NIST Seeks Public Input on Draft Paper About Genomic Data Cybersecurity

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has published an initial draft of Internal Report 8432, titled “Cybersecurity of Genomic Data.” According to NIST, genomic data has played a key role in the growth of the bioeconomy in the United States and possesses unique characteristics that require a different cybersecurity and privacy approach.

The paper is meant to provide an overview of current cybersecurity practices for genomic data, gaps in protection practices, potential solutions for use cases and areas for regulations, policies and additional research.

The public has until April 3 to submit comments regarding the draft, NIST said Friday.

According to the draft report, potential cyberattacks on genomic data include those that compromise confidentiality, integrity and availability. Attacks concerning data confidentiality could enable adversaries to gain an economic advantage, potentially damaging the U.S. economy while intrusions affecting integrity could result in disruptions to biopharmaceutical, agricultural and biomanufacturing production.

Malicious actors could conduct data availability attacks in the form of ransomware, deletion and disabling of key research and manufacturing equipment. NIST added that genomic data could be extracted to support the development of biological weapons and enable the surveillance and extortion of citizens and government personnel.

The NCCoE conducted two workshops to inform the content of the draft report.