What’s needed to prevent cyberbiosecurity threats and protect vulnerable countries

The CT lung scan showed the ravaging signs of COVID-19 and the inflammatory response, the cytokine storm. But what if the CT scan was wrong?

This is no passing concern. In 2018, a malicious attack was designed to hack hospital CT scans, generating false lung tumours that conformed to a patient’s unique anatomy, leading to a misdiagnosis rate in excess of 90%. Furthermore, researchers at Harvard University tested adversarial attacks against algorithms used to diagnose skin cancer images, demonstrating that such attacks required only modifying a few pixels in the original biopsy picture to corrupt a diagnosis.

These examples are just a sampling of how AI can automate the manipulation of medical datasets, expanding a cyberattack’s impact through health and biotech industries. Those attacks exist in an era of hybrid security risks where pandemic threats converge with the weaponization of powerful dual-use technologies. Developed for beneficial purposes, dual-use technologies can also inherently cause harm, either accidental “unintended harms,” or as a result of deliberate malicious intent. The convergence of cyber- and biosecurity threats reduce our ability, in a global health crisis, to trust what the digital pictures of our bodies tell us about a complex virus like COVID-19 and how fast we analyse pathogens in future crises, natural or man-made.

These converging security risks have corrosive implications for every country, but particularly those that have poor and outdated medical, biotech and cyber-infrastructure or who don’t have the capacity to protect their vulnerable populations from the weaponization of pandemic and technological threats.

To protect those bearing the brunt of systemic crises, countries need to shift from reactive to proactive measures, developing global prevention platforms to identify and prevent such threats.

A global prevention platform could address three key challenges:

1. Increasing cyber-, bio- and human insecurity

Global public health crises create conditions of extreme fragility where dual-use technologies can be harnessed to increase insecurity. As mentioned by the UN Secretary-General In his address to the Security Council, “The weaknesses and lack of preparedness exposed at the time of pandemic provide a window onto how a bioterrorist attack might unfold – and may increase its risks. Non-state groups could gain access to virulent strains that could pose similar devastation to societies around the globe.”

The current pandemic provides states and terrorist groups with a real-time window into societies’ strengths and weaknesses in emergency situations. The past months have shown how a biological threat could break down hospitals and food supply chains, shatter citizens’ trust in critical information and public institutions, and bring social unrest, disinformation, even violence.

Additionally, malicious actors’ capacity to access cloud-labs could automate the design of pathogens with multidrug resistance or reproduce a strain similar to COVID-19. Both could be easily spread in public spaces using drone technologies.

2. Eroding digital trust

As they converge, emerging technologies create growing interdependence between cyber-, bio- and human security threats. In the context of the COVID-19 crisis, the interdependence of medical facilities and biotech supply chains on energy companies, data-centres and information networks produces severe vulnerabilities. The combination of medical data-manipulation and cyberattacks on bio-manufacturing could have drastic economic consequences and lethal outcomes for populations. Yet the most enduring harm would be on citizens’ trust – trust in public health institutions, emergency data-systems, laboratories, hospitals and critical infrastructures.

3. Converging risks in conflicts

Conflict-affected states, when facing converging security threats, suffer crises unprecedented in magnitude, mortality and scope. These states are less able to prepare for low-probability, high-impact events at a time of public health emergency, and will be less resilient should one materialize. In a country where critical infrastructure is already failing, for instance, a cyberattack on medical facilities or connected electrical grid could be devastating. Even in wealthy countries cybercriminals have targeted hospitals and digital networks during the COVID-19 crisis, scaling up social engineering strategies to prey on people at a vulnerable time.

Looking ahead and preventing the next crisis

Current threats in sectors like biosecurity or cybersecurity are governed in silos. To affect change, new collaborations will be key. A panel of government, private sector and technology leaders could be convened to conduct combined foresight analyses across technological domains, including AI, cyber- and biosecurity. With an aim toward understanding the convergence of high-impact biological events with dual-use technologies, this group could define a shared approach to prevention and mitigation.

Foresight efforts should include cooperation with states affected by conflict. Experts in conflict prevention should partner with private sector actors and civil society to better tailor prevention strategies to the specific threats and ethical needs of vulnerable communities. Such efforts have already begun to emerge. For instance, start-ups and innovators at the UN and the Alan Turing Institute already collaborate to use AI for crowd-sourcing and forecasting emerging security risks.

Such “inclusive foresight” could equip countries and agencies with the tools to articulate scenarios from which risk prioritisation can emerge, particularly for conflict zones and develop responsible approaches to leverage emerging technologies for prevention.

Converging security risks have powerful and corrosive impacts on peace and human well-being. The multilateral system needs to learn from this unprecedented crisis and prepare for its repeat, with more deadly consequences and high potential for weaponization. Foresight, used as a leadership strategy, can help avoid ethical and governance failures.