Difference between revisions of "Journal:National and transnational security implications of asymmetric access to and use of biological data"

From LIMSWiki
Jump to navigationJump to search
(Saving and adding more.)
(Saving and adding more.)
Line 41: Line 41:
Although policies for protecting biological data from cyberattack are limited, policies that govern data access and sharing are prevalent. These top-down, data access policies intend to protect individual rights and/or prevent sharing or distribution of data, including biological data. Examples of recent policies include: (a) the 2018 update of the European Union General Data Protection Regulation<ref name="EC2018Reform18">{{cite web |url=https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en |title=2018 reform of EU data protection rules |author=European Commission |date=2018}}</ref>, which strengthened the European Union's rules for protecting personal data of individuals, in part by giving its citizens “more control over their personal data”; (b) the 2018 Chinese Personal Information Security Specification, which is one system under the Chinese Cybersecurity law, involves the “collection, storage, use, sharing, transfer, and disclosure of personal information,” and enables companies operating in China to access data to “not hamper the development of fields like AI”<ref name="SacksChinas18">{{cite web |url=https://www.csis.org/analysis/chinas-emerging-data-privacy-system-and-gdpr |title=China’s Emerging Data Privacy System and GDPR |author=Sacks, S. |work=Center for Strategic & International Studies |date=09 March 2018||</ref>; (c) the 2018 General Data Protection Law in Brazil, which provides a framework for the use of personal data in Brazil<ref name="SoaresBrazil18">{{cite web |url=https://www.loc.gov/law/foreign-news/article/brazil-personal-data-protection-law-enacted/ |title=Brazil: Personal Data Protection Law Enacted |author=Soares, E. |work=Global Legal Monitor |date=28 August 2018}}</ref>; and (d) the U.S. [[Health Insurance Portability and Accountability Act]] of 1996 (HIPAA), which promotes the protection of privacy and security of patient health information in the United States.<ref name="HHSSummary13">{{cite web |url=https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html |title=Summary of the HIPAA Security Rule |author=U.S. Department of Health and Human Services |date=26 July 2013}}</ref> At the same time, the U.S. has issued policies governing data generation, access, and sharing to promote information-sharing and transparency of government-sponsored research.<ref name="VanNoordenWhite13">{{cite web |url=http://blogs.nature.com/news/2013/02/us-white-house-announces-open-access-policy.html |title=White House announces new US open-access policy |author=Van Noorden, R. |work=Nature NewsBlog |date=22 February 2013 |accessdate=23 November 2018}}</ref> Internationally, the Nagoya Protocol of the Convention on Biodiversity<ref name="CBDAbout">{{cite web |url=https://www.cbd.int/abs/about/ |title=About the Nagoya Protocol |work=Convention on Biological Diversity |author=United Nations Environment Programme}}</ref> promotes governance on access to and fair, equitable sharing of the benefits from the use of non-human biological data. However, questions exist about whether the Nagoya Protocol focuses more on biological samples that provide genetic information or the genetic information itself, which ultimately affects national-level efforts for codifying the international agreement.<ref name="dosSRibeiroThreats18">{{cite web |url=https://science.sciencemag.org/content/362/6413/404 |title=Threats to timely sharing of pathogen sequence data |author=dos S. Ribeiro, C.; Koopmans, M.P.; Haringhuizen, G.B. |work=Science |date=26 October 2018 |doi=10.1126/science.aau5229}}</ref> Despite these activities, protection of some data, such as personal health data, may not extend beyond a country's borders and may apply only to data collected by certain entities. Furthermore, data protection polices do not extend to information that already has been stolen. Taken together, these national, regional, and international level policies for data protection may not prevent the inappropriate or unauthorized acquisition of data to different actors, the consequences of which are unclear for biotechnology data.
Although policies for protecting biological data from cyberattack are limited, policies that govern data access and sharing are prevalent. These top-down, data access policies intend to protect individual rights and/or prevent sharing or distribution of data, including biological data. Examples of recent policies include: (a) the 2018 update of the European Union General Data Protection Regulation<ref name="EC2018Reform18">{{cite web |url=https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en |title=2018 reform of EU data protection rules |author=European Commission |date=2018}}</ref>, which strengthened the European Union's rules for protecting personal data of individuals, in part by giving its citizens “more control over their personal data”; (b) the 2018 Chinese Personal Information Security Specification, which is one system under the Chinese Cybersecurity law, involves the “collection, storage, use, sharing, transfer, and disclosure of personal information,” and enables companies operating in China to access data to “not hamper the development of fields like AI”<ref name="SacksChinas18">{{cite web |url=https://www.csis.org/analysis/chinas-emerging-data-privacy-system-and-gdpr |title=China’s Emerging Data Privacy System and GDPR |author=Sacks, S. |work=Center for Strategic & International Studies |date=09 March 2018||</ref>; (c) the 2018 General Data Protection Law in Brazil, which provides a framework for the use of personal data in Brazil<ref name="SoaresBrazil18">{{cite web |url=https://www.loc.gov/law/foreign-news/article/brazil-personal-data-protection-law-enacted/ |title=Brazil: Personal Data Protection Law Enacted |author=Soares, E. |work=Global Legal Monitor |date=28 August 2018}}</ref>; and (d) the U.S. [[Health Insurance Portability and Accountability Act]] of 1996 (HIPAA), which promotes the protection of privacy and security of patient health information in the United States.<ref name="HHSSummary13">{{cite web |url=https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html |title=Summary of the HIPAA Security Rule |author=U.S. Department of Health and Human Services |date=26 July 2013}}</ref> At the same time, the U.S. has issued policies governing data generation, access, and sharing to promote information-sharing and transparency of government-sponsored research.<ref name="VanNoordenWhite13">{{cite web |url=http://blogs.nature.com/news/2013/02/us-white-house-announces-open-access-policy.html |title=White House announces new US open-access policy |author=Van Noorden, R. |work=Nature NewsBlog |date=22 February 2013 |accessdate=23 November 2018}}</ref> Internationally, the Nagoya Protocol of the Convention on Biodiversity<ref name="CBDAbout">{{cite web |url=https://www.cbd.int/abs/about/ |title=About the Nagoya Protocol |work=Convention on Biological Diversity |author=United Nations Environment Programme}}</ref> promotes governance on access to and fair, equitable sharing of the benefits from the use of non-human biological data. However, questions exist about whether the Nagoya Protocol focuses more on biological samples that provide genetic information or the genetic information itself, which ultimately affects national-level efforts for codifying the international agreement.<ref name="dosSRibeiroThreats18">{{cite web |url=https://science.sciencemag.org/content/362/6413/404 |title=Threats to timely sharing of pathogen sequence data |author=dos S. Ribeiro, C.; Koopmans, M.P.; Haringhuizen, G.B. |work=Science |date=26 October 2018 |doi=10.1126/science.aau5229}}</ref> Despite these activities, protection of some data, such as personal health data, may not extend beyond a country's borders and may apply only to data collected by certain entities. Furthermore, data protection polices do not extend to information that already has been stolen. Taken together, these national, regional, and international level policies for data protection may not prevent the inappropriate or unauthorized acquisition of data to different actors, the consequences of which are unclear for biotechnology data.


==Vulnerability of biotechnology data==
The primary challenges in identifying, assessing, and mitigating security vulnerabilities of biotechnology data are understanding: (a) how the data may be exploited by adversaries and what consequences result from this exploitation; and (2) what potential negative effects may arise from digitization of biotechnology and advanced computation of biological data.<ref name="BajemaTheDig18" /> The term “biotechnology” refers to the exploitation of biological processes for industrial and scientific purposes, and includes genetic manipulation of microbes, plants, animals, human cells, nucleic acids (the building blocks of genomes), and proteins (the functional units in cells). This definition is expanded further to include generation, incorporation, and use of digital forms of biological data. These biological data may be available online through databases, such as the U.S. National Center for Biotechnology Information's GenBank<ref name="NCBIGenBank13">{{cite web |url=https://www.ncbi.nlm.nih.gov/genbank/ |title=GenBank Overview |author=NCBI |date=2013}}</ref>, or generated in a laboratory and stored, shared, and/or analyzed locally or remotely (via online and/or cloud-based software). By attempting to answer the questions posed above, specific risks associated with the legal and illegal acquisition of biological data may be identified and mitigated.
Although extraordinary advances in computing power are enabling unprecedented scientific discoveries, its application to biology and healthcare is increasing without effective protection from the risks of adversary acquisition or accidental misuse of information. Scientific data that is generated in basic and applied research laboratories in academia, non-profit research organizations, service providers, and some industry research facilities may be considered fundamental research destined for publication and public benefit. These data are not necessarily sensitive, but they do represent the results of significant investment by governments, industry, investors, and philanthropic organizations. Therefore, theft or large-scale acquisition of these data may have adverse economic consequences to the organization, field, or nation, especially if acquisition was directed by adversarial nation-states to gain competitive advantage in a given sector.<ref name="CTAIPTheIPComm13">{{cite web |url=http://www.ipcommission.org/report/IP_Commission_Report_052213.pdf |format=PDF |title=The IP Commission Report |author=The Commission on the Theft of American Intellectual Property |publisher=National Bureau of Asian Research |date=May 2013}}</ref> As previously described, databases that store sensitive and/or non-sensitive biological data have been infiltrated by external actors and accessed by unauthorized individuals. Although measures to protect data have been implemented in several institutions, cyber and information security policies, practices, and compliance vary across biotechnology sectors, location, and organization type (e.g., academia, industry). Although implementation of cyber, information, and data security in biological facilities can help to minimize the potential for deliberate or accidental release of protected biological data, these measures are insufficient on their own.<ref name="Press60_18">{{cite web |url=https://www.forbes.com/sites/gilpress/2018/12/03/60-cybersecurity-predictions-for-2019/#759f17fc4352 |title=60 Cybersecurity Predictions for 2019 |author=Press, G. |work=Forbes |date=03 December 2018}}</ref>
Furthermore, the increasing size and volume of the datasets, and the complexity of analytic technologies has led many scientists to rely on cloud-based platforms to store, transfer, and analyze data. These platforms and technologies, including online analysis software and applications, often do not prevent unauthorized access to data or ensure software fidelity. Although mitigating specific vulnerabilities may be possible on an individual platform or technology level, implementing protections across the various data generation, analysis, transfer, and storage platforms currently in use in academia, industry, government laboratories, and healthcare facilities is challenging. Countering these risks requires the identification of consequences that are of particular concern to public safety and national security, evaluation of vulnerabilities that may enable the realization of these consequences, and identification of measures to address these vulnerabilities.
==Possible prevention and mitigation approaches==





Revision as of 00:01, 21 May 2019

Full article title National and transnational security implications of asymmetric access to and use of biological data
Journal Frontiers in Bioengineering and Biotechnology
Author(s) Berger, Kavita M.; Schneck, Phyllis A.
Author affiliation(s) Gryphon Scientific, LLC; Promontory Financial Group, an IBM Company
Primary contact Email: kberger at gryphonscientific dot com
Editors Murch, Randall S.
Year published 2019
Volume and issue 7
Page(s) 21
DOI 10.3389/fbioe.2019.00021
ISSN 2296-4185
Distribution license Creative Commons Attribution 4.0 International
Website https://www.frontiersin.org/articles/10.3389/fbioe.2019.00021/full
Download https://www.frontiersin.org/articles/10.3389/fbioe.2019.00021/pdf (PDF)

Abstract

Biology and biotechnology have changed dramatically during the past 20 years, in part because of increases in computational capabilities and use of engineering principles to study biology. The advances in supercomputing, data storage capacity, and cloud platforms enable scientists throughout the world to generate, analyze, share, and store vast amounts of data, some of which are biological and much of which may be used to understand the human condition, agricultural systems, evolution, and environmental ecosystems. These advances and applications have enabled: (1) the emergence of data science, which involves the development of new algorithms to analyze and visualize data; and (2) the use of engineering approaches to manipulate or create new biological organisms that have specific functions, such as production of industrial chemical precursors and development of environmental bio-based sensors. Several biological sciences fields harness the capabilities of computer, data, and engineering sciences, including synthetic biology, precision medicine, precision agriculture, and systems biology. These advances and applications are not limited to one country. This capability has economic and physical consequences but is vulnerable to unauthorized intervention. Healthcare and genomic information of patients, information about pharmaceutical and biotechnology products in development, and results of scientific research have been stolen by state and non-state actors through infiltration of databases and computer systems containing this information. Countries have developed their own policies for governing data generation, access, and sharing with foreign entities, resulting in asymmetry of data sharing. This paper describes security implications of asymmetric access to and use of biological data.

Keywords: biotechnology, cybersecurity, information security, data vulnerability, biological data, biosecurity, data access, data protection

Introduction

Advances in computer science, engineering, and data science have changed research, development, and application of biology and biotechnology in the United States and internationally. Examples of changes include: (a) increased reliance on internet connectivity for research and laboratory operations[1][2][3]; (b) increased use of automation in life-science laboratories[4]; (c) application of the “design-build-test” paradigm to create new biological organisms[5][6]; (d) increased generation, analyses, and computational modeling of information about biological systems, cells, and molecules[7][8]; (e) treatment of organisms and DNA as materials rather than phenomena to study[9][10][11]; and (f) new funders such as venture capital, crowdfunding platforms, and foreign companies and governments.[12][13][14] These changes have transformed the scientific, agricultural, and health communities' ability to understand and manipulate the world around them. In addition, the changes have enabled an influx of new practitioners and problem-solvers into biology, providing opportunities for education and research all over the world.

Biotechnology harnesses the capabilities of computer, data, and engineering sciences to establish and advance new fields such as synthetic biology, precision medicine, precision agriculture, and systems biology. Cloud-based platforms and open-source, easy-to-use software enable scientists from anywhere in the world to use advanced data analytics in their studies. The software and hardware emerging from these fields improve our collective understanding of molecular and systems-level genetics, new drug therapies for longer and better quality of life, and design of novel and/or unnatural organisms. Critical to these pursuits is the sharing of research results and underlying data, without which societal decision-making about human, animal, plant, and environmental health cannot be realized fully. However, during the past two decades, concerns about data sharing have been raised, resulting in the issuance of international, regional, and national-level policies governing access to different types of data, including biological data. In addition, the platforms through which data are stored, transported, and analyzed may be vulnerable to unauthorized acquisition of information by malicious actors, which could lead to significant economic and physical harms to the health, safety, and security of a population. Although not considered “dual use life sciences research of concern,”[15][16] the potential for both benefit and risk to humanity meets the spirit of the dual use concept.[17] Given the significant benefits afforded by data sharing and analysis, this paper highlights current data protection policies, potential risks of data exploitation by malicious actors, and potential strategies to mitigate those risks and promote rapid recovery in biotechnology fields that are breached.

The interconnectedness between the digital and biological worlds can be exploited by state actors, malicious nonstate actors, and hackers through a variety of means, resulting in harmful consequences from potential theft of information, promulgation of incorrect information, and/or disruption of activities.[18][19][20] For example, theft of proprietary information from a pharmaceutical or biotechnology company may reveal trade secrets and allow competitors to develop superior products and/or bring existing products to market more quickly[21], stifling innovation in the global commercial market and allowing adversaries to create harmful, untested therapies. Another example is theft of hundreds of millions of electronic healthcare records, the uses of which are not clear.[22][23][24][25][26] Although unauthorized access to protected data may be aided by technical vulnerabilities in networked computer systems, poor security practices, insider threats in academia, industry, and health facilities, and legal business dealings also can enable adversary access to such data.[27][28][29][30] For examples, more than half of all data breaches at healthcare facilities are caused by healthcare personnel errors, a quarter of which resulted in unauthorized access to or disclosure of patient records through sharing of unencrypted information, sending information to the wrong patients, and accessing the data without authorization.[31][32] In addition, the Federal Bureau of Investigation (FBI) has raised national security concerns about foreign access to genomic data of U.S. citizens through legitimate scientific collaboration, funding of scientific research, investment in genomic sequencing companies (e.g., China-based WuXi Healthcare Ventures investment in the U.S.-based 23andMe[33][34]), and purchase of companies (e.g., Complete Genomics).[35][36] As vulnerabilities are created through scientific advances, such as the use of machine learning algorithms to trick fingerprint authentication systems, new risks are identified.[37][38] Some of these concerns have resulted in the passage of the 2018 Foreign Investment Risk Review Modernization Act, which has initiated reform of the U.S. Government process for evaluating foreign investment in U.S. entities and export control of emerging technologies.[28][39] Yet, these policy activities largely are reactive, rather than proactive.

Current approaches to protecting data

Preventing accidental and deliberate risks typically involves the use of cyber and information security systems that include technological and behavioral solutions. Protection of laboratory control systems, computer networks, and databases often involves the use of technological solutions. However, some risks are addressed better through training of personnel to recognize and report phishing attempts, ensure sensitive information is encrypted, and prevent unauthorized individuals from gaining access to sensitive data, databases, and computer networks. To enhance security, policies for promulgating these practices for specific materials and information have been issued. For example, the U.S. Biological Select Agents and Toxins Regulations include guidance for network security to prevent failure of laboratories, equipment, and access controls to facilities and data.[40] In addition, the U.S. has policies for protecting individual privacy, several of which were described in a 2014 report sponsored by the White House.[41] However, error, carelessness, or negligence by personnel can counteract the benefits afforded by security measures and may lead to devastating consequences if biological data and materials are involved.

Although policies for protecting biological data from cyberattack are limited, policies that govern data access and sharing are prevalent. These top-down, data access policies intend to protect individual rights and/or prevent sharing or distribution of data, including biological data. Examples of recent policies include: (a) the 2018 update of the European Union General Data Protection Regulation[42], which strengthened the European Union's rules for protecting personal data of individuals, in part by giving its citizens “more control over their personal data”; (b) the 2018 Chinese Personal Information Security Specification, which is one system under the Chinese Cybersecurity law, involves the “collection, storage, use, sharing, transfer, and disclosure of personal information,” and enables companies operating in China to access data to “not hamper the development of fields like AI”[43]; (c) the 2018 General Data Protection Law in Brazil, which provides a framework for the use of personal data in Brazil[44]; and (d) the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), which promotes the protection of privacy and security of patient health information in the United States.[45] At the same time, the U.S. has issued policies governing data generation, access, and sharing to promote information-sharing and transparency of government-sponsored research.[46] Internationally, the Nagoya Protocol of the Convention on Biodiversity[47] promotes governance on access to and fair, equitable sharing of the benefits from the use of non-human biological data. However, questions exist about whether the Nagoya Protocol focuses more on biological samples that provide genetic information or the genetic information itself, which ultimately affects national-level efforts for codifying the international agreement.[48] Despite these activities, protection of some data, such as personal health data, may not extend beyond a country's borders and may apply only to data collected by certain entities. Furthermore, data protection polices do not extend to information that already has been stolen. Taken together, these national, regional, and international level policies for data protection may not prevent the inappropriate or unauthorized acquisition of data to different actors, the consequences of which are unclear for biotechnology data.

Vulnerability of biotechnology data

The primary challenges in identifying, assessing, and mitigating security vulnerabilities of biotechnology data are understanding: (a) how the data may be exploited by adversaries and what consequences result from this exploitation; and (2) what potential negative effects may arise from digitization of biotechnology and advanced computation of biological data.[2] The term “biotechnology” refers to the exploitation of biological processes for industrial and scientific purposes, and includes genetic manipulation of microbes, plants, animals, human cells, nucleic acids (the building blocks of genomes), and proteins (the functional units in cells). This definition is expanded further to include generation, incorporation, and use of digital forms of biological data. These biological data may be available online through databases, such as the U.S. National Center for Biotechnology Information's GenBank[49], or generated in a laboratory and stored, shared, and/or analyzed locally or remotely (via online and/or cloud-based software). By attempting to answer the questions posed above, specific risks associated with the legal and illegal acquisition of biological data may be identified and mitigated.

Although extraordinary advances in computing power are enabling unprecedented scientific discoveries, its application to biology and healthcare is increasing without effective protection from the risks of adversary acquisition or accidental misuse of information. Scientific data that is generated in basic and applied research laboratories in academia, non-profit research organizations, service providers, and some industry research facilities may be considered fundamental research destined for publication and public benefit. These data are not necessarily sensitive, but they do represent the results of significant investment by governments, industry, investors, and philanthropic organizations. Therefore, theft or large-scale acquisition of these data may have adverse economic consequences to the organization, field, or nation, especially if acquisition was directed by adversarial nation-states to gain competitive advantage in a given sector.[50] As previously described, databases that store sensitive and/or non-sensitive biological data have been infiltrated by external actors and accessed by unauthorized individuals. Although measures to protect data have been implemented in several institutions, cyber and information security policies, practices, and compliance vary across biotechnology sectors, location, and organization type (e.g., academia, industry). Although implementation of cyber, information, and data security in biological facilities can help to minimize the potential for deliberate or accidental release of protected biological data, these measures are insufficient on their own.[51]

Furthermore, the increasing size and volume of the datasets, and the complexity of analytic technologies has led many scientists to rely on cloud-based platforms to store, transfer, and analyze data. These platforms and technologies, including online analysis software and applications, often do not prevent unauthorized access to data or ensure software fidelity. Although mitigating specific vulnerabilities may be possible on an individual platform or technology level, implementing protections across the various data generation, analysis, transfer, and storage platforms currently in use in academia, industry, government laboratories, and healthcare facilities is challenging. Countering these risks requires the identification of consequences that are of particular concern to public safety and national security, evaluation of vulnerabilities that may enable the realization of these consequences, and identification of measures to address these vulnerabilities.

Possible prevention and mitigation approaches

References

  1. Accenture (2015). "The Future of Applications in Life Sciences" (PDF). Accenture. https://www.accenture.com/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_20/Accenture-15-1429U-FutureOfApps-LSCS-v5-web.pdf. 
  2. 2.0 2.1 Bajema, N.E.; DiEuliis, D.; Lutes, C.; Lim, Y.-B. (2018). "The digitization of biology: Understanding the new risks and implications for governance". Emergence & Convergence: 3. https://wmdcenter.ndu.edu/Media/News/Article/1569559/the-digitization-of-biology-understanding-the-new-risks-and-implications-for-go/. 
  3. Olena, A. (1 June 2018). "Bringing the Internet of Things into the Lab". The Scientist. https://www.the-scientist.com/bio-business/bringing-the-internet-of-things-into-the-lab-64265. 
  4. Chapman, T. (2003). "Lab automation and robotics: Automation on the move". Nature 421 (6923): 661, 663, 665–6. doi:10.1038/421661a. PMID 12571603. 
  5. Agapakis, C.M. (2014). "Designing synthetic biology". ACS Synthetic Biology 3 (3): 121–8. doi:10.1021/sb4001068. PMID 24156739. 
  6. Carbonell, P.; Jervis, A.J.; Robinson, C.J. et al. (2018). "An automated Design-Build-Test-Learn pipeline for enhanced microbial production of fine chemicals". Communications Biology 1: 66. doi:10.1038/s42003-018-0076-9. PMC PMC6123781. PMID 30271948. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6123781. 
  7. Thurow, K.; Göde, B.; Dingerdissen, U. Stoll, N. (2004). "Laboratory Information Management Systems for Life Science Applications". Organic Process Researh & Development 8 (6): 970–982. doi:10.1021/op040017s. 
  8. Walpole, J.; Papin, J.A.; Peirce, S.M. (2013). "Multiscale computational models of complex biological systems". Annual Review of Biomedical Engineering 15: 137–54. doi:10.1146/annurev-bioeng-071811-150104. PMC PMC3970111. PMID 23642247. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3970111. 
  9. Service, R.F. (2 March 2017). "DNA could store all of the world's data in one room". Science. doi:10.1126/science.aal0852. https://www.sciencemag.org/news/2017/03/dna-could-store-all-worlds-data-one-room. 
  10. Anderson, L.A.; Islam, M.A.; Prather, K.L.J. (2018). "Synthetic biology strategies for improving microbial synthesis of "green" biopolymers". Journal of Biological Chemistry 293 (14): 5053-5061. doi:10.1074/jbc.TM117.000368. PMC PMC5892568. PMID 29339554. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5892568. 
  11. Patel, P. (20 February 2018). "DNA Data Storage Gets Random Access". IEEE Spectrum. https://spectrum.ieee.org/the-human-os/biomedical/devices/dna-data-storage-gets-random-access. 
  12. von Krogh, G.; Battistini, B.; Pachidou, F.; Baschera, P. (2012). "The changing face of corporate venturing in biotechnology". Nature Biotechnology 30 (10): 911–5. doi:10.1038/nbt.2383. PMID 23051802. 
  13. Cha, A.E. (18 January 2015). "Crowdfunding propels scientific research". The Washington Post. https://www.washingtonpost.com/national/health-science/crowdfunding-propels-scientific-research/2015/01/18/c1937690-9758-11e4-8005-1924ede3e54a_story.html?utm_term=.734eb498edb5. 
  14. Mervis, J. (9 March 2017). "Data check: U.S. government share of basic research funding falls below 50%". Science. doi:10.1126/science.aal0890. https://www.sciencemag.org/news/2017/03/data-check-us-government-share-basic-research-funding-falls-below-50. 
  15. U.S. Government (March 2012). "United States Government Policy for Oversight of Life Sciences Dual Use Research of Concern" (PDF). http://www.phe.gov/s3/dualuse/Documents/us-policy-durc-032812.pdf. 
  16. U.S. Government (September 2014). "United States Government Policy for Institutional Oversight of Life Sciences Dual Use Research of Concern" (PDF). http://www.phe.gov/s3/dualuse/Documents/durc-policy.pdf. 
  17. National Research Council (2004). Biotechnology Research in an Age of Terrorism. National Academies Press. doi:10.17226/10827. ISBN 9780309166874. https://www.nap.edu/catalog/10827/biotechnology-research-in-an-age-of-terrorism. 
  18. Lord, R.; Forbes Technology Council (15 December 2017). "The Real Threat Of Identity Theft Is In Your Medical Records, Not Credit Cards". Forbes. https://www.forbes.com/sites/forbestechcouncil/2017/12/15/the-real-threat-of-identity-theft-is-in-your-medical-records-not-credit-cards/#445711491b59. 
  19. Souza, C. (10 December 2018). "Lessons for Pharma from the Merck Cyber Attack". PharmExec.com 38 (12). http://www.pharmexec.com/lessons-pharma-merck-cyber-attack. Retrieved 21 January 2019. 
  20. Ward, A. (11 December 2018). "SIS's Use of Social Media Still Poses a Threat to Stability in the Middle East and Africa". The RAND Blog. https://www.rand.org/blog/2018/12/isiss-use-of-social-media-still-poses-a-threat-to-stability.html. Retrieved 21 January 2019. 
  21. Friedman, A.A. (25 September 2013). "Cyber Theft of Competitive Data: Asking the Right Questions". Brookings. The Brookings Institution. https://www.brookings.edu/research/cyber-theft-of-competitive-data-asking-the-right-questions/. 
  22. Bogle, A. (7 June 2018). "Healthcare data a growing target for hackers, cybersecurity experts warn". ABC.net.au. https://www.abc.net.au/news/science/2018-04-18/healthcare-target-for-hackers-experts-warn/9663304. Retrieved 23 November 2018. 
  23. Cohen, J. (23 March 2018). "Massive cyberhack by Iran allegedly stole research from 320 universities, governments, and companies". Science. doi:10.1126/science.aat6849. https://www.sciencemag.org/news/2018/03/massive-cyber-hack-iran-allegedly-stole-research-320-universities-governments-and. 
  24. Healthcare IT News Staff (2018). "The biggest healthcare data breaches of 2018 (so far)". Healthcare IT News. https://www.healthcareitnews.com/projects/biggest-healthcare-data-breaches-2018-so-far. Retrieved 23 November 2018. 
  25. Huang, E.; Steger, I. (29 October 2018). "China Is Secretly Enrolling Military Scientists in Western Universities". Defense One. https://www.defenseone.com/threats/2018/10/china-secretly-enrolling-military-scientists-western-universities/152383/. Retrieved 23 November 2018. 
  26. Keown, A. (18 September 2018). "Second Scientist Pleads Guilty to Stealing GlaxoSmithKline Trade Secrets". BioSpace. https://www.biospace.com/article/-jc1n-second-scientist-pleads-guilty-to-stealing-glaxosmithkline-trade-secrets/. Retrieved 23 November 2018. 
  27. Lynch, D.J. (2017). "Biotechnology: the US-China Dispute over Genentic Data". Financial Times. https://www.ft.com/content/245a7c60-6880-11e7-9a66-93fb352ba1fe. Retrieved 23 November 2018. 
  28. 28.0 28.1 Rappeport, A. (10 October 2018). "In New Slap at China, U.S. Expands Power to Block Foreign Investments". The New York Times. https://www.nytimes.com/2018/10/10/business/us-china-investment-cfius.html. Retrieved 23 November 2018. 
  29. Bloomberg News (19 April 2018). "Chinese funds pour US$1.4b into US biotechnology firms in the first three months of the year". South China Morning Post. https://www.scmp.com/business/global-economy/article/2142351/chinese-funds-pour-us14b-us-biotechnology-firms-first-three. Retrieved 23 November 2018. 
  30. Respaut, R.; Zhu, J. (23 September 2018). "As China builds biotech sector, cash floods U.S. startups". Reuters. https://www.reuters.com/article/us-biotech-china-investment/as-china-builds-biotech-sector-cash-floods-u-s-startups-idUSKCN1M400G. Retrieved 23 November 2018. 
  31. Bai, G.; Jiang, J.X.; Flasher, R. (2017). "Hospital risk of data breaches". JAMA Internal Medicine 1777 (6): 878-880. doi:10.1001/jamainternmed.2017.0336. PMC PMC5818824. PMID 28384777. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5818824. 
  32. Michigan State University (19 November 2018). "Healthcare providers -- not hackers -- leak more of your data". EurekAlert!. https://eurekalert.org/pub_releases/2018-11/msu-hp-111618.php. Retrieved 23 November 2019. 
  33. BioSpace (21 October 2015). "WuXi Healthcare Invests In US Genomics Testmaker 23andMe". BioSpace. https://www.biospace.com/article/releases/-b-wuxi-healthcare-b-invests-in-us-genomics-testmaker-23andme-/. 
  34. Mui, Y.Q. (30 December 2016). "China’s $9 billion effort to beat the U.S. in genetic testing". The Washington Post. https://www.washingtonpost.com/news/wonk/wp/2016/12/30/chinas-9-billion-effort-to-beat-the-u-s-in-genetic-testing/?noredirect=on&utm_term=.8586cdbf28b8. 
  35. Baker, M. (2012). "China buys U.S. sequencing firm". Nature 489 (7417): 485–6. doi:10.1038/489485a. PMID 23018943. 
  36. Genome Web Staff Reporter (17 September 2012). "Complete Genomics, BGI Agree to $117.6M Merger". Genome Web. https://www.genomeweb.com/clinical-sequencing/complete-genomics-bgi-agree-1176m-merger#.XEqIOFxKiUl. Retrieved 24 January 2019. 
  37. Bontrager, P.; Roy, A.; Togelius, J. et al. (18 October 2018). "DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution". arXiv.org. https://arxiv.org/abs/1705.07386. 
  38. NYU Tandon School of Engineering (20 November 2018). "Machine Learning Masters the Fingerprint to Fool Biometric Systems". PR Newswire. https://www.prnewswire.com/news-releases/machine-learning-masters-the-fingerprint-to-fool-biometric-systems-300753375.html. 
  39. U.S. Congress (2018). "S. 2098 (115th): Foreign Investment Risk Review Modernization Act of 2018". govtrack. https://www.govtrack.us/congress/bills/115/s2098. 
  40. CDC, USDA (2017). "Information Systems Security Control Guidance". Federal Select Agent Program. https://www.selectagents.gov/isg-intro.html. 
  41. Big Data and Privacy Working Group (February 2015). "Big Data: Seizing Opportunities, Preserving Values" (PDF). U.S. Government. https://obamawhitehouse.archives.gov/sites/default/files/docs/20150204_Big_Data_Seizing_Opportunities_Preserving_Values_Memo.pdf. 
  42. European Commission (2018). "2018 reform of EU data protection rules". https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en. 
  43. {{cite web |url=https://www.csis.org/analysis/chinas-emerging-data-privacy-system-and-gdpr |title=China’s Emerging Data Privacy System and GDPR |author=Sacks, S. |work=Center for Strategic & International Studies |date=09 March 2018||
  44. Soares, E. (28 August 2018). "Brazil: Personal Data Protection Law Enacted". Global Legal Monitor. https://www.loc.gov/law/foreign-news/article/brazil-personal-data-protection-law-enacted/. 
  45. U.S. Department of Health and Human Services (26 July 2013). "Summary of the HIPAA Security Rule". https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html. 
  46. Van Noorden, R. (22 February 2013). "White House announces new US open-access policy". Nature NewsBlog. http://blogs.nature.com/news/2013/02/us-white-house-announces-open-access-policy.html. Retrieved 23 November 2018. 
  47. United Nations Environment Programme. "About the Nagoya Protocol". Convention on Biological Diversity. https://www.cbd.int/abs/about/. 
  48. dos S. Ribeiro, C.; Koopmans, M.P.; Haringhuizen, G.B. (26 October 2018). "Threats to timely sharing of pathogen sequence data". Science. doi:10.1126/science.aau5229. https://science.sciencemag.org/content/362/6413/404. 
  49. NCBI (2013). "GenBank Overview". https://www.ncbi.nlm.nih.gov/genbank/. 
  50. The Commission on the Theft of American Intellectual Property (May 2013). "The IP Commission Report" (PDF). National Bureau of Asian Research. http://www.ipcommission.org/report/IP_Commission_Report_052213.pdf. 
  51. Press, G. (3 December 2018). "60 Cybersecurity Predictions for 2019". Forbes. https://www.forbes.com/sites/gilpress/2018/12/03/60-cybersecurity-predictions-for-2019/#759f17fc4352. 

Notes

This presentation is faithful to the original, with only a few minor changes to presentation, grammar, and punctuation. In some cases important information was missing from the references, and that information was added. The two footnotes in the original material were turned into inline references for this version.