Biological Security After September 11th
The terrorist attacks on September 11th and the subsequent mail deliveries of anthrax powders emphasize that civilization faces grave security challenges in the twenty-first century. As the United States and its allies work to fashion a long-term response, they should recognize that a broad conception of security will be needed to meet the many threats that they must confront. Biological security provides a powerful example. A sophisticated approach to biological security must be a key component of the overall strategy to be put in place. To be successful, this approach must transcend misplaced analogies to nuclear and chemical security.
Clear thinking on these issues is hampered by our very vocabulary. We speak of WMD (weapons of mass destruction) or NBCR (nuc-lear-biological-chemical-radiological) as if each of these were merely variants on the same type of weapon. But in fact these weapons differ tremendously in their proliferation potential, the challenges they pose for deterrence, and our ability to defend against them should they be employed.
A simple image makes this point especially clear. Picture a continuum extending from nuclear weapons, continuing through chemical and biological weapons, and terminating with cyber weapons at the other extreme. As one moves along this line, the efficacy of a nonproliferation regime becomes increasingly problematic. At the nuclear extreme, a nonproliferation regime is comparatively robust, whereas at the cyber end of the spectrum, it is nearly impossible. To frame the issues, it is useful to begin with a comparison of the two extremes.
Nuclear nonproliferation seeks to prevent the diversion of materials from civilian programs to military or terrorist weapons. The Nuclear Nonproliferation Treaty (NPT) provides the legal basis for a global inspection regime to detect diversion, carried out by the UNs International Atomic Energy Agency. These inspections have credibility because the facilities needed to produce weapons-usable uranium or plutonium are big and hard to hide. Supplementing the NPT, the U.S. has worked with other nuclear nations to prevent the transfer of specific nuclear technologies, and to impede the transfer of personnel (especially former Soviet scientists) with specialized knowledge.
For all its challenges, nuclear nonproliferation is comparatively robust, in part because the production of weapons-usable plutonium or uranium has substantial technical requirements (reactors or enrichment plants, respectively) that impose conspicuous bottlenecks upon any would-be nuclear program. Verification can be credible because the necessary facilities are few and can be monitored. These bottlenecks may only be avoided through the theft of weapons-grade nuclear material, which is why preventing nuclear theft is such a high priority in the post-Cold War world.
At the other extreme are cyber weapons. In this case, a verifiable nonproliferation regime is nearly impossible. Exports of certain high-end computers and components should be curtailed, but cyber attacks can be launched from personal computers in individual homes. A traditional nonproliferation regime would therefore appear to require unannounced inspections or the monitoring of hundreds of millions of residences and businesses. Cyber-security may benefit from certain nonproliferation measures, but it is a reductio ad absurdum for a traditional inspection regime.
Biological security resides between these two extremes, but hovers closer to the cyber end of the continuum. Potentially deadly organisms may be acquired in the course of legitimate scientific research. (The Ames strain used in the recent attacks may have been previously distributed to some two dozen scientific laboratories for legitimate research purposes.) They may also be acquired from naturally occurring disease outbreaksæ indeed, this is the ultimate origin of the agents used in nations historical biological weapons programs. Weaponiz-ing these agents has proved challenging for terrorist groups. (I am using weaponization to mean going from the biological strain to a preparation of the organism that is particularly suitable for distribution as a powder or liquid aerosol.) The Japanese terrorist group Aum Shinrikyo failed in its attempts to weaponize anthrax despite its substantial financial resources and scientific talent. But the recent attacks in the U.S. make it clear that a terrorist or terrorist group has either successfully crossed this threshold or else has succeeded in acquiring such material from a national weapons program.
Any biological nonproliferation regime will necessarily be less robust than its nuclear counterpart, because the relevant materials, technologies, and knowledge are far more widespread. And as biotechnology spreads even more widely around the globe and into standard education curricula, this problem can only worsen. Biotechnology will inevitably spread for reasons that have nothing to do with weapons proliferation as such, but rather with the natural expansion of biological knowledge relevant to advances in medicine, agriculture, and basic biological science.
What about steps apart from nonproliferation? Again, comparison with the nuclear case will help. In addition to nonproliferation, nuclear security has been based on deterrence and defense, with intelligence woven throughout. U.S. nuclear security has rested successfully on the twin pillars of nonproliferation and deterrence for five decades. Should nonproliferation fail, the United States and its allies rely on deterrence through the threat of retaliation. Deterrence by denialæ the ability to deter an opponent from an attack by the demonstration that the attack is unlikely to be successfulæ has not been an important component of nuclear security simply because there has so far been no effective defense. The doctrine of Mutual Assured Destruction was a grim recognition of this brute fact. Attempts at both active and civil defense have been made repeatedly, but so far they have not been sufficiently robust to be a central component of U.S. nuclear security strategy.
By contrast, biological security requires a different mix if it is to be effective. Of course the transfer of biological agents should be controlled where possible. Important steps have been taken domestically, but internationally too little has been done and this needs to be aggressively addressed. The spread of the technologies and personnel to weaponize biological agents should be impeded, and cooperative threat reduction with Russia in particular should give greater emphasis to this objective. But as already discussed, even implementing these important measures will leave biological weapons nonproliferation far less effective than its nuclear counterpart.
Biological terrorism also poses challenges for deterrence by the threat of retaliation. Deterring any form of terrorism may prove difficult, since some terrorist groups may be unconcerned about retaliation, or hope to remain unidentified. But the biological case is especially hard: because some diseases incubate for days or even weeks, identifying the perpetrators of an attack is all the more difficult.
Deterrence by denial, on the other hand, may prove a more robust tool for biological security than for its nuclear counterpart. Of course, warning and prevention are preferable to coping with the consequences of an attack, so intelligence is especially important. But as is now clear, biological attacks may occur without warning, and our ability to defend against them must be made more robust. Those responsible for the anthrax mail attacks have given us a terrible warning that far greater preparation is required if we are to be prepared to meet the consequences of a major biological attack.
Any robust defense against biological terrorism must be based on improving public health. Because of disease incubation times (smallpox, for example, has a two-week incubation time), the first responders to any biological attack are likely to be health care workers rather than fire, police, or military personnel. This is what was seen with the recent mail attacks, where the rapidity of doctors recognition that they were dealing with anthrax rather than some other illness was critical to the efficacy of the response for individual patients.
The effectiveness of disease surveillance is critical. Both sensitivity and connectivity is required. Sensitivity means the recognition by health care workers that a illness is out of the ordinary; connectivity is the reporting of this recognition vertically to local, state, and national authorities, and horizontally at all these levels.
Incubation times are often longer than international flight times, so international disease surveillance and response is required in addition to domestic measures. The United States welcomes 50 million visitors and imports $40 billion of food each year. While increased border inspections are an appropriate component of our response, we cannot hope to protect the U.S. by guarding its borders. For reasons that are both humanitarian and in our own self interest, we need to watch for disease outbreaks abroad and act to curtail and stop them overseas. But the domestic component of disease surveillance in nearly all nations, including the United States, is weak, and the international component is inadequate. Donor nations need to increase support for these efforts, and the United States should be especially engaged.
Besides improving disease surveillance, there are many other steps that must be put in place in the near-term, including developing and stockpiling vaccines, antibiotics, and antivirals. The enormous logistical challenges that would be created by any major outbreak, and especially an outbreak of a contagious disease, must be faced. We should quicken the pace of all these efforts, to which Departments of Health are as important as Departments of Defense.
The good news is that in 1999 the Biological Preparedness and Response Program (BPRP) was created within the Centers for Disease Control, and that nearly all of the needed domestic steps were put into place. The BPRP created the National Pharmaceutical Stockpile, worked to improve disease surveillance, funded improvements at the local and state levels, and conducted badly needed research. The bad news is that in fiscal year 2000, the budget of the BPRP stood at only $150 million. An adequate public health strategy for bioterrorism will require an order of magnitude greater funding. This is clearly on the horizon with the bills that are being debated on Capitol Hill as this piece is written. During a phone conversation about bioterrorism, a member of Congress recently said to this author, one or two billion dollars? That kind of money is easier done than said right now. The challenge will be to sustain this funding, and other funding that is directed at improving and maintaining capacity, as the temporal and psychological distances grow from the immediate crises of autumn 2001.
What most proposals about improving biological security in response to September 11 and its aftermath dont so far contain are improvements in the international element of disease surveillance. It is understandable that the attention of the legislative and executive branches should initially focus on improving domestic capacity. It is appropriate that immediate needs, such as adequate vaccine and antibiotics stockpiles, be addressed first. Yet biological security requires the developed world, especially the United States, to recognize that its ongoing self interest lies in improving public health in the developing world. And the explosion of biotechnology, with the potential weapons consequences that flow from it, demands that the scientific community begin serious discussions of its own responsibilities, and what measures it should take to meet them.