Question
Direct-to-consumer DNA testing services have experienced a surge in popularity over the past few years. Digitizing DNA carries the benefits of uncovering ancestry
information and can have significant positive impact on science and medical research. It can, for instance, assist in finding a cure for a fatal disease.
Cyberbiosecurity
According to Peccoud Lab, which specializes in synthetic biology informatics at Colorado State University, Cyberbiosecurity is a specialty that deals with understanding
and mitigating new biological security risks emerging at the interface between biosecurity and cybersecurity. The digitization of DNA involves its storage in a database.
The solving of a criminal cold case through matching a consumer DNA database with a police database is another example of how digitized DNA can be used.
The Risks
The addition of digitized DNA provides hackers with another target to exploit and opens up a new and challenging frontier for cybersecurity professionals. There are
significant implications involved in digitizing DNA.
"The cyber-physical nature of biotechnology raises unprecedented security concerns," coauthors Jean Peccoud, Jenna E. Gallegos, Randall Murch, Wallace G. Buchholz,
and Sanjay Raman explain in their research paper titled, Cyberbiosecurity: From Naive Trust to Risk Awareness. "Computers can be compromised by encoding malware in
DNA sequences, and biological threats can be synthesized using publicly available data."
Potential security risks include:
Digital representations of genes could be used to make biologic weapons.
Because vulnerabilities exist in computers, hackers could compromise a device, with the intent to stall the production of critical drugs, for example. This could be
accomplished by using a methodology similar to that which was used with Stuxnet.
The Centers for Disease Control (CDC) have already successfully used published DNA sequences as a prototype to reconstruct the virus responsible for the Spanish
flu, which was one of the deadliest pandemics ever.
Scientists in Israel have shown that it is possible to fabricate DNA evidence. These scientists “fabricated blood and saliva samples containing DNA from a person
other than the donor of the blood and saliva. They also showed that if they had access to a DNA profile in a database, they could construct a sample of DNA to
match that profile without obtaining any tissue from that person.”
Giovanni Vigna, professor of computer science at University of California Santa Barbara and co-founder of Lastline, has suggested that hackers might start selling
DNA data back for ransom.
Hackers could also threaten to “revoke access or post the sensitive information online if not given money; one Indiana hospital paid $55,000 to hackers for this very
reason.”
There are other reasons why genetic data could be lucrative. “This data could be sold on the down-low or monetized to insurance companies,” Vigna cautions. “You
can imagine the consequences: One day, I might apply for a long-term loan and get rejected because deep in the corporate system, there is data that I am very likely
to get Alzheimer’s and die before I would repay the loan.”
Stolen DNA could be planted in order to incriminate someone. It could be used to receive or deny medical treatment.
It could be used to mask a genetic condition, in the same way people will purchase clean urine so they can pass a drug test.
Security researchers were able to infect a computer with malware embedded in a strand of human DNA.
Peccoud and Gallegos write that, "With the help of computers, editing and writing DNA sequences are almost as easy as manipulating text documents. And it can be done
with malicious intent." Rashmi Knowles, EMEA Field CTO at RSA Security has commented that, “many people don’t think about this when applying for such services.
No matter how secure the organization, no one is completely risk-free, and if breached, genetic data could be sold on hackers without your consent, or the characteristic
data it contains could be used to hijack your online accounts.”
DNA Testing Kits
According to The Verge:
“MyHeritage doesn’t offer health or medical tests, but many companies, like 23andMe and Helix, do. And there are plenty of players interested in DNA: researchers want
genetic data for scientific studies, insurance companies want genetic data to help them calculate the cost of health and life insurance, and police want genetic data to help
them track down criminals, like in the recent Golden State Killer case. Already, we lack robust protections when it comes to genetic privacy, and so a genetic data breach
could be a nightmare. “If there is data that exists, there is a way for it to be exploited,” says Natalie Ram, a professor of law focusing on bioethics issues at the University
of Baltimore.
Genetic testing sites are treasure troves of sensitive information. Some sites offer users the option to download a copy of their full genetic code while others don’t. But the
full genetic code isn’t the most valuable information anyway. As Ram points out, we can’t just read genetic code like a book to gain insights. Instead, it’s the easy-to-
access account pages with health interpretations that are most useful for hackers.”
Risky across the board
Then too, there is forensic use of genetic databases, such as the FBI's DNA Index System (CODIS) and the public genealogy database GEDmatch, both of which were
described by Science Magazine as “nothing less than “haphazard and underregulated.”
Researchers at the Center for the Study of Weapons of Mass Destruction at the National Defense University point out that both researchers and bio-industrial companies
store and use genomic data on computers, local area networks and/or cloud services and transfer the data between users over email or other sharing technologies. Hence, it
is “exposed at many touch points throughout their use to the risks and vulnerabilities common to cyberspace such as hacking, data theft, sabotage, and unauthorized
access. In most cases, only minimal encryption or other cybersecurity safeguards are used to secure genomic data at these touch points in the information life cycle.”
The researchers go on to warn that these risks are exacerbated by an overall lack of awareness among scientists and researchers, in addition to the need for effective
measures for protecting genomic data in the first place. They also argue that the securing of genomic data should not be viewed merely as a subset of cybersecurity,
because safeguarding of genomic data necessitates an understanding of how bio-scientists use and could potentially misuse such information.
What is this article about? (brief summary)
Answer the question in each square... be sure to include examples from the article as evidence to your claim.
What is being digitized? How is the information represented digitally?
What is the goal or purpose of digitizing this thing?
What are the benefits and harms of digitizing this content?
(Is someone benefitting or being harmed in this situation? If so who?)
Is our world better or worse because of digital representation?
Are these impacts intended or unintended? How do you know?
Answer the questions in 7th grade sentences
information and can have significant positive impact on science and medical research. It can, for instance, assist in finding a cure for a fatal disease.
Cyberbiosecurity
According to Peccoud Lab, which specializes in synthetic biology informatics at Colorado State University, Cyberbiosecurity is a specialty that deals with understanding
and mitigating new biological security risks emerging at the interface between biosecurity and cybersecurity. The digitization of DNA involves its storage in a database.
The solving of a criminal cold case through matching a consumer DNA database with a police database is another example of how digitized DNA can be used.
The Risks
The addition of digitized DNA provides hackers with another target to exploit and opens up a new and challenging frontier for cybersecurity professionals. There are
significant implications involved in digitizing DNA.
"The cyber-physical nature of biotechnology raises unprecedented security concerns," coauthors Jean Peccoud, Jenna E. Gallegos, Randall Murch, Wallace G. Buchholz,
and Sanjay Raman explain in their research paper titled, Cyberbiosecurity: From Naive Trust to Risk Awareness. "Computers can be compromised by encoding malware in
DNA sequences, and biological threats can be synthesized using publicly available data."
Potential security risks include:
Digital representations of genes could be used to make biologic weapons.
Because vulnerabilities exist in computers, hackers could compromise a device, with the intent to stall the production of critical drugs, for example. This could be
accomplished by using a methodology similar to that which was used with Stuxnet.
The Centers for Disease Control (CDC) have already successfully used published DNA sequences as a prototype to reconstruct the virus responsible for the Spanish
flu, which was one of the deadliest pandemics ever.
Scientists in Israel have shown that it is possible to fabricate DNA evidence. These scientists “fabricated blood and saliva samples containing DNA from a person
other than the donor of the blood and saliva. They also showed that if they had access to a DNA profile in a database, they could construct a sample of DNA to
match that profile without obtaining any tissue from that person.”
Giovanni Vigna, professor of computer science at University of California Santa Barbara and co-founder of Lastline, has suggested that hackers might start selling
DNA data back for ransom.
Hackers could also threaten to “revoke access or post the sensitive information online if not given money; one Indiana hospital paid $55,000 to hackers for this very
reason.”
There are other reasons why genetic data could be lucrative. “This data could be sold on the down-low or monetized to insurance companies,” Vigna cautions. “You
can imagine the consequences: One day, I might apply for a long-term loan and get rejected because deep in the corporate system, there is data that I am very likely
to get Alzheimer’s and die before I would repay the loan.”
Stolen DNA could be planted in order to incriminate someone. It could be used to receive or deny medical treatment.
It could be used to mask a genetic condition, in the same way people will purchase clean urine so they can pass a drug test.
Security researchers were able to infect a computer with malware embedded in a strand of human DNA.
Peccoud and Gallegos write that, "With the help of computers, editing and writing DNA sequences are almost as easy as manipulating text documents. And it can be done
with malicious intent." Rashmi Knowles, EMEA Field CTO at RSA Security has commented that, “many people don’t think about this when applying for such services.
No matter how secure the organization, no one is completely risk-free, and if breached, genetic data could be sold on hackers without your consent, or the characteristic
data it contains could be used to hijack your online accounts.”
DNA Testing Kits
According to The Verge:
“MyHeritage doesn’t offer health or medical tests, but many companies, like 23andMe and Helix, do. And there are plenty of players interested in DNA: researchers want
genetic data for scientific studies, insurance companies want genetic data to help them calculate the cost of health and life insurance, and police want genetic data to help
them track down criminals, like in the recent Golden State Killer case. Already, we lack robust protections when it comes to genetic privacy, and so a genetic data breach
could be a nightmare. “If there is data that exists, there is a way for it to be exploited,” says Natalie Ram, a professor of law focusing on bioethics issues at the University
of Baltimore.
Genetic testing sites are treasure troves of sensitive information. Some sites offer users the option to download a copy of their full genetic code while others don’t. But the
full genetic code isn’t the most valuable information anyway. As Ram points out, we can’t just read genetic code like a book to gain insights. Instead, it’s the easy-to-
access account pages with health interpretations that are most useful for hackers.”
Risky across the board
Then too, there is forensic use of genetic databases, such as the FBI's DNA Index System (CODIS) and the public genealogy database GEDmatch, both of which were
described by Science Magazine as “nothing less than “haphazard and underregulated.”
Researchers at the Center for the Study of Weapons of Mass Destruction at the National Defense University point out that both researchers and bio-industrial companies
store and use genomic data on computers, local area networks and/or cloud services and transfer the data between users over email or other sharing technologies. Hence, it
is “exposed at many touch points throughout their use to the risks and vulnerabilities common to cyberspace such as hacking, data theft, sabotage, and unauthorized
access. In most cases, only minimal encryption or other cybersecurity safeguards are used to secure genomic data at these touch points in the information life cycle.”
The researchers go on to warn that these risks are exacerbated by an overall lack of awareness among scientists and researchers, in addition to the need for effective
measures for protecting genomic data in the first place. They also argue that the securing of genomic data should not be viewed merely as a subset of cybersecurity,
because safeguarding of genomic data necessitates an understanding of how bio-scientists use and could potentially misuse such information.
What is this article about? (brief summary)
Answer the question in each square... be sure to include examples from the article as evidence to your claim.
What is being digitized? How is the information represented digitally?
What is the goal or purpose of digitizing this thing?
What are the benefits and harms of digitizing this content?
(Is someone benefitting or being harmed in this situation? If so who?)
Is our world better or worse because of digital representation?
Are these impacts intended or unintended? How do you know?
Answer the questions in 7th grade sentences
Answers
GPT-4o mini
**What is this article about? (brief summary)**
The article discusses the rise in popularity of direct-to-consumer DNA testing services and the security risks that come with digitizing DNA information. It explores how digitized DNA can be useful for ancestry research and medical science, but also highlights the dangers like hacking and misuse of genetic data.
**What is being digitized? How is the information represented digitally?**
DNA information is being digitized. This means that sequences of genes are stored as digital data in databases, which can be analyzed and compared through computers.
**What is the goal or purpose of digitizing this thing?**
The goal of digitizing DNA is to uncover ancestry information and assist in scientific and medical research. For example, it can help in finding cures for diseases and solving criminal cases by matching DNA databases.
**What are the benefits and harms of digitizing this content?**
The benefits of digitizing DNA include discovering important genetic information and helping solve crimes, like the Golden State Killer case. However, there are harms, such as the risk of hackers stealing this sensitive data and using it for blackmail or creating biologic weapons.
**Is someone benefitting or being harmed in this situation? If so who?**
While researchers and police can benefit from the information to solve cases and find treatments for diseases, individuals could be harmed if their DNA data is stolen or misused. For instance, genetic data sold to insurance companies could lead to unfair treatment.
**Is our world better or worse because of digital representation?**
Our world has both benefits and drawbacks because of digital representation of DNA. It is better in terms of advancements in science and solving crimes, but worse due to the growing cybersecurity threats that could lead to identity theft or misuse of personal information.
**Are these impacts intended or unintended? How do you know?**
Some impacts are intended, like using DNA for medical breakthroughs, but others are unintended, such as hackers exploiting stolen DNA data. The article points out that many people do not think about the risks when they share their genetic information, suggesting that the dangers are not fully understood or anticipated.
The article discusses the rise in popularity of direct-to-consumer DNA testing services and the security risks that come with digitizing DNA information. It explores how digitized DNA can be useful for ancestry research and medical science, but also highlights the dangers like hacking and misuse of genetic data.
**What is being digitized? How is the information represented digitally?**
DNA information is being digitized. This means that sequences of genes are stored as digital data in databases, which can be analyzed and compared through computers.
**What is the goal or purpose of digitizing this thing?**
The goal of digitizing DNA is to uncover ancestry information and assist in scientific and medical research. For example, it can help in finding cures for diseases and solving criminal cases by matching DNA databases.
**What are the benefits and harms of digitizing this content?**
The benefits of digitizing DNA include discovering important genetic information and helping solve crimes, like the Golden State Killer case. However, there are harms, such as the risk of hackers stealing this sensitive data and using it for blackmail or creating biologic weapons.
**Is someone benefitting or being harmed in this situation? If so who?**
While researchers and police can benefit from the information to solve cases and find treatments for diseases, individuals could be harmed if their DNA data is stolen or misused. For instance, genetic data sold to insurance companies could lead to unfair treatment.
**Is our world better or worse because of digital representation?**
Our world has both benefits and drawbacks because of digital representation of DNA. It is better in terms of advancements in science and solving crimes, but worse due to the growing cybersecurity threats that could lead to identity theft or misuse of personal information.
**Are these impacts intended or unintended? How do you know?**
Some impacts are intended, like using DNA for medical breakthroughs, but others are unintended, such as hackers exploiting stolen DNA data. The article points out that many people do not think about the risks when they share their genetic information, suggesting that the dangers are not fully understood or anticipated.