Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of data that possess only a subset of these properties. The characteristics of genomic data compared to other datasets raise some correspondingly unique cybersecurity and privacy concerns that are inadequately addressed with current policies, guidance documents, and technical controls.
This report describes current practices in cybersecurity and privacy risk management for protecting genomic data, along with relevant challenges and concerns identified during 2022 NCCoE-hosted workshops with bioeconomy stakeholders and subsequent related research. Gaps that were identified by stakeholders include: practices across the lifecycle concerning genomic data generation; safe and responsible sharing of genomic data; monitoring the systems processing genomic data; lack of specific guidance documents addressing the unique needs of genomic data processors; and regulatory/policy gaps with respect to national security and privacy threats in the collection, storage, sharing, and aggregation of human genomic data.
The report proposes a set of solution ideas that address real-life use cases occurring at various stages of the genomic data lifecycle along with candidate mitigation strategies and the expected benefits of the solutions. The solutions recorded in this report reflect the bioeconomy workshop stakeholders’ proposed actions and activities.
Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of data that possess only a subset of these properties. The characteristics...
See full abstract
Genomic data has enabled the rapid growth of the U.S. bioeconomy and is valuable to the individual, industry, and government because it has multiple intrinsic properties that in combination make it different from other types of data that possess only a subset of these properties. The characteristics of genomic data compared to other datasets raise some correspondingly unique cybersecurity and privacy concerns that are inadequately addressed with current policies, guidance documents, and technical controls.
This report describes current practices in cybersecurity and privacy risk management for protecting genomic data, along with relevant challenges and concerns identified during 2022 NCCoE-hosted workshops with bioeconomy stakeholders and subsequent related research. Gaps that were identified by stakeholders include: practices across the lifecycle concerning genomic data generation; safe and responsible sharing of genomic data; monitoring the systems processing genomic data; lack of specific guidance documents addressing the unique needs of genomic data processors; and regulatory/policy gaps with respect to national security and privacy threats in the collection, storage, sharing, and aggregation of human genomic data.
The report proposes a set of solution ideas that address real-life use cases occurring at various stages of the genomic data lifecycle along with candidate mitigation strategies and the expected benefits of the solutions. The solutions recorded in this report reflect the bioeconomy workshop stakeholders’ proposed actions and activities.
Hide full abstract