In a May 2 speech Anthony Fauci, director of the National Institute of Allergy and Infectious Diseases, emphasized that "we cannot become complacent" about microbial threats. A recent article
in I/S: A Journal of Law and Policy for the Information Society
notes that the "financial, intellectual, and material barriers to bioterrorism are falling at a faster rate than other WMD threats. It is already estimated that the cost of killing one person with a biological weapon is $1. . . . The lethality of infectious diseases provides a uniquely tempting and accessible force of destruction for terrorists."
The revolution in molecular biology has brought with it an array of tools for tinkering with infectious pathogens. Not only can molecular biologists swap genes in and out of organisms to increase their virulence or resistance to antibiotics, they can now assemble entire pathogens wholly from scratch. In 2002 scientists at the State University of New York at Stony Brook unveiled a poliovirus synthesized over a three-year period using nothing but chemicals purchased on the open market. A year later, a team at the J. Craig Venter Institute in Rockville, Maryland, assembled a virus of similar complexity in just three weeks.
Concern over this technology's potential misuse has prompted Harvard University geneticist George Church to suggest that instruments used to string together DNA sequences should be registered and regulated. (Interpol heartily seconded the idea). Although bioengineering probably lies well beyond the capabilities of a typical terrorist, one rogue biologist could wreak devastation. "I'm less worried about terrorists becoming biologists than biologists becoming terrorists," says Gerald Epstein, senior fellow at the Homeland Security Program at the Center for Strategic and International Studies in Washington, D.C.
Scientific literature is thick with examples of well-intended experiments gone awry that yielded results only a terrorist could love. While trying to come up with a contagious method of birth control among rodent pests, an Australian lab in 2001 modified a mousepox virus, which, unintentionally, caused the rodents' immune system to fail completely—even in animals previously vaccinated against mousepox. Because the results hinted that human viruses might be similarly manipulated, a debate broke out over whether publishing such results would aid terrorists. A more recent incident—the 2005 publication in the journal Science of the sequence of the 1918 flu virus, which killed more than 20 million people—prompted computer pioneers Ray Kurzweil and Bill Joy, in a New York Times op-ed article, to rail against too much scientific openness.
Some of the most alarming experiments demonstrate that genetically engineered biological agents can provoke irreversible changes in the nervous system and the brain. During the 1980s a Soviet bioweapons lab altered a pneumonia-causing bacterium so that in addition to causing respiratory illness, it could also prompt an immune response to myelin, the sheathing on the nerves. Over time, the pneumonia would pass, but the impact on the nervous system would emerge as symptoms of multiple sclerosis—for which there is no cure. Other potential nightmares, reported in a recent issue of Technology Review, involve biologists creating customized viruses that can target critical cognitive circuitry, selectively inducing paranoia, engendering calm, or obliterating memory.
And then there are microbes that could do devastating damage outside the human body. In one of the most disturbing (if fantastic) scenarios, metal-eating microbes might be exploited to infest and destroy computers.
"The ultimate computer virus would be one that did not just eat code but the components of machines," says Eileen Choffnes, study director for the National Research Council and the Institute of Medicine's recent report, "Globalization, Biosecurity, and the Future of the Life Sciences." Strains of bacteria like Shewanella oneidensis have been developed with funding from the Department of Energy to clean up contaminated weapons facilities. The organisms thrive in toxic environments and metabolize metal. They could easily consume the exposed leads on a computer. Superbugs of the future could also degrade the plastic that encases chips.
Few scientists consider computer-eating bacteria to be a real threat, however. "On a scale of threats from 1 to 10, this is about a .01," says Steven Block, a physicist and biologist at Stanford University and a member of the National Research Council's committee on biowarfare. "If you can get that close to a computer, you may as well hit it with a hammer."
Fortunately, imagining custom-engineered microbes is far easier than actually producing, maintaining, handling, and dispersing them. Craig Venter scoffs at the idea that terrorists would go to the trouble of devising a synthetic bacterium or virus. "Instruments like the DNA synthesizer have been available for 50 years. It's not a new technology. People are becoming aware of its power and potential, so there's a lot of concern about it. If somebody wanted to do harm to the population or the planet, they would make antibiotic-resistant infectious agents. That's something any high school biology class can do."
David Franz, director of the National Agricultural Biosecurity Center at Kansas State University and a former specialist on biological weapons for the U.S. Army Medical Research Institute of Infectious Diseases, worries that smallpox, although extinct in the wild, could reemerge if thefts occurred in the two facilities that still keep samples. And foot-and-mouth disease, although it does not infect people, could devastate the economy if set loose among livestock. Fortunately, countermeasures against these threats already exist. "We now have enough vaccine for smallpox to immunize the population," Franz says, "and that happens to be a vaccine that you can give after the fact, for three or four days. We have vaccines now for anthrax and antibiotics for anthrax, and we have some stockpiles and a lot of other preparations for foot-and-mouth disease."
Since the 9/11 attacks, funding for biodefense research and public-health preparedness has risen from $418 million in 2001 to more than $5 billion in 2006. Before the funding, some state health departments did not even have computers. To scout for potential attacks and disease outbreaks, the Department of Health and Human Services now monitors patterns of emergency room visits, over-the-counter drugs and school absenteeism. In the Department of Homeland Security's BioWatch program, mailbox-size machines gather air in major urban areas to be tested for DNA of smallpox, anthrax, plague-causing Yersina pestis, and other pathogens on a federal list. The companion BioShield program, funded with $5 billion over 10 years, will purchase new vaccines, antiviral agents, and antibiotics.
"If we have these tools," Venter says, "then bioterrorism goes away as a threat." Marc Wolfson, public affairs specialist on emergency preparedness for the Department of Health and Human Services, isn't so confident: "We can develop the best countermeasures in the world, but if they're not there in time to help treat the patient, then they're not effective."
The best countermeasures to bioterrorism, Franz says, are the same ones already used to combat infectious disease: "Supporting the public-health system is crucial because it would be very hard to tell emerging disease from bioterrorism." Upgrades also would be valuable in protecting public health, regardless of whether any malicious biological agent is released.
"Natural infectious disease is a far greater threat than bioterror," says Steve Block of Stanford. "We have more people dying of the flu in a hospital in any major city on the weekend than died of anthrax during the entirety of the 20th century. The death toll due to flu is unacceptable. If the government is willing to spend billions on terror, we need to make sure that that money is well spent on the eradication of infectious disease in general."
Manipulating natural diseases is a difficult and, for now, a largely theoretical risk. Technological infection, on the other hand, is a threat with which the general public is all too familiar. Some security experts worry that the Internet could itself collapse under terrorist attack. In 1999 the Defense Advanced Research Projects Agency (DARPA), creator of the original InternetCK, investigated the risk of it's being taken over by a virus or worm. The result of their study was a paper titled "How to Own the Internet in Your Spare Time," which predicted that worms could bring down the Internet in minutes. Prescient, but apparently unproductive—a few years later, the notorious "I Love You" virus and several other worms clogged the Web, disrupted ATM services, and infected a nuclear power-plant control system.
A long-term implosion of the Internet is unlikely, says David Kotz, a computer scientist and director of the Institute for Security Technology Studies at Dartmouth College. With its redundancies and distributed architecture—exactly the qualities that make it useful—the Internet is so resilient that it would most likely work well even a few days after a grand attack. But the nightmare scenarios are there. Perhaps one of the oddest springs from a translation of "Chinese Views of Future Warfare," a collection of reports by Chinese military scholars. It describes "ant robots," microscopic electromechanical systems that could theoretically creep into electronic equipment and lurk there for years until activated remotely. Presumably, such robots could destroy the innards of interlinked computers in key Internet routers.
A less far-fetched scheme targets national security networks with conventional jamming, spamming, or silent spying. In March 1998 the Department of Defense uncovered Moonlight Maze, a cyberespionage campaign that penetrated computer systems at the Pentagon, the Department of Energy, NASA, and various private universities and research labs. The perpetrators, who were never caught, are thought to have used a mainframe in Moscow. For more than two years, they secretly accessed thousands of files, including military intelligence, hardware designs, and troop locations. More recently, there have been reports of ongoing cyberintrusions on U.S. infrastructure and security networks. These attacks, code-named Titan Rain and apparently originating in China, are being investigated by the FBI.
The fragility of our digital infrastructure—and the ease with which it could be shattered—was highlighted in August 2003, when a power grid overload near Buffalo, New York, blacked out much of the Northeast. "A lot of the power grid is automated by computers, and I've heard that in some cases they are connected to the Internet by mistake," says David Kotz. Another fear is that terrorists might strike at the energy industry's computerized systems for controlling the flow of oil or natural gas through pipelines. "I'd be surprised if terrorist groups are not thinking about this," Kotz says.
Despite these fears, a significant attack on an American computer system has never occurred, and no one has ever died from a computer virus. Terrorists generally lack the means and resources to mount anything but relatively harmless cyberattacks, according to a 1999 study by the Center on Terrorism and Irregular Warfare at the Naval Postgraduate School. Yet the risk may be growing. With the changing of the guard, as Generation Y upstarts come up in the ranks, terrorists will most likely become more cybersavvy in the future, according to Mike Skroch, who runs a team that simulates digital security break-ins at Sandia National Laboratories in Albuquerque, New Mexico. "The current leadership of the terrorist organizations are of a generation that doesn't trust cyber means of attack," he says. "Once we see a new generation of leadership that is more comfortable with technology, we're going to see more of this." Already e-jihad Web sites exist that teach viewers how to make a virus or hack into a site. And Salafi jihadists recently developed a stand-alone Web browser that searches a self-contained database of 3,000 militant Islamic texts. It's the jihadist equivalent of a V-chip; it shields readers from the full brunt of the Internet and from any ideas that might challenge the militant ideology.
Among its many technological tricks, the Dark Web project is developing a coding scheme for multimedia analysis. "Videos are a big thing for terrorist groups," one project member says. "You can even download them on your cell phone"—and terrorists presumably do. Hsinchun Chen's team also analyzes the syntax, punctuation, and writing style of e-mails and forum postings in order to identify authors and individual terrorists. The characteristics are very specific: the use of commas or a certain greeting, for instance. "You can never get a fingerprint online, but you can get a writeprint," Chen says. The system is surprisingly effective. A writeprint—an amalgam of a writer's compositional quirks—can pinpoint an author within a small subgroup of, say, 20 people with about 90 percent accuracy. "If there is a new message, I can tell you if it's from Bin Laden or his lieutenant," Chen says.