A new partnership between the nonprofit Bioeconomy Information Sharing and Analysis Center for Cybersecurity (BIO-ISAC) and Johns Hopkins University’s Applied Physics Laboratory (APL), which works on emerging research with US government agencies, highlights the need for more resources to better provision of biomedical, bioindustrial and biomanufacturing organizations.
The Covid-19 pandemic has prompted ordinary people around the world to think about the logistics of vaccine development and production in a tangible and immediate way. But the so-called bioeconomy is quietly embedded everywhere, from the breeding programs used in agriculture to the development of biofuels. And as industry after industry faces an accounting of the state of its cybersecurity defenses, researchers are increasingly realizing that the bioeconomy is vulnerable. During the pandemic, for example, Russia, China and other state actors competed to hack vaccine manufacturers and distributors to gather intelligence in a battle that U.S. officials warned could be disruptive.
“A lot of the bioeconomy is small companies; it is the true lifeblood of American biotech,” says BIO-ISAC co-founder Charles Fracia. “Imagine if Moderna had been hacked four years ago, even with some completely unsophisticated malware, or faced a ransomware attack. Small companies can go bankrupt really easily and then we lose the work they do for the future. I am very grateful that APL understood the mission of BIO-ISAC and joined as a founding member. They want to help.”
Clearinghouses and analytics centers exist for many industries, from financial services to healthcare. And Charles Frick, chief operating officer at APL, says the lab supports ISAC and has collaborated with them for many years. During the administrations of George W. Bush and Barack Obama, Frick says, APL collaborated with the Department of Homeland Security and the National Security Agency to explore the most effective methods for large-scale threat intelligence sharing and security automation. APL participates in a 2018 financial services pilot. for automated screening and processing of machine-readable data for threat intelligence, where a process that took 14 hours was reduced to eight minutes.
All of this matters because digital attacks on critical services and attack trends are growing rapidly. The more information an organization can not only collect, but also share, the greater the chance that others can protect themselves against similar hacks. APL funding for BIO-ISAC will be directed towards regular operations, including research, information sharing and public outreach. And most importantly, it will also support the incident response services that BIO-ISAC is launching so that biotech and biomanufacturing organizations have someone to call if they are dealing with a digital attack or otherwise suspect that something is wrong. Services will be paid as much as you can to make them available to as many organizations as possible. However, depending on demand, BIO-ISAC may not have the capacity to immediately respond to every request. But the group hopes to begin filling an important gap in the services currently available.
“When we start to identify threats, it’s natural for us to say, well, we have an existing set of capabilities and skills that can be applied in this area, and we’ve demonstrated our ability to work with ISAC collaboratively,” says Brian Haberman, program manager of APL, “So this fulfills our mission to support national priorities in a much faster way when you are not going it alone. That’s the biggest bang for your buck.”
