A recent article by a group of cyber-physical security experts at University of California Irvine (UCI) highlighted a potential vulnerability in negative pressure containment rooms. https://dl.acm.org/doi/10.1145/3548606.3560643
A commentary about this article was authored by George Poste and David Gillum at Arizona State University asking the question: “Should this research have been published?” https://thebulletin.org/2023/01/researchers-hacked-a-labs-pathogen-containment-system-was-it-a-good-idea-to-publish-the-results/#post-heading
The authors discuss the impact of publishing lab vulnerabilities considering recent scrutiny of potential gain-of-function research and the relative lack of government oversight over this line of research. They go on to criticize the disparity between this release of information and how the cybersecurity community has handled disclosure of software vulnerabilities.
“The negative air pressure systems researchers could have chosen not to place their research in the public domain and communicate instead with those with who might be able to implement risk control measures. …The cybersecurity community has long adopted a “white hat” practice of sharing discovered software and hardware flaws with the relevant vendor companies to allow design and installation of patches ahead of public disclosure.”
While it is clear the research like that conducted by the UCI researchers is necessary and should be conducted, concern remains about the way the information was released into the public domain and the authors of the commentary correctly identify that appropriate and sufficient biosecurity for lethal human pathogen research and the facilities in which it is conducted is the challenge that needs to be met by both the public and private sectors.
Read the articles and come to your own conclusions, but this situation provides lots of food for thought.
