob Becraft, a researcher at the Massachusetts Institute of Technology, sees a lot of promise in this line of advancement. He has written that synthetic biology has the potential to create more improved nucleic acid therapies by adding increased control in the design space. He described the work in greater detail during a discussion with Naked Security recently.
Potential for biowarfare
Also joining the discussion was W. Jackson Schultz, a security consultant at Boston-based OCD Tech, who expressed concern about terrorists eventually twisting these advancements to evil ends.
“The technology itself is advancing rapidly,” Schultz said. “Devices, including Internet of Things [IoT] technology, are increasingly predominant. I imagine biotech is advancing at an equally fast pace, and we have to be thinking about the potential this has for biological warfare.”
Schultz isn’t the first security practitioner to raise such concern.
James Stavridis, a retired four-star US Navy admiral and NATO supreme allied commander who serves today as the dean of the Fletcher School of Law and Diplomacy at Tufts University, wrote an article about it for Morning Call over the summer.
“A main element of the biological revolution will be its impact on security in the broadest sense of the term, as well as on the more specific realm of military activity,” he wrote. “Both of these are part of the work being done by various laboratories around the globe, including here in the United States at Johns Hopkins Applied Physics Lab, where I serve as a senior fellow.”
He said the rise of low-cost synthetic biology technologies, the falling cost of DNA sequencing and the diffusion of knowledge through the internet create the conditions for a breakout biological event not dissimilar to the Spanish influenza of nearly a century ago. Nearly 40% of the global population was infected in that scourge, with a mortality rate of between 10% and 20%.
As biotech continues to advance, including the melding of biology and technology, Stavridis said the most alarming scenario would be that either rogue nations or violent transnational groups gain access to these technologies and use them to create biological weapons of mass destruction.
He outlined three key steps to prepare for the biological/technical revolution:
- Formulate an international approach to limit the proliferation of highly dangerous technologies (much as we try to accomplish with nuclear weapons) and foster cooperation in the case of contagion or a transnational biological threat.
- The American government’s interagency process must become more adept at addressing both the scientific advances and the security challenges emanating from the world of biological research.
- All this will require a powerful level of private-public cooperation. “So much of the technological advances will come in the business ventures of the Route 128 biotech belt around Boston and other advanced centers in the private sector,” he wrote. “Bringing them in concert with government and academic centers like Johns Hopkins will be significant, although this must be done in a way that does not stifle innovation unduly.”
Biotech precautions
Becraft said concerns raised by Schultz and Stavridis are valid and is on the radar of the research community.
“There’s quite a bit of oversight and regulation to ensure safety,” he said. “A lot of countries – Iran, for example – are still not allowed to order certain DNA sequences.”
He does, however, believe that the security concerns are a bit overstated. For now, anyway. “It would be very difficult five, 10, even 20 years from now for rogue factions to do enough advance DNA synthesis research to make a dent,” he said. He said it’s also important to understand that the ability to write computer code over and over again is much easier than it is to write DNA sequences over and over. “The comparison between bio and tech research are not the same,” Becraft said.
But, he admitted: “There is always the potential for bad actors to get their hands on these things.”
How long before that happens? Time will tell.
Is Davros working with the military on this?
Reading this article evoked the TV show “Limitless.” It’s a bit cheesy but fun–though the lead character’s name breaks my fourth wall. 🙁
Limitless had a couple episodes related to bio/abiotic security–albeit in differing directions. One episode featured a prototype, functioning, artificial kidney which was 3D printed for a patient in renal failure.
In another episode prosthetic/robotic arms controlled by the wearers’ thoughts (a quick search suggests this is not *quite* as distant as I’d surmised but still decades out) were hacked via their WiFi uplinks and were therefore controllable by the bad guys.
My favorite episode was chock full of tributes to a prolific 80s movie still worth watching every couple years…but that one had nothing to do with this article. 🙂
As a result of the universal truth that it is easier to create than to destroy, it’s simple to understand that, much like cancer versus a normal, operational cell, weaponized biotech will be easier to implement than beneficial biotech.
On a less exotic note, the lack of security in the “smart appliance”/”smart home” market does not bode well for more personal technology systems, such as brain-computer interfaces, artificial limbs, and bio-integrated electronics in general, which will probably have similar security lapses. Hopefully, ongoing media exposure for less critical items, such as smart lights and home routers without secure administrator passwords, will further encourage integrated security development before that day when a hacker achieves precise control over an important individual’s pacemaker or other potentially-deadly biotech electronics. Or over the biotech electronics of their loved ones. Literal ransomware.