Applying CVSS to Vulnerability Scoring in Cyber-Biological Systems

Rami Puzis, Isana Veksler-Lublinsky

Cyberbiosecurity, 115-134, 2023

With the advent of synthetic biology, security concerns are rapidly emerging spanning both the biological and the digital realms. These concerns materialize into concrete weaknesses and vulnerabilities in biological and biomedical systems and in their supply chains. Cybersecurity risks and their biological impact on biosafety and health must be considered when developing new protocols, biological systems, and supporting machinery. It is very important to assess the risk and impact of exploiting cyberbiosecurity vulnerabilities in a systematic and methodological way. The common vulnerability scoring system (CVSS) quantifies the risk and impact of vulnerabilities in digital (software and hardware) systems. Although vulnerabilities in the machinery supporting synthetic biology can be reported in a standard way, their severity scoring does not encompass the biosafety and health impacts. Furthermore, no current …