new partnership The need for more resources to better to protect biomedical, bioindustrial and biomanufacturing entities.
The Covid-19 pandemic has caused ordinary people around the world to think about the logistics of vaccine development and production in a tangible and immediate way. But the so-called bioeconomy is everywhere, from agricultural breeding programs to the development of biofuels. As industry after industry faces assessments of the state of its cybersecurity defenses, researchers are increasingly aware that the bioeconomy is vulnerable. For example, during the pandemic, Russia, China and other state actors have scrambled to hack vaccine manufacturers and distributors to gather intelligence, a scramble that U.S. officials have warned could be disruptive.
“A lot of the bioeconomy is small companies; it’s the true lifeblood of American biotechnology,” said BIO-ISAC co-founder Charles Fracchia. “Imagine if Moderna was hacked four years ago, even with some completely unsophisticated malware, or they faced a ransomware attack. Small companies can easily go bankrupt and then we lose what they did for the future work. I am very grateful to APL for understanding the mission of BIO-ISAC and joining as a founding member. They want to help.”
Information sharing and analysis centers exist in many industries, from financial services to healthcare. Charles Frick, principal at APL, said the lab has supported ISAC and collaborated with them for many years. During the George W. Bush and Barack Obama administrations, APL worked with the Department of Homeland Security and the National Security Agency to study the most effective ways to share threat intelligence and automate security at scale, Frick said. APL participated in a 2018 financial services pilot designed to automate the screening and processing of machine-readable threat intelligence data, in which a 14-hour process was reduced to eight minutes.
All of this is important because digital attacks and attacks on critical services are spreading rapidly. The more information an organization can not only collect but share, the better chance others have to protect themselves from similar hacks. Funding provided by APL to BIO-ISAC will be used for routine operations, including research, information sharing and public disclosure. Crucially, it will also support the incident response service that BIO-ISAC is rolling out so that biotech and biomanufacturing organisations can call them when dealing with a digital attack or suspecting a problem. These services will be paid to as many organizations as you can. However, depending on demand, BIO-ISAC may not be able to respond to every request immediately. But the organization wants to start filling a key gap in currently available services.
“When we started to identify threats, it was natural for us to say that we had existing capabilities and skills that could be applied to the field, and we had demonstrated our ability to work with ISAC,” said Brian Haberman, APL Program Area Manager. “So when you’re not acting alone, this enables us to accomplish our mission of supporting national priorities faster. That’s your biggest takeaway.”