Tag Archive for: biosecurity

Like biosecurity, cybersecurity is essential for rural industries

When you enter Australia, you meet some of the strictest biosecurity screening in the world. Even domestically, if you travel to South Australia with any kind of fruit in your bag, you could be facing a $375 fine.

These protocols may seem frustrating. But they’re crucial in keeping our unique environment and rural industries—such as food and agriculture—safe from biosecurity threats.

But biosecurity is far from the only threat to rural industries. As these industries evolve and the adoption of new technologies and devices increases, we lack investment and understanding of less visible but equally damaging security threats such as cybercrime.

The agrifood tech industry is rapidly evolving in Australia, attracting $800 million in investment every year. Smart devices and machinery using artificial intelligence and internet of things (IoT) connections are becoming more integrated in supply chains.

They’re also crucial in helping the sector tackle an increasingly difficult production environment. High resolution weather monitors, powered by AI and satellite radar systems, are providing farmers with data to help deal with ever-changing and increasingly severe weather patterns.

Some devices are allowing businesses to be more data-driven, while others are offering previously unthinkable flexibility in distant control of essential devices. Refrigerator temperatures can be controlled from afar, irrigation networks can be managed from elsewhere on the farm, and self-driving tractors are set to hit the market in 2026.

Innovation and technology adoption will be necessary to meet the National Farmers’ Federation’s ambitious plan for the industry to exceed $100 billion farm-gate output by 2030. To achieve this, the industry needs to almost double its current annual growth rate, from 3 percent to 5.4 percent. But the plan fails to mention cybersecurity, a key factor considering these innovations can be susceptible to the deep dark corners of the web.

For food storage, the ability to control temperature storage units from afar increases flexibility and allows for optimised storage of goods. But what if the temperature control system is breached, contaminating all of the product? Worse, what if a breach goes undetected and contaminated food reaches supermarket shelves?

Sometimes these breaches may not even be malicious attacks. They may be unintentional outages. But without systems to find and report these outages efficiently, the effects are exacerbated.

Due to the vertical integration of the food and distribution supply chain, if any of these devices are threatened or outages occur, the breach can ripple throughout the industry, disrupting national and global food supply chains and putting people’s health at risk.

IT, IoT and operational technology (monitoring-and-control systems) have become so embedded in the processing of our food and grocery supply chains that their smooth running is now crucial for business and industry continuity.

In 2023, a cyberattack forced US food giant Dole to suspend production in North America and halt food shipments to grocery stores. Although resolved quickly, the outage caused days of delays.

The most notable and largest attack on the agriculture, food and distribution industry was the cyber attack on the world’s largest meat supplier, JBS in May 2021. For five days, the attack caused JBS to temporarily close factories in the US, Canada and Australia. To unlock its systems and continue production, JBS had to pay hackers around $16.5 million.

Not only are products and goods at risk from malicious cybercrime in the industry, but business critical data is stored throughout the extensive supply chain network. And in cybersecurity, data is the prize.

In 2020, there was a ransomware attack on Talman Software, the IT system underpinning auctions and exports used by 75 percent of Australia and New Zealand’s wool industry. Although this attack did not affect the distribution of perishable products, the system shutdown prevented wool sales that the week, withholding $70 million worth of product from the marketplace. Once up and running again, this caused an increased supply of wool in following weeks and drove prices down. The consequences of one business outage shook the entire industry.

We know how important agriculture, food and distribution companies are for Australia. That’s why we need to view cyber-physical system security in IT, operational technology and IoT as essential.

Protecting this critical infrastructure from cybercrime is critical, and there are important legislative requirements such as the Security of Critical Infrastructure Act to which these industries need to adhere.

The increased integration of technology is necessary for Australia to remain a leader in these industries and should be encouraged.

But with innovation there is often risk, and as we do at the border with biosecurity, we need to pay close attention to how we can proactively prevent threats from infiltrating our supply chains.

Australia needs a more comprehensive strategy to deal with biosecurity threats

US President Joe Biden’s national security strategy sets out his administration’s plan to advance America’s vital interests, position the US to outmanoeuvre its geopolitical competitors, tackle shared challenges and set the world firmly on a path towards a brighter and more hopeful future. It’s understandable, when the world is still dealing with the Covid-19 pandemic, that the strategy details how the US aims to foster a cooperative approach to global health security.

The pandemic exposed weaknesses in healthcare systems across the globe. Many nations failed to address the spread of the virus, and the US did too little, too late.

In 2019, the US was ranked the most prepared nation in the world for pandemic readiness, but substandard policy and leadership undermined its ability to respond effectively to Covid. It paid in lives and economic damage.

With significantly lower Covid case numbers than the US, Australia faced similar challenges. Poor coordination between jurisdictions on, for example, the handling of cruise ship cases, undermined successes. Confusing public-health messaging about the AstraZeneca vaccine hampered Australia’s ability to slow the spread. That and other factors led to a reliance on community lockdowns that stagnated the economy while hoping for ‘Covid zero’.

The pandemic also highlighted inadequacies in the larger system of global health governance. As nations turned inward to control the virus, international coordination went out the window. China dragged its feet on sharing vital genomic information with the World Health Organization at the onset of the pandemic. The US under Donald Trump’s administration withdrew funding from the WHO. Nations squabbled for early access to vaccines and rejected the WHO’s cries for collective vaccine development. And the WHO itself was widely criticised for its failure to act decisively when the virus first emerged, revealing deficiencies within the organisation.

While Covid-19 pandemic has cost many lives, worsened economic inequality, increased human suffering, and is forecast to cost US$12.5 trillion by 2024, it fell well short of an apocalyptic scenario. It appears that the Biden administration is preparing for what may still come. Biden’s strategy recognises Covid failures and sets out to prepare for the next ‘catastrophic biological risk’, whether that’s a ‘natural’ pandemic or a deliberate or accidental biological event. The strategy details Biden’s goal to position the US and its allies to set national health standards and outlines how the US will foster global cooperation on international health issues.

Biden appears to have learned from Beijing’s vaccine diplomacy successes over the past few years. The US has reinstated funding to the WHO and recently raised record-level funding for the Global Fund to Fight AIDS, Tuberculosis and Malaria. Biden intends to continue improving public-health and vaccine access for other nations, recognising the importance of a strong global health system driven by cooperation with others, ‘including those with whom we disagree’.

The strategy also outlines how the US will contribute to global efforts to mitigate the threat posed by deliberate and accidental biological risks, including bioweapons and pathogens escaping from laboratories. Biden aims to achieve this by bolstering the Biological Weapons Convention, addressing the dual-use technology challenge, encouraging international norms against bioweapon use, and building strong biosecurity and biodefence policies. In short, the US is turning its back on Trump’s problematic and narrow-minded approach to biodefence and is adopting a policy reminiscent of his predecessor Barack Obama’s national strategy for countering biological threats.

Biden’s strategy recognises that biological risks pose a significant threat, not only to the lives and wellbeing of humans, but also to national security. It captures the intersecting nature of the dangers posed by pandemics and those arising from accidental and deliberate biological threats. It plans to address perhaps the largest lesson from Covid, that ‘pandemics know no borders’.

Under Prime Minister Anthony Albanese, Australia published its first national biosecurity strategy, detailing the biological threats facing the agricultural sector and outlining the biosecurity impacts of emerging threats like climate change. The strategy explains how Australia will ‘leverage opportunities for improvement’ by enhancing community engagement, building more flexible and coordinated preparedness and response mechanisms, and fostering regional and local collaboration. Given the advent of Covid-19, it’s not clear why the document doesn’t address biosecurity threats that may directly affect humans.

This appears to be a significant lapse when we’re still in the Covid era. No nation was adequately prepared for the pandemic, yet we have the opportunity to learn from our mistakes, improve national public-health standards and develop a stronger global health system able to respond to biological risks across the spectrum. Biden’s strategy identifies ‘a narrow window of opportunity to take steps nationally and internationally to prepare for the next pandemic and to strengthen our biodefense’.

An Australian strategy should consider public-health capabilities as a national security issue requiring immediate attention. Integrating biosecurity and biodefence into a larger, more wholistic strategy would recognise the intersecting needs to prepare for and defend against a wide range of biological threats. Such an approach would provide a greater return on investment than a siloed policy that deals with accidental and deliberate biological risks independently.

While Australia was ranked second in the world for its pandemic preparedness by the Global Health Security Index 2021, we have identified weaknesses in our prevention and rapid-response mechanisms. A future strategy should discuss how Australia could address these.

Finally, by recognising that our own security against biological risks is only as good as our neighbours’ preparedness, we need to invest in core public-health capabilities in the region and look for opportunities to collaborate towards building a more effective system of global health governance.

The US’s return to an outward-looking, cooperative and preventive approach to biological risks marks a giant step in the right direction, and shows how nations, including Australia, should be proactively preparing for the next pandemic, and for all biological threats. More clearly defining its national strategy would be a good place for Australia to start.

Developing an Australian cyberbiosecurity mindset

How easy is it for a motivated actor to access your DNA, and why should you even care? These questions have long led to a Pandora’s box few are willing to open; Covid-19 has changed that. Even if you’ve never given your DNA away, your third cousins may have compromised your privacy if they’ve decided to trace their genomic origins on Ancestry.com. Now that might be okay for most people today, but it could be a problem if the DNA of Australian special forces personnel were compromised via targeted attacks on third cousin data stored by Ancestry.com or 23andMe. Welcome to the world of cyberbiosecurity.

Security issues arising from the ongoing convergence between the life sciences and the information sciences have become much more topical since the advent of Covid-19. Yet, even prior to the pandemic, the US Bipartisan Commission into Biodefense was investigating the issue. A 2019 hearing of the commission, titled ‘Cyberbio convergence: characterising the multiplicative threat’, raised issues such as the vulnerability of pathogen and biomanufacturing systems, biological risk mitigation, and the vulnerability of intellectual property in the national and global bioeconomy.

These are issues that arise from the moment of cyberbio convergence we are living through. Advances in the life sciences have made biological systems easier to engineer at ever increasing speeds and ever decreasing costs. It is exactly this type of convergent acceleration that enabled 20 years of research into mRNA to be translated into a global Covid-19 vaccine rollout in less than 12 months.

There are massive health and bioeconomic benefits to be derived from this convergent moment. But as with all technological breakthroughs, there will also be risks. The challenge of the post-Covid world is to maximise the upsides of advances in biotechnology while minimising the downsides. That is why a cyberbiosecurity mindset is so important.

The reason that 2020 is so significant from a biotechnology point of view is because it marked the first time in the information age when the relationship between life and its digital mirror became inverted. Up until 2020, we had typically harvested information from the living environment by one or more mechanical means—a satellite, drone, medical protocol or DNA sequencer. This was a one-way process, harvesting information from the living environment and storing it in a digital twin. In 2020 we went backwards: we digitally designed vaccines and pushed them back into the living environment. Now that it’s been done once, it will be done again, and the US government’s recently announced Apollo program funding for biodefence is specifically designed to accelerate these biodesign timelines.

This is why Australia needs a cyberbiosecurity mindset, because we are now living in an age where information moves between living and cyber systems in a two-way flow. That two-way flow brings net benefits. It empowers us to respond to emerging infectious diseases among humans, animals and crops. It empowers an emerging circular economy based on carbon waste reuse. And it empowers the biomanufacturing of advanced materials such as experimental spider silk aviation composites. These are all opportunities where Australia would have a massive comparative advantage if we were to support our bioeconomy to properly pivot and move up the value chain.

Yet, this two-way information flow also brings new risks, and one of those risks is how it can empower new types of grey-zone warfare. Cyberattacks on vaccine manufacturing supply chains, hospitals and digital stores of genomic data are just some of the less exotic cyberbio threats out there. The more exotic ones include engineered pathogens that mimic the symptoms of common diseases, or identifying individuals with autoimmune disorders and provoking fatal immune systems events, known as cytokine storms. These types of grey-zone tactics all fall within what one might call the Havana syndrome playbook. Detection will be difficult, attribution will be difficult, and mitigation will be costly. Technological adaptation and acceleration will be the norm.

I explored the underpinning trends of grey-zone ambiguity and cyberbiosecurity earlier in the year from an academic standpoint. It’s now time for the policy–practitioner interface of defence, security, intelligence and diplomacy to catch up. Australia risks sleepwalking into a world where we are the technology takers of cyberbio systems that are compromised by vulnerabilities we can’t imagine are possible. Policymakers need to fund a deep dive on these issues with technicians and scientists, especially as Australia moves towards funding a host of critical biomanufacturing facilities that will support pandemic preparedness, carbon waste reuse and a next-generation bioeconomy.

While the advance of technology creates benefits that we can all enjoy, it also creates emergent security issues that cannot be known in advance. If we want to enjoy the economic, health and security benefits of a burgeoning bioeconomy, then we need to do the hard work on anticipating and mitigating the risks. Perhaps more importantly, we need to do this work in a world of techno-strategic dynamism that is fuelling an acceleration of technological change and adaptation.

Rethinking Australia’s biosecurity

Australia may no longer ride on the sheep’s back, but our economic and cultural links with the land and agriculture remain strong. Arguably, Australia’s economy remains intrinsically linked to agricultural production. Deliberate or accidental biosecurity breaches, such as this month’s strawberry contamination scare, present very real economic threats to Australia with potential long-term impacts, ranging from harm to agricultural output to the potential manipulation of local or global agricultural markets.

ASPI’s latest research report, Weapons of mass (economic) disruption: rethinking biosecurity in Australia, highlights how biosecurity incidents may be a preferred means for generating significant disruption by state and non-state actors, as they provide avenues to inflict significant social and economic harm and affect the thinking of decision makers within Australian government.

Targeted biosecurity incidents may be used by both state and non-state actors to punish foes economically, while others, like transnational organised crime groups, could use such incidents to shape market futures and derive profit from foreknowledge of disruptions to trade or changes in commodity value.

The capability to acquire the materials, equipment, information and expertise to manufacture super-toxic substances was once the domain of national scientific programs. The report highlights a concern for Australia, and the world, that it’s becoming easier to get precursor materials and access information on how to create toxic or even super-toxic substances that can be used as biological weapons.

There seem to be few disincentives for either state or non-state actors to not use pests, chemical contaminants, emerging bio-technologies or disease as a means for disrupting our economy. The acquisition and use of many biosecurity risk vectors don’t require sophisticated knowledge or capabilities to be weaponised, made more dangerous, transported or deployed.

There can be no doubt that efforts to prevent, respond to and recover from the incursion of pests and diseases that threaten the economy and environment are seen as critical by industry and federal and state governments. This ‘collective’ applies existing capabilities to ensure continued market access for our agricultural products and to protect animal and plant health (APH) more broadly.

Successive Australian governments have been successful in limiting the number of situations where accidental, unintentional or negligent biosecurity practices could have affected the agricultural industry. Governments have so far managed to stop disease or contamination on a scale that affects both domestic food safety and economically important export markets.

In June, the Turnbull government made further investments in Australia’s APH biosecurity defences to the tune of $137.8 million over five years. This new investment will reinforce current efforts with cutting-edge biosecurity technologies, data analytics and intelligence. However, given the increased recognition of the potential for deliberate and malicious incidents illustrated by the use of chemical weapons in the Syrian conflict, ensuring sustained alignment of capabilities from both the APH biosecurity lens and the security-focused lens would generate benefits for national security.

An area of increased importance for Australia is convergence of the threat of the use of chemical or biological materials (as weapons) by criminals or terrorists and the natural occurrence of diseases in agricultural settings. Each risk vector is important in and of itself, but their combination creates a suite of wicked problems that logically require enhanced collaboration among agencies—private and public—along with new and different levels of attention to detail.

This research argues that, for these reasons alone, aligning responsibility for biosecurity outcomes—in terms of customs and border security, agricultural systems viability as well as animal and plant health—with broader considerations of national security capability deserves further thought.

While we do not want to create undue concern or belittle the ongoing oversight and capabilities of our APH biosecurity systems, the report provides examples of how a handful of infected frozen prawns, an infected cow or chemical contamination could trigger significant cascading economic impacts to entire industries. In many cases, infection or contamination need not be widespread, but simply detected, to have devastating impacts.

In responding to the uncertainties of evolving agricultural and potential biosecurity threats, whether sourced from state or non-state actors, we make the following recommendations:

  • The Department of Agriculture and Water Resources and the Department of Home Affairs (and affiliated agencies), along with the Department of Health, law enforcement agencies and relevant public and private sector agencies, should undertake annual ‘red-teaming’ and ‘horizon-scanning’ exercises to ascertain whether the scope of biosecurity threats, developments in synthetic biology and emerging technologies and risk exposures (including vulnerabilities) are sufficiently understood and matched against current and future multi-agency capabilities.
  • The National Security Committee of Cabinet should consider whether the current arrangements for responses to emergent biosecurity threats are sufficiently well coordinated to deal with deliberate attacks aimed at disrupting Australian biosecurity or food security.
  • The National Intelligence Committee should examine whether current intelligence priorities and sense-making capabilities, especially with respect to biosecurity indicators, adequately address the threat of deliberate biosecurity attacks that aim to cause economic and societal disruption.