Jared Sheldon
Thomas Morris
ABSTRACT
Genomic data has very high value and presents its own cybersecurity challenges and concerns due to its characteristics. In order to effectively secure this valuable genomic data, it is important to understand the life cycle that creates the data, the hardware and software used, the users involved, and the challenges and concerns involved in securing genomic data. Building off of previous work done by the National Institute of Standards and Technology on NIST IR 8432, our team undertook a research review to further understand the state of cybersecurity research in the field. Then, we performed a field study by interviewing specialists and touring facilities at the HudsonAlpha Institute for Biotechnology to gain a further understanding of cybersecurity in practice for real-world genomics labs. Based on our research review and field study with HudsonAlpha, a high-level theoretical biocybersecurity test lab for genomics was designed that mimics a functional genomics lab to allow for cybersecurity testing of new tools and techniques used to protect genomic data, secure devices, and maintain the integrity of genomic data throughout its life cycle. This research can impact cybersecurity for genomic data by providing a research review, a field study, and a high-level biocybersecurity lab design in one place for future work to build off of. This work constitutes a step in taking the challenges presented by cybersecurity for genomics and creating a cybersecurity test lab that can address them.
- Azenta Life Sciences Blog. 2018. Azenta Life Sciences Blog. Azenta US, Inc. https://www.azenta.com/blog/safe-storage-temperatures-biological-materialsGoogle Scholar
- Monya Baker. 2015. Irreproducible Biology Research Costs Put at $28 Billion Per Year. Nature (2015). https://doi.org/10.1038/nature.2015.17711Google ScholarCross Ref
- CVE1517. 2022. CVE-2022-1517. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2022-1517Google Scholar
- CVE1518. 2022. CVE-2022-1518. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2022-1518Google Scholar
- CVE1519. 2022. CVE-2022-1519. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2022-1519Google Scholar
- CVE1521. 2022. CVE-2022-1521. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2022-1521Google Scholar
- CVE1524. 2022. CVE-2022-1524. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2022-1524Google Scholar
- CVE1966. 2023. CVE-2023-1966. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2023-1966Google Scholar
- CVE1968. 2023. CVE-2023-1968. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2023-1968Google Scholar
- Existing Workflow Systems. 2023. Existing Workflow Systems. Common Workflow Language. https://github.com/common-workflow-language/common-workflow-language/wiki/Existing-Workflow-systemsGoogle Scholar
- Genomic Data Science Fact Sheet. 2022. Genomic Data Science Fact Sheet. National Institutes of Health National Human Genome Research Institute. https://www.genome.gov/about-genomics/fact-sheets/Genomic-Data-ScienceGoogle Scholar
- Genomic Data Sharing Expectations by NIH Institute and Center. 2023. Genomic Data Sharing Expectations by NIH Institute and Center. National Institutes of Health. https://sharing.nih.gov/genomic-data-sharing-policy/about-genomic-data-sharing/gds-policy-expectations-by-nih-institute-and-centerGoogle Scholar
- Ben Langmead and Abhinav Nellore. 2018. Cloud Computing for Genomic Data Analysis and Collaboration. Nature Reviews Genetics 19, 4 (2018), 208--219. https://doi.org/10.1038/nrg.2017.113Google ScholarCross Ref
- National Vulnerability Database. [n.d.]. National Vulnerability Database. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/searchGoogle Scholar
- Peter Ney, Karl Koscher, Lee Organick, Luis Ceze, and Tadayoshi Kohno. 2017. Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More. In Proceedings of the 26th USENIX Conference on Security Symposium (SEC'17). USENIX Association, Vancouver, Canada, 765--779.Google Scholar
- NIH NHGRI Data Sharing Policies and Expectations. 2023. NIH NHGRI Data Sharing Policies and Expectations. National Institutes of Health National Human Genome Research Institute. https://www.genome.gov/about-nhgri/Policies-Guidance/Data-Sharing-Policies-and-ExpectationsGoogle Scholar
- Privacy in Genomics. 2021. Privacy in Genomics. National Institutes of Health National Human Genome Research Institute. https://www.genome.gov/about-genomics/policy-issues/PrivacyGoogle Scholar
- Ronald Pulivarti, Natalia Martin, Fred Byers, Justin Wagner, Justin Zook, Samantha Maragh, Kevin Wilson, Martin Wojtyniak, Brett Kreider, Ann-Marie France, Sallie Edwards, Tommy Morris, Jared Sheldon, Scott Ross, and Phillip Whitlow. 2023. Cybersecurity of Genomic Data. Technical Report NIST Internal Report (IR) 8432. National Institute of Standards and Technology, Gaithersburg, MD. https://doi.org/10.6028/NIST.IR.8432Google Scholar
- Keerthi Rangan. 2022. Why Data Erasure Is Crucial to Protect Sensitive Information. G2. www.g2.com/articles/data-erasureGoogle Scholar
- Garret Schumacher, Sterling Sawaya, Demetrius Nelson, and Aaron Hansen. 2020. Genetic Information Insecurity as State of the Art. Frontiers in Bioengeering and Biotechnology 8 (2020). https://doi.org/10.3389/fbioe.2020.591980Google ScholarCross Ref
- Tomoya Tanjo, Yosuke Kawai, Katsushi Tokunaga, Osamu Ogasawara, and Masao Nagasaki. 2021. Practical Guide for Managing Large-Scale Human Genome Data in Research. Journal of Human Genetics 66 (2021), 39--52. https://doi.org/10.1038/s10038-020-00862-1Google ScholarCross Ref
Index Terms
- Genomics Cybersecurity Concerns, Challenges, and a Modular Test Lab
Recommendations
Cybersecurity vs. Information Security
AbstractProtection of data assets is a hot trend topic that is attracting considerable interest worldwide. There are different concepts revolving security of data including cybersecurity and information security. Cybersecurity and information security ...
Shaking Up the Cybersecurity Landscape
The US government is seeking game-changing ideas from the public to improve the cybersecurity landscape in a program called National Cyber Leap Year. Looking to act quickly with a 15 December deadline, the program's backers want revolutionary ideas to ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Comments