A View from the CT Foxhole: Edward You, FBI Weapons of Mass Destruction Directorate, Biological Countermeasures Unit
August 16, 2017
Edward You is a Supervisory Special Agent in the FBI’s Weapons of Mass Destruction Directorate, Biological Countermeasures Unit. Mr. You is responsible for creating programs and activities to coordinate and improve FBI and interagency efforts to identify, assess, and respond to biological threats or incidents. These efforts include expanding FBI outreach to the life sciences community to address biosecurity. Before being promoted to the Weapons of Mass Destruction Directorate, Mr. You was a member of the FBI Los Angeles Field Office Joint Terrorism Task Force and served on the FBI Hazardous Evidence Response Team.
CTC: Can you describe the directorate where you work and the team that supports its mission?
You: The WMD directorate was established as a result of 9/11, upon the recommendation of the WMD Commission and the 9/11 Commission, and it was basically to consolidate the missions about countering WMDs. In the Biological Countermeasures Unit, our focus is on the prevention, detection, interdiction, and response to potential misuse of biological materials or expertise. The true cornerstone of our program is the FBI WMD Coordinator. These are special agents—men and women—that are trained in CBRNE [Chemical, Biological, Radiological, Nuclear, and Explosives] matters. They undergo rigorous training and certification, and the key to them is there’s at least one Coordinator stationed in each of our 56 field offices across the U.S. We also have some stationed overseas as well. Their primary mission is to link up with state and local law enforcement, with the first responder community, with other federal agencies and assets, including National Guard. If there ever was a CBRNE event, they would be the tip-of-the-spear in providing the response as well as heading the investigation.
They proactively reach out and establish partnerships and liaisons with universities, companies, and other institutions within their jurisdiction. They act as a resource to provide these institutions with security awareness so that [if] there ever was a security issue, particularly one necessitating a response, then members of the private sector, academia, and even amateur DIY [do-it-yourself] biological researchers know that there’s a specific individual in the FBI, in the form of the Coordinator, that understands who they are, what they’re doing, and what the context is.
I’m here at headquarters, and my primary mission is to support outreach and engagement, but probably most importantly it is to backstop the WMD Coordinators who are positioned in the field. They have to cover the whole broad range of modalities—chem, bio, nuke, explosives. They do the initial engagements, the partnerships, the initial response, but they can always call back to headquarters where we leverage all of our expertise as subject matter experts. We can bring in the laboratory division; we can bring in Centers for Disease Control and Prevention (CDC), if necessary, the Department of Homeland Security to support them when they run into an incident out in the field.
CTC: Can you talk about the level of coordination that you have with private sector entities? Have these relationships been easy to forge?
You: Yes, indeed, because we have a shared interest in preventing the exploitation, abuse, and misuse of science. The scientific community is a vital partner in this. We raise their level of consciousness about security problems. By approaching the challenge in this way—rather than from a top-bottom, security-handed way—we’ve garnered more buy-in, and as a result, it’s allowed our Coordinators to expand their contacts list extensively.
We’ve created a network of sentinels to safeguard biology, who trip the wire when they see something suspicious. They’ve even invited Coordinators to participate in training exercises for educational events. I go out and push out security awareness in the scientific community, and then once I’ve got their understanding, I introduce them to their local WMD Coordinator to continue the discussions [and] the relationship. That’s been the most successful part of our program. Over time what we’ve seen is not just suspicious activity reporting but continued engagement, information sharing, and in those instances where there has been a potential criminal act, you see very rapid reporting, which then immediately supports a rapid and robust response.
CTC: Are you satisfied with the volume and depth of these types of partnerships that the FBI has established? Or are there areas where you would like to see greater collaboration?
You: I think in a post-9/11 world, we’re doing really well. If there’s any challenge, it’s probably going to be bandwidth in that the scientific community is so vast. The numbers of scientists involved in the life sciences are large and growing, and the field is becoming more multi-disciplinary in areas such as bioengineering. The good news is that our partnership efforts have been gaining momentum not only because of the FBI’s understanding and the buy-in from the scientific community, creating helpful word-of-mouth for our efforts. We’re increasingly seeing the scientific community incorporating security into their research projects and technologies, which is fantastic because you’re addressing security on the front end.
The other challenge is that life sciences and advances in biotechnology are inherently open source and global. The goodwill and good word-of-mouth we’ve garnered domestically has resulted in scientists overseas expressing interest in developing the same type of partnership with their own internal law enforcement agencies. The challenge is that there isn’t any other position in international law enforcement like the WMD Coordinator. So we’ve been trying to help our foreign partners to establish a WMD Coordinator-type of capability.
CTC: What international partners do you work with?
You: We work with the United Nations, Interpol, and Europol. We’ve engaged with the European Commission and the Association of Southeast Asian Nations. We have a formal partnership with the United Nations Interregional Crime and Justice Research Institute (UNICRI), and that’s powerful because they have centers of excellence in academia all over the world. We’re pressing a message about security awareness—about biosecurity, prevention, and misuse of the life sciences—internationally, either bilaterally with foreign governments or jointly with our partners in the Department of Defense or the Department of State through their respective cooperative biological engagement efforts.
CTC: Can you discuss your level of cooperation with public health facilities?
You: In the wake of the anthrax mailings that followed 9/11, we established a formal partnership with the CDC, and through the CDC, the WMD Coordinators have established partnerships with state and local public health agencies. [If] there is an unusual outbreak of some kind somewhere in the U.S., then through our partnerships, we work in real-time alongside public health agencies so that there’s a joint criminal and epidemiological investigation, and we quickly work to determine whether or not this is a freak natural occurrence or a potential intentional release. That partnership has been very powerful.
CTC: In the United States, we’re increasingly seeing entrepreneurs and amateur scientists set up “DIY” biological labs. What challenges does this present?
You: The FBI has been aware of these DIY bio labs since they started emerging in a big way almost a decade ago, and we’ve been engaging them through the Coordinators since then. We look at these community labs as a big positive force in the economy and engines of innovation. That has helped us overcome the natural tendency for such outfits to be a little bit anti-establishment. By engaging with them, we’re helping them to raise their level of awareness that they could potentially be targeted by malicious actors seeking to subvert their work, steal their technology, or recruit insiders on their staff. By helping them establish a form of “neighborhood watch,” they will be best positioned to identify and report on instances of suspicious activity both internal and external to their community. Who better to identify threats than the community members themselves?
Through our engagements, the amateur community developed their own sense of civic responsibility and went on to develop their own international code of ethics.a This is key since the amateur biology community at large is still in its nascent stage and has limited capabilities; however, with rapid advances in biotechnology and concomitant drops in cost, the state of play could change significantly in the near future. Therefore, it is incumbent upon agencies like the FBI to engage with the communities in the early stages to raise awareness and, most importantly, establish the partnerships to showcase how both the FBI and the DIY bio members have a shared responsibility to safeguard their work, community, and innovations.
CTC: Have any leads come out of these DIY labs?
You: There have been no identified threats; however, as a result of our partnership, the DIY bio community has provided information on where biological technology is currently heading, allowing us to prepare and think about future vulnerabilities and threats. The thing about bio is that it’s open-source. Unlike the rad/nuc realm or even the chemical realm, where you’re talking about very specific materials of concern and very specific levels of expertise, bio is completely the opposite, which inherently makes it a challenge to identify and address some of the security issues.
We’re also facing the fact that as bio is now converging with the digital-cyber realm, scientific progress is moving even faster. One of the reasons why, from a strategic standpoint, we’ve been doing outreach and engagement is that a top-down approach does not work well in this space. It’s very difficult for the U.S. government and its different components to forecast where the sciences are going, what the potential vulnerabilities are going to be, but if you have established a relationship with the scientific community, the experts themselves can identify potential security challenges, which is really beneficial. As a result of our engagement, the scientific community had flagged gene editing as a potential area of concern more than two years ago and, in partnership with us, has stepped up measures to protect this space.
CTC: As you know, terrorists defy easy categorization, in terms of their backgrounds and even their motivations. But is there a particular individual that is interested in using WMD technology for nefarious purposes?
You: That’s a tough question. We look at the entire modality—the whole world of bio—when looking for potential security challenges. We’re almost agnostic as to who the threat actor is likely to be. In that way, we’re less likely to be caught blindsided.
Let me give you an example of something that was brought to our attention by the scientific community a few years back—synthetic biology, the engineering of biology, an area in which gene editing is going to become a tool. About two years ago, there was a research group that was able to use synthetic biology to modify baker’s yeast. This new, modified yeast can take sugar as the precursor, process it, and ferment out opioid-based products. This is great because there’s a huge need by the medical field for pain-control medication. But if you think about it, if that particular genie got out of the bottle, now you have this modified organism that you can get freeze-dried, bring it back to your home, put into a fermenter, add sugar, and distill your narcotic of choice: heroin, oxycodone, or codeine. We’re not there yet, but if that technology got out, it could almost have as damaging an impact on society as a terrorist attack. Just as an aside, significant questions flow from this for the country as a whole, including whether U.S. law enforcement agencies, including the FBI and the Drug Enforcement Administration (DEA), would need to find a way to regulate sugar. How would you be able to do that?
We’re already in the midst of a huge heroin and fentanyl epidemic in this country. So this is an aspect of biotechnology that would absolutely be attractive [for] exploitation by drug cartels or criminal enterprises. When it comes to bio security, this necessitates expanding the lens through which we view the threat picture beyond the traditional terrorist, counterproliferation concerns that we’ve had—and our long-running concern about biological weapons—to also focus on criminal groups who could exploit powerful manufacturing processes that are coming on-line in synthetic biology and other areas in order to make a profit.
CTC: You came to the FBI with a science background. So I imagine you have a very nuanced understanding of the importance of scientific discovery. How much has that appreciation helped, in fact, your ability to achieve the balance between security and scientific freedom?
You: Quite a bit because I speak their language. The FBI is a very different organization post-9/11 than before that terrible incident. They probably would not have been interested in hiring somebody like me [before 9/11]. The priorities back then was going after organized crime or public corruption. The higher priority would have been people with legal backgrounds or former military or law enforcement or accountants to follow the money. But post-9/11, the Bureau has actively tried to diversify its workforce. So now there’s a high priority in hiring individuals with foreign language skills, computer science skills, or experience in the natural sciences like myself.
CTC: In December 2016, Europol warned “there are indications [the Islamic State] is experimenting with biological weapons.”b What level of concern do you have about the bio threat from the group?
You: With ISIS, al-Qa`ida, or any other threat actor for that matter, we are faced with two significant challenges. The first is ideology. What happens if that lone individual that becomes persuaded by their ideology happens to be a microbiologist or a biochemist? The counter WMD mission has always proceeded by identifying the actors expressing the intent to acquire, develop, or use WMDs (e.g., counterproliferation efforts). And historically, significant effort and investments have been made to counter the biological weapon threat ranging from state/non-state actors to individual level biological crimes (e.g., attempted ricin poisonings). But this introduces the second challenge. Unlike the chemical and radiological/nuclear realms where materials of concern are highly regulated and the expertise is almost arcane, biology could be classified as dual use or multi-use. The strength of the field is based on the fact that it is inherently open in nature (e.g., peer-reviewed scientific journals), which has led to significant advances in areas such as healthcare. The materials are readily available throughout the world where some of the most hazardous agents are endemic to the area, and the majority of equipment can be purchased outright and do not fall under any regulatory regime. Previous attempts to impose controls typically used in the nuclear realm have shown limited success and showcased that overly burdensome security/compliance structures could hamper progress and innovation in countermeasure and biodefense development, thus posing a different form of security risk. Therefore, the strategy has been to look at the modality and identify points of exploitation or vulnerability while being almost agnostic to the threat actor.
So, in order to counter things like ISIS, like al-Qa`ida, like your drug cartels, it really is important to get a citizenry out there that is well-informed, aware, and educated so that threatening individuals can be flagged. If you’re a scientist or a clinician, you’re familiar with the Hippocratic Oath of “do no harm.” What we’re trying to do with our messaging and outreach is how do we evolve “do no harm” into “not on my watch.” Where now you’re an active contributor to be on the look-out, be willing to take that extra step if you see something suspect, and then taking some action, reporting it to somebody. If you happen to see somebody who’s going to become radicalized, if you see some weird activity going on, some weird inquiries about your research, or suspicious orders of material or equipment, don’t let it slide. If it doesn’t seem right to you, then take action, and ultimately what we hope for is that people in the field should call up their local WMD Coordinator and say “it may not mean much but this doesn’t look right, and I just want to make sure you’re aware of this.” That’s where we want to be, to [have] this culture of security awareness and then build up this network of sentinels out there to help the FBI in its mission and help the scientific community to better protect themselves.
CTC: From your perspective, what do you see as the greatest bio security threat facing the United States?
You: We obviously need to continue to be vigilant over the threats that biology could be harnessed by state or non-state actors that wish us harm. But biosecurity is not just looking at dangerous bacteria, viruses, or toxins, where naturally a lot of the attention is. It is also key to the strength of our economy and our geopolitical standing.
Let me explain. Things like gene editing and other bio technologies are going to be, in the very near future, completely dependent upon data, whether it be your DNA sequence information, your health records, your family history, all that is going to become incredibly relevant and valuable. And I don’t think as a country we are where we need to be yet on realizing the national security implications of such data. At the end of the day, the entity that has the largest, most diverse datasets when it comes to biologically relevant data will be at a big advantage when it comes to harnessing the power of biology to grow the economy.
As a result of that, we may have been short-sighted. Most of our legal frameworks have been focused on privacy and not on security. China has become a prime player and is collecting massive amounts of data from within the United States. Chinese entities are buying up biotech companies, companies that have access to DNA sequence technologies. They have positioned themselves to be the lowest cost out there, so they outbid everybody else. Also they’re buying up companies that do not fall under export control or ITAR considerations because at the end of the day, it’s just bio. It’s just data. Who cares about DNA sequencers? It’s not like you’re buying an arm of Boeing or Northrop Grumman.
But because there’s a lack of understanding about where bio is going, we’re in danger of falling behind, and my biggest concern is that for lack of our foresight and being strategic in this space, I think China is going to become a potential biological superpower. They’re not hindered by some of the limitations that we are internally in the U.S. For example, HIPAA [Health Insurance Portability and Accountability Act], the regulation that prevents sharing of patient information between two U.S. institutions without the explicit consent of the patient, doesn’t apply if that same information gets sent overseas. There’s one Shanghai-based DNA sequencing company that got all the appropriate accreditations and certifications, and as a result, the entire state of California is looking at outsourcing patient genetic testing to China.
From a biological standpoint, gene editing is pretty messy. And the reason why you have low efficiency is because you need more genetic data. So if you want to be really good at gene editing, then it’s incumbent upon you to collect as much genetic data as possible, to help with your efficiency. This incentivizes the acquisition of data. When President Obama launched the Precision Medicine Initiative a few years ago—this is a U.S. government initiative to basically leverage as much data as possible to come up with specific, customized therapies for disease, for cancer—the initial U.S. investment was $215 million. China announced their own Precision Medicine Initiative as well as big data analytics in their 13th five-year strategy, and their initial investment is $9.2 billion over the next 15 years. So they recognize the benefit and the promise of biotechnology when it comes to data. They’re all in.
CTC: Who else are you engaging about this need to protect bio data?
You: I’m engaging software designers. I’m engaging the cyber professionals, who never would have thought they would have had something to do with biosecurity. It really is incumbent upon us to revisit what constitutes biosecurity. We probably have to expand the definition and then tie the biosecurity to the health of the U.S. economy and our national security in a significant way. It’s a matter of how we ensure that we adequately address the possibility of falling behind in the biological domain. Do our existing policies, even our trade agreements and treaties, address this? This is something that even the Biological Weapons Convention doesn’t even touch. CTC
[a] Editor’s note: The code of ethics is available at https://diybio.org/codes/.
[b] Editor’s note: Europol stated that in February 2016, Moroccan authorities dismantled an Islamic State cell planning attacks in the country. Investigators, according to Europol, seized toxic chemical and biological substances that included “three jars … containing a substance that could be transformed into a deadly tetanus toxin.” The Moroccan Interior Ministry, according to Europol, confirmed that some of the seized substances are classified as “biological weapons.” See “Changes in Modus Operandi of Islamic State (IS) Revisited,” Europol European Counter Terrorism Centre, November 2016, p. 11.