Don’t Forget Biological Threats
From the standpoint of risk analysis, recency bias—that is, an overwhelming focus on events that have happened most recently—is one of the most nefarious psychological blinders. It nudges us toward considering what is important now but can prevent both a thorough review of the past and an imaginative look into the future. Our immediate past has elevated issues such as cybersecurity and drones to the top of risk forecasts. These are critical, but biological threats (or “biothreats”) deserve our attention more than ever. And yes, even corporate security professionals should care.
Why Biothreats Receive Less Attention
To be fair, recency bias is not the only reason why biological threats get short shrift. The Anthrax attacks of 2001 brought biothreats back to the foreground in the public eye, but nearly twenty years have passed and most domestic bioterrorism plots since then have been averted. The plots that have involved foreign organizations, meanwhile, have been obscured by the many kinetic- and cyber-attacks perpetrated by these same groups. Finally, the disease outbreaks that have struck—for example, SARS (2003), influenza H5N1 (2007), influenza H1N1 (2009), Ebola in Western Africa (2013-2016), and Ebola in the Democratic Republic of the Congo (present)—either ended with a whimper as in the case of swine flu, or been too contained to remote locations to be top of mind. It is true that biothreats are on the radar of the global health community and the well-read public, but corporate security professionals have simply not paid as much attention.
Biothreats have also been low on the list of corporate security priorities because of the very tangible reasons for focusing on concerns such as cybersecurity and drones. The costs of cyber threats to enterprises is well-established—$3.9 million per breach, according to a 2019 study by IBM and the Ponemon Institute. As for drones, who can forget the recent attack on Saudi Aramco facilities, the assassination attempt on Nicolas Maduro, or even the 30-hour suspension of flights at Gatwick Airport in the U.K. last December?
Why Biothreats Should Receive More Attention
Although biothreats have not made front-page headlines of late, thinking of them as theoretical is dangerous. Numerous recent developments—both natural and man-made—are real causes for worry that security teams need to track. Here are a few key trends:
- Bioterrorism may have just reached a milestone – the biodefense community has long noted that biological weapons are easier to create than other weapons of mass destruction. A June 2018 arrest of a Tunisian national in Cologne, Germany may confirm this long-held wisdom and mark the first time an Islamic terrorist successfully produced a biological weapon (ricin) using nothing but instructions on the internet.
- Infectious diseases are still emerging – as David Quammen has explained in his book Spillover, the further humans push into natural habitats, the more likely we are to see outbreaks of infectious diseases we know and those we don’t. In this context, the emergence of Nipah virus in 1999 is not a surprise. Neither is the spike in Zika cases in 2016 or the worsening threat of Ebola.
- Known infectious diseases are here to stay – speaking of Zika, you may be forgiven if you think it disappeared. It hasn’t. In 2018, there were almost 20,000 infections in Brazil and the disease is circulating across Latin America, Africa, and Asia. The U.S. Centers for Disease Control and Prevention (CDC) maintains a site highlighting the spread of Zika, but its exact status in each country is uncertain.
- “Vectors” without borders – while the world is busy erecting barriers to trade and people, vectors—organisms that carry and transmit infectious diseases—are still globalizing. The Aedes aegypti mosquito, in particular, is expected to spread further globally, including in the U.S. The mosquito is a known carrier of dengue and cases of the disease have recently appeared in South Florida.
- We are not ready for a pandemic – this was the conclusion of the first report produced by the Global Preparedness Monitoring Board, a body convened by the World Bank and World Health Organization (WHO). The report notes the real risk of tens of millions perishing in a global pandemic.
- Vaccine skepticism has surged in recent years – vaccine skepticism is not just a phenomenon associated with Bay Area parents or the Orthodox Jewish community of New York City. Skepticism is considered a “top threat” to global health by the WHO. If your firm’s personnel are vaccinated, should you care? In the case of measles, maybe not. In the case of other infectious diseases on the horizon, absolutely.
- Antimicrobial resistance is worsening – yet another biological threat we are facing is the crisis of antimicrobial resistance—already responsible for some 50,000 deaths annually in the U.S. and Europe. With superbugs ranging from Methicillin-resistant Staphylococcus aureus (MRSA) to the fungus Candida auris appearing in medical facilities, even standard treatment for executives or company personnel could put them at risk.
- Laboratory safety and security may need bolstering – in the category of “risks that are highly unlikely, but potentially catastrophic,” we must place the potential for dangerous pathogens to be accidentally released by research laboratories themselves. A September 2019 gas explosion at a Russian laboratory storing smallpox samples (one of two such labs in the world) is one disturbing example. Lest Americans call the Russian kettle black too quickly, one of the most prominent government laboratories in the U.S. was shut down in August for failing to meet biosafety standards.
Next Steps for Security Professionals
Most of the trends I’ve mentioned are not typical concerns for security personnel, so what can we do? First, make sure your organization is prepared. Corporate security doesn’t typically “own” the pandemic plan, but security should be at the table when it is being revisited. If there is no pandemic plan apart from general crisis management planning, lead the push to develop it. Apart from the general welfare of company employees, a pandemic plan will help ensure continuity of operations for your own team. Preparedness also means understanding the potential tactics associated with deployment of bioweapons as well as countermeasures. And if you work in health or pharmaceutical research, take care to fully understand the dual-use value of your biological assets.
Second, get serious on health and medical intelligence. While country guidance from the CDC as well medical advice from travel risk companies is a good start, there’s more that you can do. Signing up to ProMED alerts and searching recent posted cases can help identify outbreaks long before they hit the news cycle. As with any open-source intelligence collection, looking for signs of an outbreak in local news will also help flag issues before international media catches up. For broader, global context you can also consult the daily news updates posted by the University of Minnesota’s Center for Infectious Disease Policy and Research (CIDRAP). Remember that intelligence on medical facilities may be as important as analysis of outbreaks themselves.
Finally, corporate security professionals should think big and think far when it comes to biological threats in the same way that we currently do about other emerging issues and technological challenges (e.g. artificial intelligence or the internet of things). What would it mean if terrorists were able to leverage research on disease modification? Can gene editing techniques create new security vulnerabilities? Are we prepared for the potential dangers of pathogens released by thawing permafrost? Corporate security should be part of these conversations.