Date Published: March 3, 2023
Comments Due:
Email Questions to:
Author(s)
Ronald Pulivarti (NIST), Natalia Martin (NIST), Fred Byers (NIST), Justin Wagner (NIST), Justin Zook (NIST), Samantha Maragh (NIST), Kevin Wilson (MITRE), Martin Wojtyniak (MITRE), Brett Kreider (MITRE), Ann-Marie France (MITRE), Sallie Edwards (MITRE), Tommy Morris (University of Alabama in Huntsville), Jared Shelton (University of Alabama in Huntsville), Scott Ross (HudsonAlpha), Phillip Whitlow (HudsonAlpha)
Announcement
Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government due to intrinsic properties that, in combination, make it different from other types of high-value data which possess only a subset of these properties. The characteristics of genomic data compared to other high value datasets raises some correspondingly unique cybersecurity and privacy challenges that are inadequately addressed with current policies, guidance, and technical controls.
This report describes current practices in risk management, cybersecurity, and privacy management for protecting genomic data, as well as the associated challenges and concerns. It identifies gaps in protection practices across the genomic data lifecycle and proposes solutions to address real-life use cases occurring at various stages of the genomic data lifecycle. This report also is intended to provide areas for regulatory/policy enactment or further research.
Submit Your Comments
The public comment period closes at 11:59 PM ET on April 3, 2023. Please email all draft comments to genomic_cybersecurity_nccoe@nist.gov. We encourage you to use this comment template when preparing and submitting your comments.
Contribute
If you would like to help shape this project, consider joining the NCCoE Genomics Cybersecurity Community of Interest (COI). Email us at genomic_cybersecurity_nccoe@nist.gov declaring your interest.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of high value data which possess only a subset of these properties. The characteristics of genomic data compared to other high value datasets raises some correspondingly unique cybersecurity and privacy challenges that are inadequately addressed with current policies, guidance documents, and technical controls.
This report describes current practices in risk management, cybersecurity, and privacy management for protecting genomic data along with relevant challenges and concerns. Gaps in protection practices across the lifecycle were identified concerning genomic data generation, safe and responsible sharing of the genomic data, monitoring the systems processing genomic data, lack of specific guidance documents addressing the unique needs of genomic data processors, and regulatory/policy gaps with respect to national security and privacy threats in the collection, storage, sharing, and aggregation of human genomic data.
The report proposes a set of solution ideas that address real-life use cases occurring at various stages of the genomic data lifecycle along with candidate mitigation strategies and the expected benefits of the solutions. Additionally, areas needing regulatory/policy enactment or further research are highlighted.
Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of high value data which possess only a subset of these properties. The...
See full abstract
Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of high value data which possess only a subset of these properties. The characteristics of genomic data compared to other high value datasets raises some correspondingly unique cybersecurity and privacy challenges that are inadequately addressed with current policies, guidance documents, and technical controls.
This report describes current practices in risk management, cybersecurity, and privacy management for protecting genomic data along with relevant challenges and concerns. Gaps in protection practices across the lifecycle were identified concerning genomic data generation, safe and responsible sharing of the genomic data, monitoring the systems processing genomic data, lack of specific guidance documents addressing the unique needs of genomic data processors, and regulatory/policy gaps with respect to national security and privacy threats in the collection, storage, sharing, and aggregation of human genomic data.
The report proposes a set of solution ideas that address real-life use cases occurring at various stages of the genomic data lifecycle along with candidate mitigation strategies and the expected benefits of the solutions. Additionally, areas needing regulatory/policy enactment or further research are highlighted.
Hide full abstract
Keywords
cyberbiosecurity; cybersecurity; genomic data; human genome; genomics; privacy
Control Families
None selected
