Applying CVSS to Vulnerability Scoring in Cyber-Biological Systems

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

1 Scopus citations


With the advent of synthetic biology, security concerns are rapidly emerging spanning both the biological and the digital realms. These concerns materialize into concrete weaknesses and vulnerabilities in biological and biomedical systems and in their supply chains. Cybersecurity risks and their biological impact on biosafety and health must be considered when developing new protocols, biological systems, and supporting machinery. It is very important to assess the risk and impact of exploiting cyberbiosecurity vulnerabilities in a systematic and methodological way. The common vulnerability scoring system (CVSS) quantifies the risk and impact of vulnerabilities in digital (software and hardware) systems. Although vulnerabilities in the machinery supporting synthetic biology can be reported in a standard way, their severity scoring does not encompass the biosafety and health impacts. Furthermore, no current scoring systems exist for vulnerability assessment in the biological systems themselves (i.e., synthetic genes, biosensors, DNA chips, etc.). In this chapter, we challenge the ability of CVSS to address biosecurity and cyberbiosecurity concerns in synthetic biology by showcasing three different cyberbiosecurity attacks. We conclude that CVSS v3.1 scale is general enough to accommodate biological systems after minor adjustments of its specification. Specifically, we generalize the environmental metrics of CVSS to consider the security requirements of biological processes the same way they are considered for digital software or hardware. We further discuss a potential issue with the scope change metric of CVSS and the definition of security authority when it comes to living organisms.

Original languageEnglish
Title of host publicationCyberbiosecurity
Subtitle of host publicationA New Field to Deal with Emerging Threats
PublisherSpringer International Publishing
Number of pages20
ISBN (Electronic)9783031260346
ISBN (Print)9783031260339
StatePublished - 1 Jan 2023


  • CVSS
  • Cyberbiosecurity
  • Rubric
  • Vulnerability scoring

ASJC Scopus subject areas

  • General Medicine
  • General Engineering
  • General Biochemistry, Genetics and Molecular Biology
  • General Agricultural and Biological Sciences


Dive into the research topics of 'Applying CVSS to Vulnerability Scoring in Cyber-Biological Systems'. Together they form a unique fingerprint.

Cite this