Historically, bioterrorism threat and risk assessments have emphasized vulnerabilities, consequences, and technology-centric (or “capabilities-based”) approaches which focus on low-probability high-consequence worst-case scenarios. Little or no consideration is usually given to what is likely or known about actual adversary capabilities and intentions. An early example of such an assessment was that conducted in 1999 by the U.S. Centers for Disease Control and Prevention to develop its Category A, B, C list of potential bioweapons agents. This capabilities-based approach is understandable and to some extent necessary given the scarcity of relevant intelligence data and the importance of, within reason, identifying and hedging against potentially catastrophic events.
However, a narrow focus on technology, vulnerabilities and worst-case scenarios can easily become ungrounded in reality and make for poor biodefense policy and strategy. This point was made in numerous reports issued before the anthrax attacks of 2001 (for example, in reports released in March, September and December (pages 53-4) of 1999. It has been repeated since (for example, in this 2002 report (page 7), in this 2005 report, and in this 2005 report to the president (pages 508-509), and a similar argument regarding the strategy for confronting the threat of nuclear terrorism was published in the January/February 2008 Foreign Affairs). As the Director of the National Counterproliferation Center (Office of the Director of National Intelligence) stated in testimony on 4 May, 2006, “the key questions for the Intelligence Community are primarily not highly technical in nature.” Instead, the key questions are discerning the intents and capabilities of actual adversaries. “Focusing on technology alone not only does not answer these questions, but it can lead people to speculate on nightmare scenarios that are not grounded in reality.”
The current Department of Homeland Security (DHS) risk assessment process represents a significant computational advance over previous assessments. However, it appears to maintain an emphasis on high-consequence scenarios and vulnerabilities and the use of capabilities-based assessment with little consideration of what is actually known about adversary intent and capability. Thus, while it may be useful for making certain strategic and tactical decisions on how to respond to and mitigate a biological attack (although this has been questioned), it gives no indication about how concerned we should be about bioterrorism relative to other threats facing our nation (including other forms of terrorism and other infectious disease threats).
Homeland Security Presidential Directive 18, issued by President Bush in January 2007, now requires DHS to produce “a strategic, integrated all-CBRN [chemical, biological, radiological, nuclear] risk assessment” by July 2008. DHS is also expected to release a new Bioterrorism Risk Assessement later this year.