There is no “aftermath” yet in the COVID-19 pandemic as the virus rages on. Yet there is already a great deal of discussion around one particular topic — biosecurity — that will likely be a significant focus of attention in the months ahead.

Most scientists believe that COVID-19 originated in animals before being transmitted to humans, although there has been recent speculation that the virus could have come from lab experiments in China. Regardless, that has raised the possibility that the world may be entering a new phase where inadvertent or deliberate spread of biological viruses could challenge computer attacks for supremacy on the global threat index.

Can society guard against viruses aimed at human health in the years ahead? Some experts in the field of cybersecurity see parallels between decades of work to prevent the spread of machine-borne viruses and the more insidious potential of biohazards to harm the human race.

“In parts of my previous career I, when authorized, had the opportunity to help develop tools that were very precisely targeted against foreign adversaries,” said Phil Quade (pictured), chief information security officer of Fortinet Inc. and former special assistant to the National Security Administration director for cyber. “That’s a harder job than you think. The same is true of a naturally borne or custom bio virus. Not just any virus has the capability to do a lot of harm to a lot of people, but that doesn’t mean you can sit back and say, ‘Since it’s hard, it will never happen.’”

Quade spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, in a wide-ranging interview that covered many aspects of the cybersecurity world, including biosecurity. (* Disclosure below.)

Mix of laws

Scientists have been sounding alarm bells for years around the threat posed by organisms harmful to human and animal health. In 2001, a United Nations University draft report stated that invasive alien species, or IAS, “will become a significant issue for U.S. security in the next 20 years as IAS spreads like a global epidemic because of ‘human movement and unbridled trade.’”

Response to the scientists’ warnings around biosecurity has varied among nations. Australia, which coincidentally has reported low numbers of COVID-19 cases since the outbreak, enacted its biosecurity law in 2015 and began closing borders to foreign travel on February 1 as the virus spread from China.

Canada updated its quarantine laws in 2005 and New Zealand passed its Epidemic Preparedness Act in 2006. A draft of China’s first biosecurity law was submitted to that nation’s top legislative body in October and has now been fast-tracked in the aftermath of the outbreak.

In the U.S., biosecurity law is a patchwork quilt of federal and state-directed guidance and whitepapers. The country’s focus on biosecurity has been a story of starts and stops, as documented recently by Politico.

The primary biosafety directives for U.S. labs did not include a section on principles for biosecurity until 2007. Most of the applicable laws date back to legislation passed between 1996 and 2002, following the 9/11 terrorist attacks and anthrax scares.

Cybersecurity parallels

As much of the U.S. has learned over the past two months, biosecurity response has been left to state governments, which have taken an approach using techniques quite familiar to the cybersecurity world: isolation, segmentation, and gradual recovery.

“In the cybersecurity community, the fundamental strategy is about segmentation,” Quade noted. “Segmentation is what the nation is trying to do right now by quarantining and gradually reopening up things in segments. If you want to bring things back up to recover, you can do so with small chunks.”

The challenge for both cybersecurity and biosecurity has been prevention. What are the principles and practices that form a solid proactive biosecurity strategy?

That question has been receiving a great deal of debate in recent weeks as another separate outbreak has threatened the global pork supply. Buried among the tragic news surrounding the coronavirus pandemic has been the disturbing spread of African swine fever, which killed a quarter of the world’s pig population between 2018 and 2019 and has spread to 10 countries in Asia after originating in China.

During an industry conference in early April, livestock experts noted that the principles of good biosecurity must include using tools correctly and safely, addressing risk events in both planning and day to day, and propagating a work culture that thinks about biosecurity continuously. These practices will sound very familiar to anyone in the cybersecurity field.

Corporate adoption coming

By default, the massive impact of the global pandemic will almost certainly force companies to adopt biosecurity policies very soon. A number of companies have already begun outlining gradual steps for restarting operations.

Facebook Inc. Chief Executive Officer Mark Zuckerberg posted the news in mid-April that company gatherings of more than 50 people would be cancelled until June 2021, following a similar move by Microsoft Corp. Various organizations with actively staffed operations, such as Amazon, have required temperature checks and face masks before staff can enter the facility. Guidelines around physical proximity and strict limits on the number of people involved in any meetings will likely be part of widely adopted rules as other companies restart.

The current crisis will also likely result in the need for additional skills inside organizations. Along with data governance, there could well be new emphasis on biosecurity governance.

In a recent article, Dr. Sam Weiss Evans, a Harvard Kennedy School fellow, called for “experimentation” in new biosecurity procedures. Governance in the scientific field has been a slippery slope, as Evans noted, based on the assumption that scientists can govern themselves without having the training to spot security risks.

Cross-functional cooperation between individuals in the scientific and security communities could lead to better outcomes, as biology, security and society intersect. This was also one of the lessons learned for Fortinet’s Quade.

“A few years back, I was doing some research with a national lab, and we were looking for novel cybersecurity analytics,” Quade recalled. “We hired some folks who worked in the biomedical community who were studying bio viruses at the time. There was a lot of good cross-fertilization between our teams.”

Here’s the entire interview with Quade:

Following the attacks on 9/11, the focus of intelligence agencies and the security community has been on stopping terrorism. However, the definition of security will now have to include global health.

This may involve closer scrutiny of population-level data to determine if an outbreak, despite attempts to conceal it, may have occurred. There are hints that this kind of work, including analysis of meta-data from phones, is already well underway among some government intelligence agencies.

Will focused attention on biosecurity result in a safer world? In “Through the Looking Glass,” published by Lewis Carroll in 1871, one of the characters says: “It takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!”

As events in 2020 have shown, if the world is indeed going to improve its posture in biosecurity, it had better pick up the pace.

(* Disclosure: Fortinet sponsored theCUBE video interview with Phil Quade. Neither Fortinet nor other sponsors have editorial control over content on SiliconANGLE or theCUBE.)

Image: Pixabay