DNA Analyzers can also be cyber vulnerable

July 16, 2012
I attended a High Tech Crime Task Force meeting where we were given a tour of the high tech crime lab. One of the locations on the tour was the DNA lab. There were several DNA analyzers which are available 24/7. Effectively, the DNA analyzer is a chemical analyzer. Consequently, I asked the tour host how maintenance was performed and if remote maintenance could be performed. I was told the system could be connected to the Internet, but wasn't. This brought up a number of questions I did not get a chance to ask:

I attended a High Tech Crime Task Force meeting where we were given a tour of the high tech crime lab. One of the locations on the tour was the DNA lab. There were several DNA analyzers which are available 24/7. Effectively, the DNA analyzer is a chemical analyzer. Consequently, I asked the tour host how maintenance was performed and if remote maintenance could be performed. I was told the system could be connected to the Internet, but wasn't. This brought up a number of questions I did not get a chance to ask:
- How do you know if the system has not been connected to the Internet
- Would you know if it were connected
- What security is employed by the system
- Are there control system cyber security policies in place
- How is firmware upgraded and by whom
- ...

It is interesting how may applications use control systems that may not be apparent:
Industrial facilities, mass transit, jail doors, traffic management, aircraft controls, amusement park rides, automotive controls, building controls, DNA analyzers,....

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]