Four main categories that biological weapons could be engineered to attack were identified in the literature. These targets include humans, agriculture, technology, and the environment. The ease with which these attacks could be carried out, consequences of the attack, and potential strategies to prevent the attack are presented below for each target.
Unsurprisingly, much of the focus on biological weapon production and defense have used humans as the target. A biological attack against humans could result in direct human deaths or illness, widespread fear and panic, economic loss, and costs related to the response and remediation of the pathogen (Elbers and Knutsson 2013). Human pathogens can be readily obtained from the environment or natural outbreak events and are found in laboratories of various security levels around the world (Gronvall 2015). Most of the work being done on synthesizing viruses from DNA ordered through DNA synthesizing organizations is done on human pathogens (De Vries 2017, Noyce et al. 2018, Berger 2019). With a few exceptions, including the U.S.’s use of biological weapons against plants in Vietnam, the majority of state-sponsored synthetic biological weapon programs have focused on zoonotic human pathogens, especially Bacillus anthracis and Yersinia pestis (Kelle et al. 2010; Zilinskas 2017).
The probability of an attack in the near future with biological weapons from state-actors, sub-state actors, and non-state actors seems to be admittedly low based on the low number of previous biological attacks, but the outcome of such an attack would be catastrophic and warrants preventative measures. Biological attacks will also become more likely as the cost and effort associated with synthetic biology and the creation of pathogens decreases. As demonstrated by natural outbreak events, pathogens have an innate ability to persist in a given location indefinitely, essentially remaining dormant in human or environmental reservoirs between outbreaks. Thus, an initial biological weapons attack could have long-term and cascading effects unseen in attacks with more-traditional weapons (Plianbangchang 2005).
Many laboratories that handle human pathogens have protective measures commensurate in level to the danger of the pathogens they are handling. Biosecurity levels range from 1, requiring the least amount of protective measures, to 4, requiring the most. These regulations are put in place to reduce the risk of a pathogen being accidently released or of unauthorized personnel gaining access to the pathogen. However, not all laboratories around the world handling dangerous pathogens properly follow biosafety regulations, or take measures to reduce biosafety challenges via a ‘safety-by-design’ approach (Trump et al. 2020c). Outreach and support, both monetarily and intellectually, may be needed between countries to ensure all biological laboratories are properly protected. Biological journals also need to take responsibility for screening papers so that information that could be easily used by nefarious actors to create biological weapons doesn’t become readily available. This debate over the risk of publishing dual-use research and the role of academic journals is evident in the ongoing scrutiny of a publication detailing the synthesis of horsepox, a close relative to the smallpox virus (Noyce and Evans 2018; Yong 2018), and is yet to be resolved.
Biological attacks against agriculture and livestock, also known as agroterrorism, would result in large negative consequences despite receiving less attention in the literature. Agroterrorism is defined as the introduction of an animal or plant infectious disease to induce fear in people, threaten social stability, and cripple a nation’s economy (Yeh et al. 2013). Animal and plant infectious diseases include both viruses, such as foot in mouth disease (FMD), rinderpest, and avian influenza; and bacteria, such as anthrax, brucellosis, and glanders (Yeh et al. 2012). While synthetic viruses and bacteria are of the most serious concern currently, agroterrorism could be susceptible to larger multicellular organisms as advancements in synthetic biology are made on that front. Traditional agricultural pests or diseases, such as the Russian wheat aphid (Diuraphis noxia) or ring rot (Clavibacter machinanensis), could be modified to be more resistant to pesticides or environmental conditions, thereby increasing their potential damage (Anand 2018; Getz and Dellaire 2018).
Agroterrorism lacks some of the cognitive and cultural shock of bioterrorism and has rarely been used in the past. One of the few examples of an offensive agroterrorism program is the Japanese Unit 100, which was dedicated to creating biological weapons for use against animals during WWII (Zilinskas 2017). Agroterrorism could be an easier and safer avenue of attack for the attacker (Elbers and Knutsson 2013; Anand 2018). Animal and plant infectious diseases are often abundant in the natural environment, making them relatively easy to obtain. Would-be attackers can handle the disease with little to no threat to their own lives or the lives of those people they care about. For example, while the use of a human pathogen during war has a very high risk of spreading back to the home nation, agricultural pathogens will be more contained and less likely to backfire especially if strains of a crop or livestock specific to the attacked location are targeted. Farms are often unsecured and geographically dispersed, making it easy for attackers to deploy a pathogen. Livestock and crops are kept in highly concentrated areas and livestock are frequently exposed to other herds or flocks during long-distance transport, effectively providing a built-in dispersal mechanism. Lastly, livestock often lack any resistance to pathogens that are prevalent in other countries, and veterinarians or agricultural officials are less likely to test for or recognize diseases that aren’t endemic to their region (Elbers and Knutsson 2013).
Overall, agroterrorism with a synthetic pathogen is an easier route of attack for a terrorist organization than a traditional biological attack against humans. A biological attack against important crops or livestock could have devastating effects on the economy and social well-being of a country, as has been seen in natural agricultural outbreaks (e.g. the Irish potato famine in 1845 or the mass culling of pigs infected with African swine fever in Ukraine in 2012). The threat of a biological attack against agriculture could be reduced by preventing actors from acquiring agricultural pathogens, increasing security on farms, developing early detection systems (including the education of farmers and veterinarians on foreign agricultural pathogen identification) and stockpiling livestock vaccines (Yeh et al. 2013; Anand 2018). Restrictions on the use of agricultural pathogens in synthetic biology experiments could also be applied in a way similar to those on human pathogens.
Synthetic biology has also been shown to be effective at attacking technology (Berger 2019; Ney et al. 2017). DNA is a relatively stable platform capable of storing large amounts of information. Normally this information is biological, but scientists have begun to look at DNA as a way to store large data and datasets, including images, audio, and videos (Berger 2019). To demonstrate the capability of technology to store and recover data from DNA, researchers at Harvard University recently used CRISPR-based tools to encode a GIF of a galloping horse into the genomes of living bacteria (Escherichia coli) (Shipman et al. 2017). However, if one is able to store data and code in DNA, then one should also be able to store malicious code. In the same year that scientists at Harvard were storing GIFS in E. coli, scientists at the University of Washington were encoding malware into a segment of DNA to successfully gain remote control of the computer that sequenced the malicious DNA (Ney et al. 2017). Many next-generation DNA sequencing (NGS) systems use a 2-bit DNA encoding scheme to read and store genetic information – A is coded as 00, C as 01, G as 10, and T as 11. The authors of the study encoded a straight-forward and commonly available computer bug and then transferred the computer code into the corresponding nucleotide sequence. They then bought this sequence from a gene synthesis company that creates synthetic gene fragments. Upon receiving the malicious synthesized DNA fragment and running the fragment through a sequencer and downstream analysis program, the authors gained full control of the computer attached to the sequencer.
It is important to note that the authors deliberately introduced a vulnerability into the analysis program they attacked prior to sequencing the malicious DNA. However, the authors of this study analyzed a number of NGS analysis programs and found that they are 11 times more likely to use insecure programming functions than non-NGS control programs (p = 0.027, Ney et al. 2017). They concluded that NGS programs do not follow best software security practices and need to be updated so as to be more robust against attacks. The authors were limited in the kind of malware they could encode into DNA because of current restrictions in the length of DNA fragments that can be sequenced and requirements for sequence stability. Advancements in NGS systems to sequence longer segments of DNA will increase the length and complexity of malware that can be encoded in DNA, and advancements in synthesizing DNA could overcome current structural requirements and also allow for a wider variety of malware. Advancements in DNA sequencing and synthesizing are ongoing as researchers innovate in pursuit of beneficial synthetic biology applications.
With the encoding of malware into DNA, any laboratory or company that sequences DNA becomes vulnerable to an attack on their computer system. Attackers could target the human biobanks of companies like 23andMe or AncestryDNA to expose the genetic information of earth’s population. This could allow attackers to synthesize a pathogen that is fatal to a small subset of people with the targeted genetic sequence but is benign to the general population (Faezi et al. 2019). Attackers could also target high-level laboratories that work with pathogens to crash their computers or gain access to confidential files. Malicious DNA could be sent directly to these sequencing services (e.g., a spit sample sent to an ancestry database) or introduced by spraying malicious DNA on surfaces that are likely to be swabbed for DNA analysis (e.g. a countertop during a health inspection or criminal investigation) or come into contact with the sequencing machine (e.g. rubber gloves or lab coats) (Faezi et al. 2019).
As advancements in NGS systems are made, updates to bring NGS software in line with best security practices should be prioritized to reduce the risk posed by malicious DNA (Ney et al. 2017). Sequencing companies should also take more responsibility in identifying suspicious DNA sequences and denying or reporting the order. One group of researchers had already started to develop a technique to detect and exclude malicious DNA by checking the sequenced DNA against known sequences before it was fully processed (Islam et al. 2019). As this is a new emerging threat, more effort needs to be applied to increase security at every level, including synthesizing DNA, sequencing DNA, analyzing sequenced data, and securing valuable genetic databases.
13.2.4 The Environment
To date, no literature that discussed using synthetic biology to directly attack the natural environment has been found. There is ongoing research focused on using gene drives and horizontal gene transfer in the open environment for beneficial purposes, including modifying mosquitos so that they are resistant to malaria (Gantz et al. 2015) and modifying coral symbionts to be more resistant to coral bleaching (Cleves et al. 2018). There are inherent risks of releasing engineered organisms into the environment since the effects of such organisms on the local community are largely unknown. However, that debate has been ongoing for decades and is outside of the scope of biosecurity. Theoretically, it could become possible for malicious actors to utilize gene drives to purposefully collapse species critical to the functioning of an ecosystem without detection. However, the technique is complicated and still in its infancy. Gene drives would be particularly ineffective against long-living species with long generation times since it would take an exorbitantly long time to propagate the deleterious gene throughout the population through natural reproduction. Overall, biological attacks against the natural environment are a very indirect route of causing harm to an enemy. Humans and agriculture are much more likely targets since harm can be inflicted almost immediately and research in engineering these sorts of pathogens is more robust. Advancements in synthetic biology that enhance the capabilities of gene drives or other methods that could be deployed against the natural environment should still be tracked as this could become a target in the future.