On May 13, 2020, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Research Agency (CISA) issued an announcement directed at organizations involved in COVID-19 research to be on increased alert against potential cybersecurity attacks. The announcement stated that actors from the Peoples Republic of China (PRC) have targeted and potentially have compromised organizations involved in COVID-19 research, including those researching potential treatments, vaccines, and tests in an attempt to obtain intellectual property and health data.
The announcement notes that the increased attention an organization associated with COVID-19 research activities has received may result in increased interest by attackers seeking to launch a cyberattack. As a result, the announcement urges organizations conducting COVID-19 research to remain especially vigilant to insider and external cybersecurity threats.
Although the announcement provides little evidence that the threats are unique to the PRC, it reminds us that cybersecurity attacks not only originate from malicious individuals and other organized hacking groups, but they may also be launched from well-funded nation-state actors. Unlike individuals or organization hacking groups who are often looking to monetize information or bring down an organization, nation state actors may have additional motivations, including industrial espionage and other types of economic incentives. This is especially true for COVID-19 research, where the economic impacts of an organization’s research, if successful, may be significant and world-changing. The modification of information may drive research in the wrong direction and the unavailability of data could set back advances at a critical time. Therefore, organizations should not only be on alert for attacks that impact the confidentiality of critical research data, but also for attacks that may impact the integrity or availability of this data.
The FBI’s warning should prompt organizations involved in COVID-19 research (or almost any organization) to review and update its security measures, including:
For more information about these security measures or in the event of a confirmed or suspected security incident, please contact your Foley relationship partner. For additional web-based cybersecurity resources, CISA offers additional COVID-19 related cybersecurity resources that can be found here.
Foley has created a multi-disciplinary and multi-jurisdictional team, which has prepared a wealth of topical client resources and is prepared to help our clients meet the legal and business challenges that the coronavirus outbreak is creating for stakeholders across a range of industries. Click here for Foley’s Coronavirus Resource Center to stay apprised of relevant developments, insights and resources to support your business during this challenging time. To receive this content directly in your inbox, click here and submit the form.