digest
July 30

Monthly Digest. 2024 / 07

Welcome to the next edition of our Monthly Digest, your one-stop resource for staying informed on the most recent developments, insights, and best practices in the ever-evolving field of security. In this issue, we have curated a diverse collection of articles, news, and research findings tailored to both professionals and casual enthusiasts. Our digest aims to make our content is both engaging and accessible. Happy reading

unpacking with more detail (PDF)

Follow on TG & Boosty

Content keypoints

A.    Inclusive Innovators from smart cities to cyberbiosecurity. Women clean up the forefront of the cyber landscape

In perpetually evolving world of cybersecurity, women have finally stepped up to show everyone how it's done. Historically underrepresented, women are now making their mark, with projections suggesting they'll make up 30 percent of the global cybersecurity workforce by 2025 and 35 percent by 2031. This increase in representation is a key to unlocking innovative solutions and growth in the cybersecurity sector.

Women in cybersecurity bring a treasure trove of expertise, resilience, and innovation to the table, tackling the complex task of securing a digital landscape with a finesse that’s been sorely missing. Their contributions span various domains, from developing secure smart city technologies to bolstering the cybersecurity of critical infrastructure sectors like railways and maritime. They are also pushing for more inclusive and diverse work environments, which, surprise, are crucial for fostering creativity and comprehensive problem-solving

1)       Women in tech and security

·         AI and Generative AI Threats: Theresa Payton, former White House CIO and CEO of Fortalice Solutions, has highlighted the rise of AI-driven threats, including "Frankenfrauds" and deep fake AI personas. These threats involve sophisticated scams using AI to create realistic fake identities and scenarios, posing significant challenges for cybersecurity defenses. Payton emphasizes the need for robust security protocols and collaborative defense strategies to counter these emerging threats.

·         Human-Centric Cybersecurity: Dr. Jessica Barker, co-founder and co-CEO of Cygenta, focuses on the human side of cybersecurity. She advocates for improving cybersecurity awareness, behaviors, and culture within organizations. Barker's work emphasizes the importance of understanding human psychology and sociology in cybersecurity, empowering individuals to recognize and mitigate cyber threats effectively. Her efforts include delivering awareness sessions and keynotes to large audiences, and authoring books on cybersecurity.

·         Cybersecurity Transformation and Organizational Culture: Kirsten Davies, CISO at Unilever, is known for her expertise in cybersecurity transformation and enhancing organizational culture. She has led initiatives to refine security processes and improve ways of working across multiple global companies. Davies' approach involves optimizing security practices to align with business goals and fostering a culture of security within organizations.

·         Disaster Recovery and AI-Generated Threats: Sarah Armstrong-Smith, Chief Security Advisor for Microsoft EMEA, has been instrumental in addressing disaster recovery, data protection, and privacy. She emphasizes the importance of considering information validity in decision-making, particularly in the context of AI-generated threats like deepfakes and mixed reality. Armstrong-Smith also highlights the need for organizations to stay ahead of evolving threats by leveraging AI and machine learning in their cybersecurity strategies.

·         Identity Threats and Influence Security: Theresa Payton also discusses the evolving landscape of identity threats, including the potential for cybercriminals to hack into intelligent buildings and lock them down. She stresses the importance of understanding and mitigating these threats through innovative security measures and influence security strategies.

·         Diversity and Inclusion in Cybersecurity: Lynn Dohm, Executive Director of Women in CyberSecurity (WiCyS), is a strong advocate for diversity and inclusion in the cybersecurity workforce. She highlights the importance of DEI policies in bridging the workforce gap and improving the recruitment, retention, and advancement of women in cybersecurity. Dohm's efforts aim to create a inclusive and effective security industry.

2)       Women shaping the futrue AI

·         Mira Murati: As the Chief Technology Officer at OpenAI, Mira Murati has been instrumental in the development and deployment of groundbreaking AI technologies such as ChatGPT, DALL-E, and Codex. Murati emphasizes the importance of public testing and responsible AI use, advocating for AI regulation to ensure that AI technologies align with human intentions and serve humanity positively. Her leadership has helped OpenAI become a leader in generative AI, pushing the boundaries of what AI can achieve while maintaining a focus on ethical considerations.

·         Linda Yaccarino: Linda Yaccarino, CEO of X (formerly Twitter), is leveraging AI to enhance the platform's capabilities, particularly in the realm of fact-checking and content moderation. She has introduced Community Notes, a crowd-sourced fact-checking feature, which aims to improve the accuracy and trustworthiness of digital content. This initiative highlights the potential of AI to combat misinformation and enhance the credibility of online platforms.

·         Sarah Armstrong-Smith: Sarah Armstrong-Smith, Chief Security Advisor for Microsoft EMEA, focuses on the intersection of AI and cybersecurity. She addresses the challenges posed by AI-generated threats such as deepfakes and emphasizes the importance of disaster recovery, data protection, and privacy. Armstrong-Smith advocates for the integration of AI in cybersecurity strategies to stay ahead of evolving threats, ensuring that AI technologies are used to enhance security and resilience.

·         Keren Elazari: Keren Elazari, a security analyst and researcher, promotes the ethical use of AI and the hacker mindset to drive innovation in cybersecurity. She emphasizes the importance of ethical hacking and bug bounty programs to identify and mitigate AI-related vulnerabilities. Elazari's work in fostering a community of ethical hackers and her advocacy for increased representation of women in cybersecurity are crucial for developing robust AI security measures.

·         Catherine Lian: Catherine Lian, General Manager and Technology Leader at IBM ASEAN, is at the forefront of AI integration in business. She stresses the need for upskilling workers to use AI effectively, ensuring that AI augments rather than replaces human jobs. Lian's efforts in promoting AI education and responsible AI governance are essential for building trust in AI technologies and preparing for future regulatory requirements.

3)       Pharmaceutical/Biotech:

·         Katalin Karikó - Her work on mRNA technology laid the foundation for the development of mRNA vaccines, including the Pfizer-BioNTech and Moderna COVID-19 vaccines.

·         Tu Youyou - Discovered artemisinin, a drug used to treat malaria, for which she was awarded the Nobel Prize in Physiology or Medicine in 2015.

·         Impact: Implementing robust security protocols to protect intellectual property and patient information.

4)       Cyberbiosecurity:

·         Megan Palmer - A pioneer in the field of cyberbiosecurity, she has contributed to developing strategies to secure bioinformatics data and protect biological research from cyber threats.

·         Diane DiEuliis - Her work focuses on securing biomanufacturing processes and ensuring the integrity of biological products against cyber threats.

B.    Burnout and Liability: The Perks of Being a Modern CISO

The «2024 Voice of the CISO» report by Proofpoint paints a vivid picture of the tumultuous landscape that CISOs have navigated recently After all, dealing with a global pandemic, the chaos of remote work, and record levels of employee turnover was just a walk in the park. Now, with hybrid working becoming the norm and cloud technology expanding the attack surface to unprecedented levels, CISOs can finally relax, right? Wrong.

Cyber threats are more targeted, sophisticated, and frequent than ever. Employees are more mobile, often taking sensitive data with them as they hop from job to job. And let’s not forget the generative AI tools that, while promising, have also made it easier for cybercriminals to launch devastating attacks with just a few dollars.

Sure, CISOs are enjoying closer ties with key stakeholders, board members, and regulators. But this newfound proximity only brings higher stakes, more pressure, and heightened expectations. And with flat or reduced budgets, CISOs are expected to do much more with considerably less. In this environment, shortcuts are sometimes necessary, but they can lead to human error—because, of course, everything always goes perfectly when you’re under-resourced and overworked.

To better understand how CISOs are navigating yet another high-pressure year, Proofpoint surveyed 1,600 CISOs worldwide. They asked about their roles, outlooks for the next two years, and how they see their responsibilities evolving. The report explores the delicate balance between concern and confidence as various factors combine to ramp up the pressure on CISOs. It delves into the persistent risks posed by human error, the challenges of burnout and personal liability, and the evolving relationship between CISOs and the boardroom.

1)       Benefits

·         Comprehensive Data: The report surveys 1,600 CISOs from organizations with 1,000+ employees across 16 countries, providing a broad and diverse dataset.

·         Current Trends and Challenges: It highlights key issues such as the persistent vulnerability of human error, the impact of generative AI, and the economic pressures on cybersecurity budgets.

·         Strategic Insights: The report offers actionable insights and recommendations, such as the importance of AI-powered technologies, improving employee cybersecurity awareness, and the need for robust incident response plans.

·         Board-CISO Relations: It underscores the improving relationship between CISOs and board members, which is crucial for aligning cybersecurity strategies with business objectives.

2)       Limitations

·         Overemphasis on AI: The report places significant emphasis on AI as both a threat and a solution. While AI’s role in cybersecurity is undeniable, the focus might overshadow other critical areas that also need attention.

·         Potential Bias in Self-Reported Data: The data is self-reported by CISOs, which can introduce bias. CISOs might overstate their preparedness or the effectiveness of their strategies to present a more favorable view of their performance.

·         Focus on Large Organizations: The survey targets organizations with 1,000 or more employees, which may not accurately reflect the challenges and realities faced by smaller organizations. This focus can limit the applicability of the findings to a broader range of businesses.

·         Economic and Regional Variations: While the report covers multiple countries, the economic and regulatory environments vary significantly across regions. The findings might not be universally applicable, and regional nuances could be underrepresented.

·         Human-Centric Security: Although the report emphasizes human-centric security, it might not fully address the complexities of implementing such strategies effectively. The reliance on user education and awareness can be seen as placing too much responsibility on employees rather than improving systemic defenses

3)       The Cyber Realities for a CISO in 2024

a)       Generative AI:

·         Security Risks: 54% of CISOs believe generative AI poses a security risk to their organization.

·         AI: While AI can aid cybercriminals by making attacks easier to scale and execute, it also provides defenders with real-time insights into threats, which traditional methods cannot match.

·         Top Concerns: ChatGPT and other generative AI models are seen as significant risks, followed by collaboration tools like Slack and Teams (39%) and Microsoft 365 (38%).

b)       Economic Impact:

·         Economic: 59% of CISOs agree that current economic conditions have negatively impacted their organization’s ability to resource cybersecurity budgets.

·         Regional Impact: CISOs in South Korea (79%), Canada (72%), France (68%), and Germany (68%) feel the economic impact most acutely.

·         Budget: Nearly half (48%) of CISOs have been asked to cut staff, delay backfills, or reduce spending.

c)       Priorities and Strategies:

·         Priorities: Improving protection and enabling business innovation remain top priorities for 58% of CISOs.

·         Employee Cybersecurity Awareness: Improving employee cybersecurity awareness has become the second-highest priority, indicating a shift towards human-centric security strategies.

d)       Board Relations:

·         Alignment with Board: 84% of CISOs now see eye to eye with their board members on cybersecurity issues, up from 62% in 2023.

·         Board-Level Expertise: 84% of CISOs believe cybersecurity expertise is required at the board level, reflecting a significant increase from previous years.

e)       Challenges and Pressures:

·         Unrealistic Expectations: 66% of CISOs believe there are excessive expectations on their role, a continued increase from previous years.

·         Burnout: More than half (53%) of CISOs have experienced or witnessed burnout in the past 12 months, although there is a slight improvement with 31% reporting no burnout, up from 15% last year.

·         Personal Liability: 66% of CISOs are concerned about personal, financial, and legal liability, with 72% unwilling to join an organization without directors and officers (D& O) insurance or similar coverage.

C.    Why Secure Medical Images? Hackers Need Jobs Too!

DICOM, which stands for Digital Imaging and Communications in Medicine, is a globally recognized standard for the storage, transfer, and management of medical images and related patient data. It is extensively used in hospitals, clinics, and radiology centers to ensure interoperability among various medical imaging devices, regardless of the manufacturer or proprietary technology involved

1)       Benefits of using DICOM:

·         Interoperability: DICOM enables seamless communication and integration between medical imaging devices and systems from different manufacturers. This allows for efficient sharing and transfer of medical images and related data across healthcare facilities.

·         Standardized format: DICOM defines a standardized file format for storing and transmitting medical images, ensuring consistency and compatibility across different systems and platforms.

·         Comprehensive metadata: DICOM files contain comprehensive metadata, including patient information, study details, image acquisition parameters, and more. This metadata is crucial for accurate interpretation and analysis of medical images.

·         Workflow efficiency: DICOM facilitates efficient workflow management by enabling the storage, retrieval, and display of medical images in a standardized manner, reducing the need for manual intervention and improving productivity.

·         Data integrity: DICOM incorporates mechanisms for ensuring data integrity during transmission and storage, reducing the risk of data corruption or loss.

2)       Drawbacks and limitations of DICOM:

·         Complexity: The DICOM standard is complex, with numerous specifications and extensions, making it challenging to implement and maintain compliance across different systems and vendors.

·         Security concerns: While DICOM provides some security features, such as encryption and access controls, it may not always be implemented or configured properly, potentially exposing sensitive patient data to security risks.

·         Limited support for advanced imaging modalities: DICOM was initially designed for traditional imaging modalities like CT, MRI, and X-rays. It may not fully support the requirements of emerging advanced imaging techniques, such as functional MRI or molecular imaging.

·         Vendor-specific extensions: Some vendors implement proprietary extensions to DICOM, which can lead to interoperability issues and vendor lock-in.

·         De-identification challenges: De-identifying DICOM headers to remove patient identifiers for research or secondary use can be complex and may inadvertently remove or alter important metadata required for accurate interpretation of the images.

3)       Impact on Healthcare

a)       Exposure of Sensitive Data:

·         DICOM attacks can lead to the exposure of sensitive patient information, including personal health records, medical images, and identifiable data such as names, addresses, and Social Security numbers.

·         Unauthorized access to this data can result in significant privacy violations and legal consequences for healthcare providers.

b)       Data Tampering and Misdiagnosis:

·         Attackers can alter medical images and associated data, leading to incorrect diagnoses and inappropriate treatments. For example, adding false signs of illnesses or altering ultrasound images to show non-existent conditions.

c)       Ransomware and Extortion:

·         DICOM servers and PACS systems are prime targets for ransomware attacks, where attackers encrypt medical data and demand ransom payments to restore access.

·         Extortion attacks disrupt medical services, delay treatments, and cause financial losses for healthcare.

d)       Denial-of-Service (DoS) Attacks:

·         Unprotected DICOM servers are vulnerable to DoS attacks, which can disrupt medical services by making critical systems unavailable.

·         Service interruptions can interfere with patient care and delay urgent medical procedures.

e)       Increased Attack Surface:

·         The shift towards cloud storage and internet connected PACS systems has increased the attack surface, making it easier for attackers to exploit vulnerabilities and gain access to sensitive data.

·         Many DICOM servers are inadequately secured, with fewer than 1% using effective security measures.

f)        Regulatory and Financial Repercussions:

·         Data breaches and security incidents can lead to regulatory penalties, legal actions, and significant financial costs for healthcare providers.

·         The reputational damage from such breaches can also erode patient trust and impact the healthcare provider's standing in the industry.

g)       Operational Disruptions:

·         Cyberattacks on DICOM systems can cause operational disruptions, affecting the ability of healthcare providers to deliver timely and effective care.

·         disruptions can have a direct impact on patient outcomes and the overall efficiency of healthcare services

D.    Welcome to Cyberbiosecurity. Because regular cybersecurity wasn’t complicated enough

The evolving landscape of biology and biotechnology, significantly influenced by advancements in computer science, engineering, and data science, is reshaping our understanding and manipulation of biological systems. The integration of these disciplines has led to the development of fields such as computational biology and synthetic biology, which utilize computational power and engineering principles to solve complex biological problems and innovate new biotechnological applications. This interdisciplinary approach has not only accelerated research and development but also introduced new capabilities such as gene editing and biomanufacturing, pushing the boundaries of what is scientifically possible.

·         Technological Advancements: advancements in computational capabilities and engineering principles have transformed the study and application of biology and biotechnology globally.

·         Data Generation and Sharing: There is an increased ability to generate, analyze, share, and store vast amounts of biological data, which has implications for understanding human health, agriculture, evolution, and ecosystems.

·         Economic and Security Consequences: While these technological capabilities bring substantial economic benefits, they also introduce vulnerabilities to unauthorized interventions. This can lead to economic and physical harm due to data theft or misuse by state and non-state actors.

·         Data Access: A key concern is the asymmetric access to and use of biological data, driven by varying national policies on data governance. This asymmetry can affect global data sharing and has implications for security and equity in data access.

·         Security Risks: There are significant security risks associated with the digital and biological data nexus, emphasizing the potential for significant harm if such data are compromised.

Biological data is increasingly being generated, shared, and analyzed digitally. This enables new scientific discoveries but also creates vulnerabilities:

·         Databases containing sensitive biological data like genomic information and proprietary biotechnology research are vulnerable to cyber theft and unauthorized access by malicious actors. This enables economic espionage, development of bioweapons, or targeting of specific populations.

·         The ability to integrate and analyze disparate biological datasets using techniques like machine learning raises concerns about engineering pathogens or evading countermeasures.

·         There are asymmetries in how different nations or entities govern access to and sharing of biological data, creating potential national security risks. Policies aim to balance data protection with enabling legitimate research.

1)       Vulnerability of Biotech Data

·         Exploitation by Adversaries: biotechnology data can be exploited by adversaries, leading to significant consequences. This exploitation could involve unauthorized access to sensitive information, which could then be used for harmful purposes.

·         Negative Effects of Digitalization: These effects include increased risks of data breaches and the potential misuse of biologically relevant digital data.

·         Definition and Scope: Biotechnology is defined broadly to include the manipulation of biological processes for various scientific and industrial purposes. This includes the genetic manipulation of different organisms, which inherently involves handling sensitive genetic data.

·         Data Availability and Security: while biotechnology data is often available through online databases and cloud-based platforms, these platforms can be vulnerable to cyberattacks.

·         Legal and Illegal Acquisition Risks: risks associated with both the legal and illegal acquisition of biotechnology data lead to the need for stringent measures to mitigate these risks and protect against potential security breaches that could have wide-reaching implications.

·         Espionage (Corporate and State-Sponsored): involves unauthorized spying to gather proprietary or confidential information. Biotech firms, due to their innovative research in drug development and medical technologies, are prime targets for espionage to steal intellectual property.

E.    Cyberbiosecurity Frankenstein. When Hackers Get Bored of Your Bank Account

The life science industry is undergoing a digital transformation, with networked devices and systems becoming increasingly common. This trend is leading to the development of "smart labs" that offer increased efficiency and productivity. However, the integration of cybertechnologies also presents significant security vulnerabilities that must be effectively managed to avoid existential threats to the enterprise, public health, and national security

·         Technological Integration: technological innovation is deeply integrated into daily life, affecting every significant aspect of the world, which now has a cyber component.

·         Digital Transformation: the ongoing digital transformation, which, while beneficial, brings about vulnerabilities due to the cyber components of modern technologies.

·         Cyber Vulnerabilities: existing cybersecurity vulnerabilities within the life science enterprise and pose risks to laboratory workers, the surrounding community, and the environment.

·         Protective Measures: the need for consideration by equipment designers, software developers, and end users to minimize or eliminate vulnerabilities.

·         Data Protection: the importance of organizations and individuals respecting, valuing, and protecting data to benefit workers, life science organizations, and national security.

·         Proactive Approach: End users are encouraged to view every piece of laboratory equipment and process through a cyberbiosecurity lens to proactively address potential vulnerabilities

1)       Biosecurity

·         Definition and Scope: Biosecurity refers to measures aimed at preventing the introduction and spread of harmful organisms to humans, animals, and plants. It encompasses the management of biological risks associated with food safety, animal life and health, and environmental protection.

·         Focus Areas: Biosecurity measures are often focused on agricultural and environmental settings, aiming to protect against diseases and pests that can impact ecosystems, agriculture, and human health.

·         Components: include physical security, personnel reliability, material control, transport security, and information security. These measures are designed to prevent unauthorized access, loss, theft, misuse, or intentional release of biological agents.

·         Regulatory and Policy Framework: Biosecurity is supported by various national and international regulations and guidelines that govern the handling, use, and transfer of biological materials.

2)       Cyberbiosecurity

·         Definition and Scope: Cyberbiosecurity is an emerging discipline at the intersection of cybersecurity, biosecurity, and cyber-physical security. It focuses on protecting the bioeconomy from cyber threats that could compromise biological systems, data, and technologies.

·         Focus Areas: security vulnerabilities that arise from the digitization of biology and biotechnology, including threats to genetic data, biomanufacturing processes, and other bioinformatics systems.

·         Components: Cyberbiosecurity integrates cybersecurity measures with biosecurity principles to safeguard against unauthorized access, theft, manipulation, and destruction of biological and data systems. It includes the security of digital and physical interfaces between biological and cyber systems.

·         Emerging Importance: The discipline is gaining importance due to the increasing use of digital technologies in biological research and healthcare, making traditional biosecurity measures insufficient to address all potential threats.

3)       Comparative Analysis

·         Overlap & Shared Goals: Both biosecurity and cyberbiosecurity aim to protect against threats that can cause significant harm to public health, agriculture, and the environment. However, cyberbiosecurity extends the concept to include digital threats to biological systems.

·         Technological Integration: As biological systems increasingly incorporate digital technologies, the overlap between biosecurity and cybersecurity becomes more pronounced. Cyberbiosecurity addresses the unique challenges at this intersection, ensuring both biological and digital security measures are implemented effectively

·         Unique Aspects: Biosecurity traditionally focuses on physical and biological threats, such as pathogens and invasive species. Cyberbiosecurity, on the other hand, also addresses digital threats and the security of information systems related to biological sciences.

·         Interdisciplinary Approach: Cyberbiosecurity requires a more interdisciplinary approach, integrating expertise from cybersecurity, biological sciences, and information technology to address complex and evolving threats.

·         Regulatory Evolution: As the fields converge, there is a growing need for regulations that address the dual aspects of biosecurity and cybersecurity, ensuring comprehensive protection strategies that cover both biological materials and their associated digital information

4)       Cyberbiosecurity Implications

·      Digital Transformation: This transformation is characterized by the integration of digital technologies in all aspects of human activities, significantly affecting how laboratories operate.

·      Increased Efficiency and Productivity: The integration of networked devices and systems in laboratories has led to increased efficiency and productivity. These technologies allow for faster and more accurate data processing and communication within and across laboratory environments.

·      Cyber Vulnerabilities: Despite the benefits, the reliance on digital technologies introduces significant cybersecurity vulnerabilities, potentially leading to data breaches, loss of intellectual property, and disruption of laboratory operations.

·      Smart Labs: the future prevalence of "smart labs" will utilize innovations like virtual personal assistants and networked laboratory equipment to further enhance operational efficiency. However, these advancements also increase the potential attack surfaces for cyber threats

·      Need for Cyberbiosecurity: The integration of cyber elements in biological research necessitates a focus on cyberbiosecurity to protect sensitive data and biological materials from cyber threats. This involves implementing robust cybersecurity measures and developing new strategies to mitigate risks associated with digital and biological convergence.

·      Training and Awareness: There is a highlighted need for training laboratory personnel on cybersecurity best practices and raising awareness about the potential cyber threats in modern laboratory settings. This training is crucial for ensuring that all staff can recognize and respond to security incidents effectively

F.    HABs and Cyberbiosecurity. Because Your Digital Algal Blooms Needs a Firewall

Cyberbiosecurity is an emerging interdisciplinary field that addresses the convergence of cybersecurity, biosecurity, and cyber-physical security and other unique challenges. Its development is driven by the need to protect increasingly interconnected and digitized biological systems and data from emerging cyber threats. It focuses on protecting the integrity, confidentiality, and availability of critical biological and biomedical data, systems, and infrastructure from cyber threats. This discipline is relevant in contexts where biological and digital systems interact, such as in biopharmaceutical manufacturing, biotechnology research, and healthcare.

1)       Biological harmful threats

·         Data Integrity and Confidentiality Breaches: Biological data, such as genetic information and health records, are increasingly digitized and stored in cyber systems. Unauthorized access or manipulation of this data can lead to significant privacy violations and potentially harmful misuses.

·         Contamination and Sabotage of Biological Systems: Cyber-physical attacks can lead to the direct contamination of biological systems. For example, hackers could potentially alter the controls of biotechnological equipment, leading to the unintended production of harmful substances or the sabotage of critical biological research.

·         Disruption of Healthcare Services: Cyber-physical systems are integral to modern healthcare, from diagnostic to therapeutic devices. Cyberattacks on these systems can disrupt medical services, leading to delayed treatments or misdiagnoses, and potentially endanger patient lives.

·         Threats to Agricultural Systems: In agriculture, cyberbiosecurity threats include the potential for cyberattacks that disrupt critical infrastructure used in the production and processing of agricultural products. This can lead to crop failures, livestock losses, and disruptions in the food supply chain.

·         Environmental Monitoring and Management: Cyberbiosecurity also encompasses threats to systems that monitor and manage environmental health, such as water quality sensors and air quality monitoring stations. Compromising these systems can lead to incorrect data that may prevent the timely detection of environmental hazards, such as toxic algal blooms or chemical spills.

·         Spread of Misinformation: The manipulation of biological data and the dissemination of false information can lead to public health scares, misinformation regarding disease outbreaks, or mistrust in public health systems. This type of cyber threat can have widespread social and economic impacts.

·         Biotechnology and Synthetic Biology: As biotechnological and synthetic biology capabilities advance, the potential for their misuse increases if cyberbiosecurity measures are not adequately enforced. This includes the creation of harmful biological agents or materials that could be used in bioterrorism.

·         Regulatory and Compliance Risks: Organizations that handle sensitive biological data must comply with numerous regulatory requirements. Cyberattacks that lead to non-compliance can result in legal penalties, loss of licenses, and significant financial damages.

·         Insider Threats: Insiders with access to both cyber and biological systems pose a significant threat as they can manipulate or steal sensitive information or biological materials without needing to breach external security measures.

·         Data Injection Attacks: These involve the insertion of incorrect or malicious data into a system, which can lead to erroneous outputs or decisions. In the context of HAB monitoring, for example, data injection could mislead response efforts or corrupt research data.

·         Automated System Hijacking: This threat involves unauthorized control of automated systems, potentially leading to misuse or sabotage. For instance, automated systems used in water treatment or monitoring could be hijacked to disrupt operations or cause environmental damage.

·         Node Forgery Attacks: In systems that rely on multiple sensors or nodes, forging a node can allow an attacker to inject false data or take over the network. This can compromise the integrity of the data collected and the decisions made based on this data.

·         Attacks on Learning Algorithms: Machine learning algorithms are increasingly used to analyze complex biological data. These algorithms can be targeted by attacks designed to manipulate their learning process or output, leading to flawed models or incorrect analyses.

·         Cyber-Physical System Vulnerabilities: The integration of cyber systems with physical processes (CPS) introduces vulnerabilities where physical damage can result from cyber-attacks. This includes threats to infrastructure that supports biological research and public health, such as power grids or water systems

·         Intellectual Property Theft: In sectors like biotechnology, where research and development are key, cyberbiosecurity threats include the theft of intellectual property. This can occur through cyber-attacks aimed at accessing confidential data on new technologies or biological discoveries

·         Bioeconomic Espionage: Like intellectual property theft, bioeconomic espionage involves the unauthorized access to confidential economic data related to biological resources. This could impact national security, especially if such data pertains to critical agricultural or environmental technologies.

·         Contamination of Biological Data: The integrity of biological data is crucial for research and application in fields like genomics and epidemiology. Cyber-attacks that alter or corrupt this data can have serious consequences for public health, clinical research, and biological sciences.

·         Supply Chain Vulnerabilities: The bioeconomy relies on complex supply chains that can be disrupted by cyber-attacks. This includes the supply chains for pharmaceuticals, agricultural products, and other biological materials

·         AI-Driven Bioweapon Creation: The misuse of AI in the context of cyberbiosecurity could lead to the development of biological weapons, to design pathogens or to optimize the conditions for their growth, posing a significant bioterrorism threat

2)       Industries, Issues and consequences

The consequences of biological cybersecurity issues are diverse and significant, affecting various sectors and aspects of society. These impacts range from the disruption of critical biological systems to economic losses, and from the erosion of public trust to potential threats to national and global security.

·      Disruption of Critical Biological Systems and Processes: This can affect healthcare, agriculture, and environmental management, leading to failures in critical services and potential harm to public health and safety.

·      Theft of Intellectual Property and Proprietary Data: Cyberbiosecurity breaches often target intellectual property, leading to significant financial losses and competitive disadvantages for affected organizations.

·      Compromise of Sensitive Personal and Health Information: Data breaches can expose personal and health information, leading to privacy violations and potential misuse of this sensitive data.

·      Economic Losses and Damage to Industries: Cyberbiosecurity incidents can cause direct financial damage to companies and economies, including operational disruptions and the costs associated with mitigating breaches.

·      Erosion of Public Trust and Confidence: Incidents that compromise the integrity of critical biological data can lead to a loss of public trust in affected institutions and sectors.

·      Potential for Biological Weapons Development and Bioterrorism: The misuse of biological data and technologies can lead to the development and proliferation of biological weapons, posing significant security threats.

·      Regulatory Fines and Legal Implications: Organizations failing to adequately protect sensitive data can face regulatory fines and legal actions, further compounding financial and reputational damage.

·      Reputational Damage to Organizations and Institutions: Beyond the immediate financial and operational impacts, cyberbiosecurity breaches can cause long-lasting reputational damage, affecting stakeholder trust and market position.

3)       Specific issues like Harmful Algal Blooms

·         Prevalence and Impact of HABs: HABs have affected a wide range of freshwater ecosystems including large lakes, smaller inland lakes, rivers, and reservoirs, as well as marine coastal areas and estuaries.

·         Toxins Produced by HABs: Different cyanobacteria associated with HABs produce a variety of toxins that can impact human health, such as microcystins, saxitoxin, anatoxin-a, and cylindrospermopsin. These toxins pose significant challenges for studying and managing HABs.

·         Increasing Prevalence Due to Environmental Factors: HABs may be increasing in prevalence due to rising temperatures and higher nutrient runoff. This necessitates the development of new tools and technology to rapidly detect, characterize, and respond to HABs that threaten water security.

·         Cyberbiosecurity of Water Systems: there is a need for a framework to understand cyber threats to technologies that monitor and forecast water quality and the importance of envisioning water security from the perspective of a cyber-physical system (CPS) to properly detect, assess, and mitigate security threats on water infrastructure.

·         Research and Management Challenges: the lack of established monitoring procedures for HAB-related pollutants, the diversity of blooms and toxin types, and the cost and effectiveness of current detection and monitoring methods.

·         Global Nature of HAB: there is a need for international collaboration in research and management efforts. It calls for a multidisciplinary approach that integrates engineering, ecology, and chemistry to develop effective strategies for water cyberbiosecurity.

4)       Key Stakeholders

·         Water Utility Management: Responsible for overall implementation of cybersecurity measures, ensuring compliance with regulations, and managing the operational and financial aspects of cybersecurity.

·         IT and Cybersecurity Teams: Develop and maintain cyber defenses, monitor systems for security breaches, and respond to incidents and ensure that software and hardware are updated to protect against threats.

·         Operational Technology (OT) Personnel: Manage and maintain the physical components of water systems and work with IT teams to ensure that cybersecurity measures do not interfere with operational requirements.

·         Government Agencies: Regulatory bodies such as the Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) provide guidelines, resources, and support for cybersecurity in water systems.

·         State and Local Governments: Play a role in funding and supporting cybersecurity initiatives at local water utilities to coordinate with federal agencies to enhance the cybersecurity posture of regional water systems.

·         Industry Associations and Expert Groups: Organizations like the American Water Works Association (AWWA) and Water Information Sharing and Analysis Center (WaterISAC) offer guidance, training, and resources to improve security practices.

·         Technology Providers and Consultants: Offer specialized cybersecurity services, products, and expertise that help water utilities protect against and respond to cyber threats.

·         Research Institutions and Academia: Contribute through research and development of new cybersecurity technologies and strategies. They also provide training and education for cybersecurity professionals.

·         Public and Customers: While not directly involved in implementation, the public's awareness and support for cybersecurity funding and initiatives are crucial for their success. Customers need to be informed about the measures taken to protect their water supply

G.   Maritime Security.OSINT

Maritime Open-Source Intelligence (OSINT) refers to the practice of gathering and analyzing publicly available information related to maritime activities, vessels, ports, and other maritime infrastructure for intelligence purposes. It involves leveraging various open-source data sources and tools to monitor, track, and gain insights into maritime operations, potential threats, and anomalies.

1)       Data Sources

·         Vessel tracking websites and services (e.g., MarineTraffic, VesselFinder) that provide real-time and historical data on ship movements, positions, and details.

·         Satellite imagery and remote sensing data from providers like Sentinel, LANDSAT, and commercial vendors.

·         Social media platforms, news outlets, and online forums where maritime-related information is shared.

·         Public databases and registries containing information on vessels, companies, ports, and maritime infrastructure.

·         Open-source intelligence tools and search engines specifically designed for maritime data collection and analysis.

2)       Applications

·         Maritime security and law enforcement: Monitoring illegal activities like piracy, smuggling, illegal fishing, and potential threats to maritime infrastructure.

·         Maritime domain awareness: Enhancing situational awareness by tracking vessel movements, patterns, and anomalies in specific regions or areas of interest.

·         Risk assessment and due diligence: Conducting background checks on vessels, companies, and individuals involved in maritime operations for risk mitigation and compliance purposes.

·         Environmental monitoring: Tracking potential oil spills, pollution incidents, and assessing the environmental impact of maritime activities.

·         Search and rescue operations: Assisting in locating and tracking vessels in distress or missing at sea.

·         Competitive intelligence: Monitoring competitors' maritime operations, shipments, and logistics for strategic business insights.

3)       Key Tools and Techniques

·         Vessel tracking and monitoring platforms like MarineTraffic, VesselFinder, and FleetMon.

·         Geospatial analysis tools and platforms for processing and visualizing satellite imagery and remote sensing data.

·         Social media monitoring and analysis tools for gathering intelligence from online platforms.

·         OSINT frameworks and search engines like Maltego, Recon-ng, and Shodan for comprehensive data collection and analysis.

·         Data visualization and reporting tools for presenting maritime intelligence in a clear and actionable manner.

4)       Implications for International Trade Agreements & Shipping routes

·         Sanctions Evasion: AIS spoofing is frequently used to evade international sanctions by disguising the true location and identity of vessels involved in illicit trade. This undermines the effectiveness of sanctions and complicates enforcement efforts. Vessels can spoof their AIS data to appear as if they are in legal waters while engaging in prohibited activities, such as trading with sanctioned countries like North Korea or Iran.

·         False Documentation: Spoofing can be combined with falsified shipping documents to disguise the origin, destination, and nature of cargo. This makes it difficult for authorities to enforce trade restrictions and ensures that illicit goods can be traded without detection.

·         Concealing Illicit Activities: AIS spoofing can be used to conceal the true locations and activities of vessels involved in sanctions evasion. By creating false AIS tracks, state actors can argue that their vessels are complying with international regulations, thereby influencing public opinion about the legitimacy of sanctions and the actions of the sanctioned state.

·         Highlighting Sanctions' Ineffectiveness: By demonstrating the ability to evade sanctions through AIS spoofing, state actors can influence public opinion by highlighting the ineffectiveness of international sanctions and questioning their legitimacy.

·         Economic Disruption: By spoofing AIS data, state actors or criminal organizations can disrupt maritime logistics and supply chains, causing economic losses and operational inefficiencies. This can be part of a broader strategy of economic warfare, where the goal is to destabilize the economies of rival nations by interfering with their trade routes.

·         Market Manipulation: AIS spoofing can be used to create false supply and demand signals in the market. For example, by spoofing the location of oil tankers, actors can create the illusion of supply shortages or surpluses, thereby manipulating global oil prices. This can have a destabilizing effect on international markets and trade agreements that rely on stable pricing.

·         Floating Storage: Vessels can use AIS spoofing to hide their true locations while storing commodities like oil offshore. This can be used to manipulate market prices by controlling the apparent supply of these commodities.

·         Compliance Evasion: AIS spoofing can be used to evade compliance with international maritime regulations and trade agreements. For instance, vessels can spoof their AIS data to avoid detection by regulatory authorities, thereby circumventing environmental regulations, safety standards, and other compliance requirements.

·         Flag Hopping: Vessels can repeatedly change their transmitted Maritime Mobile Service Identity (MMSI) numbers and flags to avoid detection and compliance with international regulations. This practice, known as flag hopping, makes it difficult for authorities to track and enforce compliance

·         Fake Vessel Positions: Spoofing can create false positions for vessels, making it appear as though they are in different locations than they actually are. This can lead to confusion and misdirection of shipping routes, causing delays and inefficiencies in the supply chain.

·         Ghost Ships: Spoofing can generate "ghost ships" that do not exist, cluttering navigational systems and causing real vessels to alter their courses to avoid non-existent threats, further disrupting shipping routes.

·         Traffic Congestion: Spoofing can create artificial congestion in busy shipping lanes by making it appear that there are more vessels in the area than there actually are. This can lead to rerouting of ships and delays in cargo delivery

H.   Ship Happens. Plugging the Leaks in Your Maritime Cyber Defenses

The transformative potential of MASS is driven by advancements in big data, machine learning, and artificial intelligence. These technologies are set to revolutionize the $14 trillion shipping industry, traditionally reliant on human crews.

·      Cybersecurity Lag in Maritime Industry: the maritime industry is significantly behind other sectors in terms of cybersecurity, approximately by 20 years. This lag presents unique vulnerabilities and challenges that are only beginning to be fully understood.

·      Vulnerabilities in Ship Systems: vulnerabilities in maritime systems are highlighted by the ease with which critical systems can be accessed and manipulated. For example, cyber penetration tests have demonstrated the simplicity of hacking into ship systems like the Electronic Chart Display and Information System (ECDIS), radar displays, and critical operational systems such as steering and ballast.

·      Challenges with Conventional Ships: in conventional ships, the cybersecurity risks are exacerbated using outdated computer systems, often a decade old, and vulnerable satellite communication system. These vulnerabilities make ships susceptible to cyber-attacks that compromise critical information and systems.

·      Increased Risks with Uncrewed Ships: the transition to uncrewed, autonomous ships introduces a new layer of complexity to cybersecurity. Every system and operation on these ships depends on interconnected digital technologies, making them prime targets for cyber-attacks including monitoring, communication, and navigation, relies on digital connectivity.

·      Need for Built-in Cybersecurity: the necessity of incorporating cybersecurity measures right from the design phase of maritime autonomous surface ships is crucial to ensure that these vessels are equipped to handle potential cyber threats and to safeguard their operational integrity.

·      Stakeholder Interest: ship manufacturers, operators, insurers, and regulators, all of whom are keen to influence the development and implementation of MASS

Addressing the technological threats and vulnerabilities associated with Maritime Autonomous Surface Ships (MASS) or crewless ships requires a multifaceted approach that encompasses advancements in cybersecurity, communication systems, software and hardware reliability, regulatory compliance, and human factors training.

1)       Enhanced Cybersecurity Measures

·      IDS: Implement advanced IDS to monitor network traffic for suspicious activities and potential threats.

·      Encryption: Use strong encryption for data at rest and in transit to protect sensitive information from unauthorized access.

·      Software Updates and Patch Management: Ensure that all software components are regularly updated to fix vulnerabilities and enhance security features.

·      Security by Design: Incorporate cybersecurity measures from the initial design phase of MASS, ensuring that security is an integral part of the development process.

2)       Robust Communication Systems

·      Redundant Communication Links: Establish multiple, independent communication channels to ensure continuous connectivity even if one link fails.

·      Secure Communication Protocols: Implement secure and authenticated communication protocols to prevent unauthorized access and ensure data integrity.

·      Satellite Communication Diversity: Utilize a combination of satellite communication systems to reduce the risk of signal jamming and interception.

3)       Software and Hardware Reliability

·      Fault Tolerance: Design systems with fault tolerance in mind, allowing them to continue operating correctly even in the presence of hardware or software failures.

·      Regular System Testing: Conduct comprehensive testing, including penetration testing and vulnerability assessments, to identify and address potential weaknesses.

·      Predictive Maintenance: Implement predictive maintenance technologies that use data analytics to predict equipment failures before they occur, allowing for proactive repairs and replacements.

4)       Regulatory Compliance and Standardization

·      International Standards: Develop and adhere to international standards for the design, construction, and operation of MASS to ensure safety and interoperability.

·      Certification Processes: Establish clear certification processes for MASS technologies, ensuring they meet safety, security, and environmental standards.

5)       Human Factor and Training

·      Remote Operator Training: Develop comprehensive training programs for remote operators, focusing on the unique challenges of operating MASS, including emergency response and decision-making.

·      Simulation-Based Training: Utilize advanced simulators to train operators in a variety of scenarios, enhancing their skills in managing autonomous ships

6)       Integration with Existing Fleet

·      Collision Avoidance Algorithms: Implement advanced collision avoidance algorithms that comply with the International Regulations for Preventing Collisions at Sea (COLREGs), ensuring safe navigation among crewed and uncrewed vessels.

·      Inter-Vessel Communication Systems: Develop systems that enable seamless communication between crewless and crewed ships, facilitating coordination and situational awareness.

7)       Physical Tampering and Sabotage

·         Tamper Detection Sensors: Install sensors that alert control centers when unauthorized access or physical tampering occurs.

·         Surveillance Systems: Use advanced surveillance systems, including cameras and drones, to monitor the ship remotely.

·         Physical Locks and Barriers: Implement robust physical security measures such as locks and barriers that are difficult to bypass without proper authorization.

8)       Identity Spoofing and AIS Manipulation

·         Encryption and Authentication: Encrypt AIS signals and implement strict authentication measures to prevent spoofing.

·         Anomaly Detection Systems: Deploy systems that detect anomalies in AIS data to identify potential spoofing activities.

·         Cross-Verification: Use cross-verification with other data sources such as radar and satellite to confirm vessel locations.

9)       Insider Threats

·         Access Controls: Implement strict access controls and role-based access to sensitive systems.

·         Behavior Monitoring: Use behavior monitoring tools to detect unusual activities that could indicate malicious insider actions.

·         Regular Security Training: Conduct regular security awareness training to educate employees about the risks and signs of insider threats