Discussions:

Question: Based on your readings related to the BioCybersecurity section of this course, identify possible ethical considerations and explain your position. 

The articles describe emerging threats at the biology-cybersecurity front. The Forbes article, Hacking Humans: Protecting Our DNA from Cybercrime, discusses the risk of digitizing human DNA as its worth as the most personally identifiable information (PII) out there. Consumer DNA testing gives scientific and health advancements, but the risk of cyberattack and misuse of such personal information is disquieting. The article warns that, unlike traditional identity theft, stolen DNA cannot be reversed and could potentially be used in a way we cannot even imagine. The TechCrunch article, Malicious Code Injected into DNA Compromises the Computer Used to Read it, discloses an even more advanced security risk—embedding malicious code into DNA strands to exploit loopholes in sequencing programs. The proof of concept shows that with the convergence of digital and biological domains comes the creation of new points of vulnerability. Collectively, these articles emphasize the urgent need of robust cybersecurity for genomics. As technology advances, it is paramount that digital DNA remains guarded to prevent irreversible breaches. 

Question: You are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

As a CISO I would look to make sure redundancy and failover mechanics are put in place. With this in mind I would be able to implement systems and networks that would allow continuity. This could be as great as buying more geological sites where we could build data centers to ensure that there is no stoppage due to disaster. With failover systems being able to seamlessly connect to backup systems to keep the flow continuing. With Cyberattacks rising every day it is important to ensure user data security. With all the given cyberattacks we will implement DDoS migration solutions that can absorb malicious traffic before it can reach vital systems. With that being said data integrity is essential. We would have multiple offsite backups that would be tested routinely to ensure that they can be restored quickly. With backups being essential we want to make sure that none of these systems would be breached with that being said we want to implement continuous monitoring to stop all threats at the start of the accident. Lastly we would have various patches to ensure that all security measure are up to date and meet the standard for user security.

Question: How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?

In the light of the limits of predictive knowledge, cyber-policy and infrastructure have to be built for resilience, learnability, and adaptability, in ongoing revision. Not locked-in, futurized architectures, we will need to possess modular designs improving through periodic revisit, feedback, and foresight. We have to emphasize bringing into place infrastructure that is secure against, as well as recovered from, assault, improve across-sector participation, and solidly effective ethical guards for civil freedoms. Scenario planning, public-private partnerships, and institutionalized foresight can navigate uncertainty, while open, participatory government guarantees that policies are responsible and responsive to emerging threats. We also can put in fall safes incase of emergency or risks of exposure.