While the most dangerous pathogens are kept securely under lock and key, security for computerized data about these pathogens is less tightly regulated, a Saint Louis University paper asserts.

“Current vulnerabilities in information security affect not only the physical security of select agents but also the security of dual-use research,” says senior author Dr. Carole Baskin, associate professor in the College for Public Health and Social Justice who worked in a unique collaboration with first-author Mr. Nick Lewis, former chief information security officer at Saint Louis University and now program manager for trust and identity at Internet2®, an advanced technology community founded by the nation’s leading higher education institutions, and Dr. Mark Campbell, biological safety officer and select agent responsible official at SLU.

There has never been more research on “select agents” – biological agents and toxins considered severe threats to public, animal, and plant health – than in the past decade, the research team says; but the information security guidelines published by select-agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act – a requirement for government agencies.

The paper, “Information Security For Compliance With Select Agent Regulations”, has been published online by Health Security (formerly Biosecurity and Bioterrorism: Biodefense Strategy, Practice, and Science), ahead of the May/June print issue.

“The understanding of the threats unique to academic and research environment is still evolving, in part due to poor communication between the various stakeholders,” Lewis says.

The article takes an in-depth look at the vulnerabilities of the current guidelines and offers two solutions:

• The same standards required for government agencies by the Federal Information Security Management Act should be implemented for select-agent restricted data and research data.
• There should be a secure platform to exchange information about biosecurity IT, allowing institutions to learn from the failure of others and verify that their own systems could withstand similar threats.

“The benefits of a proactive approach to making the changes now will, in the authors’ opinion, outweigh the monetary costs, and prevent security and research expenses of reactive measures that would need to be implemented if a major security breach were to occur.”