In the newest James Bond film, “No Time to Die,” a Russian scientist, who is in the process of defecting to the good guys, quickly switches a USB drive in an ominous looking computer that processes tailored bio-weapons. The switch replaces James Bond’s genetic information with that of an entire criminal syndicate, called Spectre. The scientist’s handler and member of Spectre, releases the aerated bio-weapon in the ventilation system above the Spectre party and unwittingly kills the entire cadre with nanobots that uniquely target individuals whose genetic information was swapped for Mr. Bond’s. The nanobots kill every member of Spectre at the party with a horrific, but quick, flesh-eating disease (watch the scene here). Life often imitates art, and this art, is very scary…
While I can only hope a capability like this does not exist, there are some very big due diligence concerns in supply chains we can have an impact on, now. The Biotech industry is massive and growing. Separately, computing power and AI/ML show huge promise for progress in finding new cures, refining existing treatments, and revolutionizing preventative medicine. Peril also lurks in a diffusion of technology to anyone with $20 a month for a generative AI subscription and an internet connection. Because of this low barrier to entry, it is essential that biotechnology companies, laboratories and universities conduct the proper due diligence on people, and companies, who may gain access to necessary equipment to more easily create bioweapons.
Earlier this year, the House of Representatives Select Committee on the Chinese Communist Party sent a letter to the Director of National Intelligence, Avril Haines, and Federal Bureau of Investigation Director, Christopher Wray, urging them to investigate GenScript Biotechnology Co., Ltd., which is a “Contract Development and Manufacturing Organization (CDMO)” that focuses on “services such as the production of custom gene synthesis for companies and U.S. Government entities. Publicly available information (PAI) uncovered “tight links between GenScript and the CCP,” including the acting CEO and several other c-suite members, being CCP Committee Secretary – a political office within the Chinese government. Close ties risk the transfer of intellectual property and sensitive biological and genetic data that can be used to exploit or blackmail certain individuals or groups, or even produce tailored bioweapons. The congressionally established National Security Commission on Emerging Biotechnology (NSCEB) outlines a potential scenario where genetic data is transferred to a company or third-party without the proper screening process in place, leading to a loss of sensitive data and potential security risk. One NSCEB white paper calls biological data a “strategic asset” and when focused on describing a specific group of people, “the data can be used to produce more precise medical treatments, but also to blackmail or exploit said groups.” The NSCEB makes several policy recommendations over a series of white papers, but due diligence through basic OSINT methodologies can preemptively mitigate major long-term risks.
Another risk that open-source intelligence (OSINT) practitioners will understand well, is that there is no shortage of gray literature within the medical community that touts discoveries and methodologies that can be rapidly ingested, synthesized, and weaponized by threat actors using generative AI. OSINT analysts and investigators can use monitoring tools and software to stay a step ahead by setting keyword, hashtag, and issue topic monitors to receive real-time information relevant to the weaponization of medical information.
The House of Representatives have taken a needed step in thwarting foreign supply chain risk with the resounding 306-81 passage of the Biosecure Act in September of this year. The bill, which still has to pass the Senate before it lands on the President’s desk, prohibits any executive agency from procuring or obtaining “any biotechnology equipment or service produced or provided by a biotechnology company of concern.” There are five companies named in the bill, all Chinese: BGI, MGI, Complete Genomics, WuXi AppTec, and WuXi Biologics. The bill also gives 365 days for the Director of the Office of Management to publish a complete list of entities that would constitute “biotechnology companies of concern.” There is a grace period for biotech companies to decouple from any partners with links to potential foreign adversaries. Leading up the floor vote, an L.E.K. Consulting survey found that “68% of respondents, all of whom represent U.S.-based life sciences companies, were already adjusting their operations with Chinese partners, diversifying the geolocation of their partnerships, and adding background checks for partners.”
If it’s not apparent yet, we live in a dangerous world where enemy and friendly combatants in uniform are not the only targets. Foreign adversaries are deliberately targeting commercial entities to steal intellectual property and undermine the very idea of capitalism. Due diligence is not a ‘nice-to-have’ in the private sector, it is essential. Every day, more companies and entities are added to sanctions lists while export controls flow freely as one of the many intelligence agencies in the United States or allied countries. Businesses, large and small, must be weary of foreign adversarial risks – OSINT provides a low cost, high return solution to mitigate those risks. We must be prepared to face Spectre-like enemies willing to tailor bio-weapons in future wars, or preparation leading up to war, if we are to believe life imitates art. Of course, I’m still waiting for my Thunderball era jet pack, so maybe we have more time than we think.