Data Security
Contents
Overview
The novel technologies that have been developed in the field of synthetic biology raise the possibility of misuse that can pose a threat to society and the environment. The risks that arise with potential dual-use of these tools needs to be thoroughly considered with mitigation procedures in place before deployment.
Cyberbiosecurity
Encoding Malicious Information in DNA
DNA molecules are inherently an information medium, with nucleotides acting as the basic biological unit for encoding genetic information. Leveraging this ability to use DNA as a new data storage medium also brings with it the potential for DNA being misused. The DNA sequences can be used to encode malicious information such as viruses that can launch computer attacks when sequenced and decoded during data access.
As nuCloud is focused on archival storage which is written but essentially never read, the potential security risks caused by sequencing the DNA for decoding are less relevant. Regardless, it is still essential to consider mitigation measures to prevent such attacks from occurring if the data does need to be accessed.
Along with fundamental measures like security audits and keeping the software up to date, it may also be useful to include a filtering process before the DNA is sequenced to determine if the decoded sequences can be put together to create malicious software1.
Data Access Risks
Data access control is essential to ensure that the data encoded in the DNA does not end up in the wrong hands. Specific data access restrictions like those in place for current tape media storage need to be implemented. Levels of control include physical access restrictions to data centers. In addition, individuals authorized to perform the DNA synthesis and sequencing processes also need to restricted to personnel trained in handling biological molecules and reagents. Software engineers handling the data processing (encoding, decoding etc.) have no necessity to physically handle the synthetic data and so it is important to establish levels of control related to who will directly interact with the stored DNA.
References
-
Liu, T., Zhou, S., Wang, T., Teng, Y. (2024). Cyberbiosecurity: Advancements in DNA-based information security. Biosafety and Health, 6(4), 251–256. [https://doi.org/10.1016/j.bsheal.2024.06.002] (https://doi.org/10.1016/j.bsheal.2024.06.002) ↩