Countering WMD in the Digital Age: Breaking Down Bureaucratic Silos in a Brave New World

NJ_National_Guard_WMD_response

Imagine reading a news article that begins: “Terrorists delivered a biological weapon at a local sports stadium using a drone swarm, unleashing widespread panic and mass casualties.” The article reveals that a terrorist cell claimed credit for the attack, declaring it launched the drone swarm using a smartphone. Law enforcement officials determined that the group purchased off-the-shelf drones, leveraged a free, open-source swarming program, and used a DNA desktop synthesizer and information acquired online to produce the genome of a dangerous pathogenic virus. The group claimed it managed to insert the virus DNA into a cell and scale it up in a garage biolab. Authorities have no leads on the exact location from which the terrorists remotely launched their attack since the drones do not emit communication signals emanating from the drones. The terrorists left no evidence of their physical presence at the stadium — indeed, they may have planned and executed the attack from miles away.

Although this news story is fictional, the potential for non-state actors to carry out such an attack today is real. A new “species” of emerging technologies — additive manufacturing, advanced robotics, artificial intelligence, and synthetic biology — is empowering smaller groups and individuals to acquire technologies that were previously beyond their reach. As a group of researchers with the World Economic Forum suggests, these technologies are contributing to a collapse of barriers between the digital and physical, and between the synthetic and organic.

Emerging technologies will enable the rise of new, agile threats to U.S. national security, including weapons of mass destruction (WMD) — that is, nuclear, chemical, and biological weapons. States and non-state actors will increasingly take advantage of the asymmetric capabilities and competitive advantages available to them in both the physical and digital domains.

Policymakers should reconsider how they organize the national security enterprise for the digital age. In this essay, I compare how digitization will affect different “weapons of mass destruction,” focusing on nuclear and biological weapons. Specifically, I examine the availability of digital information, the automation of capabilities that could aid in the development of these weapons, and the move toward autonomous capabilities.

But these new technologies have yet to disrupt how national security policymakers think about and organize the government to counter WMD. Unlike nimble non-state adversaries, governments depend on longstanding definitions and organizational structures, efficient bureaucracies, and clear authorities to function properly. Despite the looming breakdown of longstanding boundaries in the WMD space, the U.S. government remains firmly committed to well-established bureaucratic silos of excellence, which, for example, keep “all things cyber” bureaucratically separate from WMD. Ultimately, the digitization of WMD requires a significant rethinking of the U.S. government’s increasingly arbitrary, outdated bureaucratic categories — collapsing the unhelpful distinctions between biotechnology and bioweapons, and between cyber and WMD, while recognizing that the divergent weapons that make up the longstanding category of “WMD” should be treated as distinct challenges in the age of digitization.

Blurring of Boundaries — Let’s Get Digital

Digitization refers to the blurring of boundaries between the digital and physical worlds caused by the conversion of physical things into digital information, increasing connectivity across electronic devices, and greater autonomy of machines. These days, it seems like anything can be expressed as digital code: genomes of living organisms, homemade plastic guns, do-it-yourself drone designs, nuclear power plant parts, jet engine parts for commercial aircraft, missile parts, and even brain waves. Physical-to-digital conversion technologies, such as gene sequencing and 3D printing, turn physical matter into digital information that computers can read, analyze, and share. Gene sequencing involves converting genes or entire genomes from living organisms into digital information, while 3D printing (also known as additive manufacturing) similarly converts physical objects into digital information. As greater volumes and varieties of digital information become available, the distinction between physical objects and digital information and the role of physical constraints such as national borders become less meaningful.

But digitization is more than just converting physical matter into bits. It also entails automating manual processes that previously required skilled labor, making physical objects capable of sending and receiving information over the Internet, and allowing automated systems to be controlled over the Internet by remote users. Paul Scharre and Michael Horowitz define automated systems as software or hardware that perform a function for some period of time, then stop and wait for human input before continuing. These systems contain “embedded expertise” and empower greater numbers of individuals to achieve results that once required a high degree of skill and knowledge.

Nicholas Negroponte suggested in Being Digital that bits “comingle effortlessly” with each other, allowing us to consume and use the same digital information on a growing range of automated devices. This feature has led to the networking of greater numbers of physical objects over the Internet — i.e., the Internet of Things.

Finally, as founding editor of Wired magazine Kevin Kelly suggested in 2014, the next step for digitization will be giving electronics cognitive abilities to achieve greater autonomy. Unlike the rule-based software of the past, machine learning algorithms are capable of learning concepts and solving problems from patterns found in massive data sets. These tools give machines the ability to perform functions with limited human oversight.

The Digitization of WMD

How will the phenomenon of digitization affect U.S. adversaries’ ability to develop or deliver nuclear and biological weapons? Many emerging technologies with the potential to shape the development and use of WMD have digital components and automated and connected to the Internet. The connection between cyber and physical systems facilitates easy transfer of information and makes technologies capable of having physical impacts through digital pathways. Moreover, as more electronic devices become smart, they are exposed to cyber vulnerabilities that have plagued computing devices for decades.

For example, drones, a potential platform for the remote delivery of WMD, contain operating software and hardware, transmit many types of data, and rely upon GPS for navigation. Operators can crash drones into buildings and infrastructure to cause physical effects from remote locations. 3D printers can be connected to the Internet, which could allow nefarious actors to circumvent traditional suppliers by reverse engineering and producing WMD-related parts. Further, the potential for cyberattacks on design software and networked machines creates new risks to supply chains for weapons programs.

The three categories of WMD — nuclear, chemical, and biological weapons — have different levels of susceptibility to the dangers of digitization. For nuclear weapons, the production of weapons-usable nuclear material represents the primary barrier to creating the capability. Producing the requisite fissile material for a nuclear bomb requires access to raw materials, significant resources (money, electricity, etc.), uranium enrichment and/or reprocessing facilities, and extended periods of time. No level of digitization is likely to alter these physical requirements.

In contrast, synthetic biology has practically transformed the life sciences into a branch of information technology, with implications for actors seeking to develop both biological and chemical weapons. Genome-sequencing technologies read DNA sequences and convert them into digital information, while gene synthesis technologies essentially do the opposite — allowing scientists to translate digitized genomic data from a computer into physical DNA sequences. Taking these sequences, scientists can modify or recreate living organisms in a lab environment. Many of these organisms are capable of producing chemical compounds, circumventing the need for chemical synthesis. In this way, synthetic biology has the potential to digitize the development of chemical weapons as well.

Nuclear weapons

Although nuclear weapons remain far more resistant to digital technologies than biological weapons, policymakers may face some new and significant digital/physical challenges in several areas: proliferation, supply chains, command and control, and deterrence. Given the overwhelmingly physical nature of a nuclear weapons program, the main effects of digitization will be through increased availability and quantity of digital information and greater autonomy.

The first digitization challenge to nuclear weapons involves risks posed by the proliferation of digital information as a result of 3D printing. 3D printing or additive manufacturing refers to a growing family of technologies through which material is added gradually, layer-by-layer. These technologies allow physical objects to be converted into digital information, giving anyone with access to a computer, a 3D printer, and the Internet the ability to create and share physical things over digital pathways.

Additive manufacturing is especially advantageous for the nuclear weapons and nuclear energy sectors, which do not enjoy the benefits of economies of scale. 3D printing allows companies such as the United Kingdom’s Sellafield Ltd and Siemens to design one-off solutions to solve nuclear-specific challenges while saving money, reducing part production times, and increasing safety. For example, in 2014, Sellafield used 3D printing to support the decommissioning and disposal of nuclear waste at the nuclear power plant. The company used a 3D scanner to capture the dimensions of a container for radioactive material, designed a digital model for a lid that would fit the container perfectly, and printed the lid, saving both time and money that would be required if they used traditional tooling. In 2017, Siemens installed the first 3D-printed replacement part in a nuclear power plant in Slovenia. Although these are innocuous examples, they indicate the start of a trend that will expand as more sensitive parts are produced for nuclear reactors.

The nuclear weapons sector is also harnessing the advantages of additive manufacturing. Within the U.S. nuclear weapons complex, the Kansas City National Security Campus, for example, has used 3D printing for more than a decade to produce non-nuclear components to improve the design, prototyping, and manufacture of nuclear weapons fixtures, achieving a savings of more than $45 million. Lawrence Livermore National Laboratory and Sandia National Laboratories are working to refurbish components of the W80 nuclear warhead, several of which will be 3D-printed. Meanwhile, a warhead being developed for hypersonic weapons by a defense contractor will contain three major parts produced with 3D printers.

As companies and militaries integrate 3D printers into their operations to produce sensitive parts, they are contributing to a growing repository of digital build files, much like Word and PowerPoint documents. These files — designed, tested, and qualified by scientists and engineers — embed a certain level of technical expertise in electronic form, which means individuals without the requisite skills can produce parts by loading up a 3D printer with the required raw materials and then pressing the “print” button. To be sure, we are not yet at the point where additive manufacturing technologies can fully circumvent the skills needed for post-processing and assembly of WMD. However, the technologies are advancing. If states and non-state actors are able to hack companies’ or militaries’ computer systems and get access to these digital build files, they may be able to skip critical steps in developing parts required for nuclear reactors or nuclear weapons.

Similarly, digital pathways may allow actors to circumvent the need for skilled engineers and scientists in their pursuit of nuclear weapons. In the past, policymakers worried about brain drain — the idea that underpaid scientists and engineers might be persuaded to assist states or non-state actors in developing nuclear capabilities. In the future, the commercial value of digital information combined with the anonymity afforded by the Internet may change the incentives for nuclear experts considering sharing technical expertise. Once a digital file is created, most of the work is done (except of course, for transmission costs and the materials required for its conversion to physical form). Selling additional copies of the digital file involves almost zero transaction costs when compared to producing, selling and transporting physical parts.

The use of additive manufacturing to produce sensitive parts for nuclear reactors or nuclear weapons also opens up additional digital pathways for sabotage of supply chains — through design software, printer firmware, and the machines themselves. Complex systems such as nuclear weapons and command and control systems contain many digital components assembled in complicated supply chains. These can be compromised by adversaries through the introduction of malicious code.

Recently declassified records demonstrate that a single part malfunction can lead to a false launch warning of a missile launch, or simply to the loss of communication with nuclear forces. On June 3, 1980, early warning computers at the North American Aerospace Defense Command (NORAD) detected a nuclear attack from the Soviet Union. National Security Advisor Zbigniew Brzezinski was about to wake up President Jimmy Carter to order to launch a massive retaliation when a subsequent phone call indicated a false alarm. A later investigation found that the false alarm was caused by a defective 46-cent computer chip in a communications device. More recently, in 2010, NORAD lost its communication link to 50 ICBMs for more than an hour due to a hardware malfunction at a launch control center at Warren Air Force Base in Wyoming.

 

 

The risk of defective parts raises the risk of false alarms and communication failures. Moreover, if an adversary wanted to undermine the effective operation of U.S. nuclear weapons in the event of a crisis, tampering with the supply chain could offer a lucrative pathway.

In addition to the potential for theft of digital know-how, digitization in the area of autonomy has implications for nuclear deterrence. To deter adversaries, a nuclear-armed state depends on a reliable and invulnerable second-strike force to retaliate against any potential nuclear attack. Nuclear-powered ballistic missile submarines often assume this role because adversaries don’t know where they are. But what if the seas become transparent and nuclear submarines become detectable? A combination of advanced undersea technologies, including autonomous drones and sonar nodes, may undermine the stealth and invulnerability of submarines. In this way, undersea transparency could undermine deterrence and increase the risk of nuclear war.

Sophisticated drones, ranging from semi-autonomous to fully autonomous systems, also offer new potential delivery platforms for nuclear weapons, creating both offensive and defensive risks. As Zak Kallenborn and Philipp Bleek point out in their recent piece, Russia is considering underwater autonomous drones for the delivery of nuclear weapons. AI-enabled autonomous systems come along with an extensive list of operational risks, which are severely exacerbated by their integration into nuclear weapons systems. On the defensive side, the risk of hacking and disruption of communication links may jeopardize the effective operation of semi-autonomous systems.

Increased autonomy will also lead to troubling offensive risks including program malfunctions that might occur within a complex system, unanticipated interactions with the environment, loss of command and control, and the potential for runaway escalation, and unintended use of nuclear weapons by autonomous systems.

Biological weapons

In contrast to nuclear weapons, the technologies underlying biological weapons have already become quite digitized. Whereas fissile material remains physical in every respect, the starting point for a biological weapon, a dangerous pathogen, can now exist as digital information — i.e., genomic data.

Over the past several years, dramatic reductions in the cost of DNA sequencing and synthesis, computing power, and data storage have enabled scientists to read greater numbers of gene sequences and living organisms’ genomes and convert this information into genomic data. Scientists around the world can access this growing volume of genomic data through online databases to construct new genes and DNA sequences of interest, and potentially create living organisms from scratch.

Rather than acquire physical samples of pathogens, researchers can now search these online catalogues for sequences. Meanwhile, biotechnology companies are building their own proprietary collections of genomic data to produce consumer products. These collections of data have huge potential commercial value, and their accessibility on networks and the Internet makes them vulnerable to hacking, theft, and sabotage. To be sure, this information can be encrypted and protected against cyber intrusions, but in digital form the information is easier to transfer, steal, or sabotage.

As a result, it is increasingly possible to acquire the digitized genomes of dangerous pathogens and recreate them in a lab environment. This became possible as early as 2002, when scientists created an active polio virus from scratch through chemical synthesis. Then, in 2010, J. Craig Venter’s team became the first scientists to create a living organism from computer data. More recently, scientists at the University of Alberta in Canada pieced together the genome of the horsepox virus, seeking to help develop more effective vaccines for its close relative, the variola virus, which causes smallpox. Over the course of six months, scientists ordered DNA sequences of the virus by mail, put them together, and synthesized the virus in the lab. The project cost only about $100,000.

The trend toward automation also appears to be breaking down the longstanding barrier of hands-on lab knowledge, acquired through learning by example or “a lengthy process of trial-and-error problem solving.” A number of desktop machines such as bioprinters and DNA sequencers are leading to substantial de-skilling in fields that previously required years of trial and error. At the push of a button, individuals with less expertise can achieve results comparable to highly educated scientists. For example, last year, scientists invented an easier, faster, and more accurate method for synthesizing DNA that could eventually lead to the development of desktop DNA printers for use in research labs. In the past, scientists had to synthesize short sequences and assemble genes by stitching them together, which required much trial and error, time, and toxic chemicals. The new technique would allow less skilled scientists to skip that difficult step and make it easier for them to engineer new living organisms.

Although these machines do not fully eliminate the need for expertise, the Internet is making it easier to acquires such knowledge. In recent years, scientists have started transferring skills by uploading video recordings of themselves conducting experiments to YouTube. Using a more sophisticated model, the Journal of Visualized Experiments has published over 8,000 professional videos of scientific experiments from laboratories around the world to improve scientific education.

In the future, genomic data, gene editing tools such as CRISPR, and machine learning tools may assist nefarious actors interested in developing more effective biological weapons. Online databases containing genomic data will grow rapidly, as will the availability and sophistication of bioinformatics tools for modeling, modifying, and designing living organisms. As Kolja Brockman, Sibylle Bauer, and Vincent Boulanin suggest, machine learning tools will help scientists more quickly identify the functions of genes and the genetic markers for diseases, allowing for personalized treatment. However, these same tools could be used to enhance existing pathogens as biological weapons or identify populations susceptible to certain diseases in order to develop biological weapons capable of targeting specific individuals or groups.

Nuclear weapons reside at one end of the spectrum as the most “physical” weapons of mass destruction and biological weapons at the other end as the most digital, with chemical weapons somewhere in between (This article has focused on these two categories of WMD in order to examine the more extreme ends of the spectrum). In most cases, the development and use of all types of WMD will continue to depend primarily on physical pathways, materials, components, equipment and facilities. However, resourceful adversaries may soon leverage digital information to achieve their objectives.

The Way Forward

The trend toward digitization in the WMD space presents policymakers with a fundamentally new set of challenges. Digitization allows nefarious actors to move fluidly between the digital and physical worlds, circumventing efforts to counter WMD proliferation in ways that the U.S. defense enterprise is not prepared to manage. As these weapons become less physical and more digital, policymakers will have to grapple with securing digital information, countering proliferation activities over digital pathways, and protecting against vulnerabilities introduced by connection to the Internet and other networks.

Policymakers can start addressing the new risks posed by digitization in three ways. First, they should abandon the use of the terms “WMD” and “countering WMD.” For decades, these terms have obscured important differences among nuclear, chemical, and biological weapons and silos have grown up around them within the U.S. government. Emerging technologies are exacerbating the distinctions between these weapons, but bureaucratic structures force the U.S. government to treat them as if they pose similar challenges. As this article has shown, digitization is changing the threat of nuclear weapons, biological weapons, and chemical weapons in very different ways, exacerbating pre-existing technical differences. At the same time, other boundaries — e.g., the separation between WMD and cyber threats — have become increasingly artificial.

Second, policymakers should remove the bureaucratic barriers between biotechnology and biological weapons, and instead take an overarching strategic approach to the risks and opportunities the life sciences pose for defense. Here, digitization is increasing the overlap between sectors rather than accentuating the differences. Diane DiEuliis wrote in War on the Rocks last year about the bureaucratic separation within the Department of Defense across the various service labs, the undersecretary for research and engineering, and the undersecretary for acquisitions and sustainment for managing the risks of biological weapons and leveraging the potential of the biotechnology sector for the battlefield. This separation, she argued, has led to the absence of strategic guidance for the development of these new technologies at the national level.

Among other things, this siloing has prevented policymakers from treating genomic data as a strategic asset. Policymakers might consider developing new standards of practice among scientists and bio-industrial companies to better protect all types of digitized genomic data. They should also consider adopting the advanced encryption algorithms used in the financial sector as a way of protecting digitized genomic data. This will require striking a balance between the need for security and the scientific community’s ethos of openness, sharing, and collaboration.

Finally, policymakers should explore removing the bureaucratic barriers between cyber and WMD — e.g., the assistant secretary for homeland defense and global security is responsible for both cyber policy and countering WMD, but both are handled by different deputy assistant secretaries of defense. Of course, this is easier said than done. As an initial step, though, the government could consider how to integrate cyber experts into WMD-related offices to address both the physical and digital dimensions of the WMD threat. Eventually, it will be essential to ensure collaboration and information-sharing between and among cyber and WMD professionals in the government. Removing these bureaucratic barriers will help policymakers better investigate the national security implications of cyber-physical systems that may be used to produce sensitive parts for nuclear weapons or to remotely access WMD-related facilities to cause harm. In addition, the government should invest in additional cybersecurity measures to protect against supply chain risks and unauthorized access of industrial control systems.

The digital age has produced a brave new world of nuclear, chemical, and biological risks. It is time to move beyond long-established silos in the national security mission space and break down the bureaucratic barriers that are preventing the U.S. government from taking effective action to prevent the use of the world’s most devastating weapons.

 

 

Dr. Natasha E. Bajema is a senior research fellow at the Center for the Study of Weapons of Mass Destruction and leads a multi-year initiative on the impact of emerging technologies on WMD called “Emergence and Convergence.” Dr. Bajema has more than 19 years of WMD-related expertise, including serving on extended detail assignments within the Pentagon and the National Nuclear Security Administration.

Image: New Jersey National Guard photo by Mark C. Olsen