Highlighting Vulnerabilities in a Genomics Biocybersecurity Lab Through Threat Modeling and Security Testing

Jared Sheldon; Isabelle Brown-Cantrell; Patrick Pape; Thomas Morris

doi:10.5220/0013523800003979

Highlighting Vulnerabilities in a Genomics Biocybersecurity Lab Through Threat Modeling and Security Testing

Jared Sheldon, Isabelle Brown-Cantrell, Patrick Pape, Thomas Morris

2025

Abstract

Biocybersecurity, a specialty field applying modern cybersecurity developments to the bioeconomy, is garnering progressively more attention as concerns increase over the protection of bioeconomic data generated each year. Genomic data is a key data type that falls under the bioeconomy umbrella and can be protected health information, intellectual property, or research data, depending on the use case. To increase understanding of cybersecurity for genomic lab environments, a biocybersecurity laboratory was set up and threat modeling was conducted on it using the STRIDE threat modeling methodology. Potential attack techniques were then mapped using the MITRE ATT&CK enterprise matrix and attack trees were generated to sequentially show the steps of these attacks. Going a step further, the initial steps of an attack tree were attempted against a DNA sequencer in the biocybersecurity lab. While the results of this testing did not yield an exploitable vulnerability that could be used to further test the attack tree techniques, lessons learned along the way can be taken into account by future research projects pursuing similar goals.

Download

Paper Citation

in Harvard Style

Sheldon J., Brown-Cantrell I., Pape P. and Morris T. (2025). Highlighting Vulnerabilities in a Genomics Biocybersecurity Lab Through Threat Modeling and Security Testing. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 626-631. DOI: 10.5220/0013523800003979

in Bibtex Style

@conference{secrypt25,
author={Jared Sheldon and Isabelle Brown-Cantrell and Patrick Pape and Thomas Morris},
title={Highlighting Vulnerabilities in a Genomics Biocybersecurity Lab Through Threat Modeling and Security Testing},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={626-631},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013523800003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Highlighting Vulnerabilities in a Genomics Biocybersecurity Lab Through Threat Modeling and Security Testing
SN - 978-989-758-760-3
AU - Sheldon J.
AU - Brown-Cantrell I.
AU - Pape P.
AU - Morris T.
PY - 2025
SP - 626
EP - 631
DO - 10.5220/0013523800003979
PB - SciTePress