The E Coli Outbreak and the Google Hack
The two main headlines on the online NYT at the moment are about the E Coli outbreak in Germany and the alleged hack by China of Google. I have not seen anyone speculating that the E Coli outbreak is a result of bioterrorism. And I have no reason to think that it is. But this is what a bioterrorist attack will look like: people become sick and die from a puzzling new strain of a biological agent, with attribution of the source of the agent
Published by The Lawfare Institute
in Cooperation With
The two main headlines on the online NYT at the moment are about the E Coli outbreak in Germany and the alleged hack by China of Google. I have not seen anyone speculating that the E Coli outbreak is a result of bioterrorism. And I have no reason to think that it is. But this is what a bioterrorist attack will look like: people become sick and die from a puzzling new strain of a biological agent, with attribution of the source of the agent very hard to pinpoint. Similar attribution problems arise with cyberattacks and cyberexploitations, as China’s denial today of responsibility for the Google hack illustrates.
This, and the government’s recent disclosures suggesting attempts at a deterrence strategy for cybersecurity, put me in mind of an interesting paper Ben wrote in Chapter 18 of this volume, where he said, among other interesting things:
Technologies of mass empowerment—of which biotechnology and globally networked computers are the paradigmatic examples—have certain common characteristics that bear emphasis. First, they are widely disseminated technologies that depend on readily available training and materials. Unlike nuclear technologies, they did not develop principally in classified settings at government-run labs with the government’s controlling access to the key materials. Rather, they developed in public in open dialogue with nonmilitary purposes in mind. Scientists did not discover the double helix or sequence the human genome in order figure out how to design viruses to kill people. Nor did engineers build the Internet so that terrorists or foreign governments could seize control of the Hoover Dam—or even so that our intelligence agencies could seize control of some other country’s dams. Yet in the cyber arena, attacks have grown up alongside the platform. And in the biotech arena, a public literature now exists to teach bad guys how to do horrific things—and the materials, unlike highly enriched uranium, are neither scarce nor expensive. Second, the destructive technologies are virtually inseparable from the socially beneficial innovations that give rise to them. In the wrong hands, the research on how to use genetics to cure and prevent disease can be used to cause and spread disease. A paper on how to shield computers against viruses necessarily involves analysis of viruses that one can use to write stronger ones. Defensive research in this space will potentially empower the bad guys too. Third, the use of these technologies blurs the distinction between foreign and domestic threats and, indeed, makes attribution of any attack extremely difficult. As every student in a biological laboratory and every individual on his home computer becomes a possible threat to national security, traditional techniques of surveillance, deterrence, and nonproliferation become increasingly ill suited to detecting and preventing terrorist activity. Large numbers of cyberattacks already take place with attribution impossible or long delayed. In the case of the anthrax attacks in the wake of September 11, attribution took seven years and remains to this day contested. Indeed, often in these cases, a targeted entity will not be able to determine whether its attacker is another state, a political group, a criminal group, or a lone gunman. The life sciences present a prototypical case of this type of technological development, threatening realistically to put the power of a WMD attack in the hands if not of the average person, certainly of many above-average people with relatively inexpensive equipment and basic training in genetic engineering. Biological weapons are unique among weapons of mass destruction in that they have the capacity, like nuclear weapons, to produce truly catastrophic damage, yet like chemical weapons, are comparatively inexpensive and easy to produce. The technology required for their production is generally the same as the technology used in legitimate life sciences research; indeed, it is the bread-and-butter stuff of the biotech revolution that has done so much good throughout the world. Precisely because modern biotechnology has so much promise and offers so many benefits in so many walks of life, the materials and skills required to develop these weapons are not rare. Just run a Google search on “gene synthesis companies” and you’ll see a whole industry that will make DNA sequences for order over the Internet. While it may be difficult for even a highly trained individual to build his own nuclear weapon, an individual with relatively modest expertise and resources could potentially obtain or develop his own biological weapon with worldwide consequences. As costs continue to fall, the number of people whom governments around the world have to regard—at least in theory—as capable of having their own personal WMD programs grows commensurately. The vulnerability of the world’s network infrastructure similarly illustrates the growing capacity of small groups to become players in international relations and global security issues. . . .The whole thing is worth a read, as is Philip Bobbit’s interesting take on the connections between bioterrorism and cyberattacks in Terror and Consent.
Jack Goldsmith is the Learned Hand Professor at Harvard Law School, co-founder of Lawfare, and a Non-Resident Senior Fellow at the American Enterprise Institute. Before coming to Harvard, Professor Goldsmith served as Assistant Attorney General, Office of Legal Counsel from 2003-2004, and Special Counsel to the Department of Defense from 2002-2003.