CBRN and Bioterrorism Awareness for Executives | CloseProtectionHire

CBRN and Bioterrorism Awareness for Corporate Executives

Chemical, biological, radiological, and nuclear – CBRN – sits at the extreme end of the corporate security threat spectrum. The probability of any given executive encountering a deliberate CBRN incident is low. But the consequences when it occurs are severe, and the response protocols required are specific – they differ materially from standard emergency procedures and cannot be improvised on the day.

Corporate security programmes that exclude CBRN entirely are failing to address a documented threat category. ASIS International’s PSI.01 standard for physical security includes CBRN scenario planning as part of comprehensive threat assessment. This article provides the awareness framework: threat history, response protocols, and the specific considerations for corporate mailroom and building security.

Chemical Threats: From Novichok to Nerve Agents

Salisbury, March 2018. On 4 March 2018, Sergei Skripal – a former GRU officer – and his daughter Yulia were poisoned with Novichok, a military-grade nerve agent, in Salisbury, UK. The delivery mechanism was a perfume bottle applied to Skripal’s front door handle. The OPCW confirmed the identity of the agent. Bellingcat and The Insider identified the perpetrators as GRU Unit 29155 officers. Detective Sergeant Nick Bailey, the first responding police officer who entered the Skripal home, was hospitalised. Dawn Sturgess, a member of the public who came into contact with the discarded perfume bottle, died on 8 July 2018 (OPCW Technical Secretariat report, 2018).

The corporate security lessons from Salisbury are not about direct targeting – almost no corporate executive is at risk of a state-directed nerve agent attack. The lessons are about secondary contamination risk, the persistence of nerve agents on surfaces, and the importance of not handling suspicious items. A public health incident involving a nerve agent in an urban environment creates secondary contamination risks that affect anyone in proximity, not just the primary target.

Tokyo subway, March 1995. On 20 March 1995, Aum Shinrikyo cult members released sarin in five Tokyo subway lines during morning rush hour. Thirteen people died. Fifty were severely injured. Approximately 6,000 individuals sought medical attention. Critically for emergency response planning, 135 emergency service personnel were affected by secondary contamination when treating casualties without full personal protective equipment (Journal of Emergency Medicine, 1996). This remains the most significant chemical weapon attack carried out by a non-state actor.

The Tokyo attack demonstrated that first responders without CBRN-specific PPE become casualties themselves – a reality that shapes the JESIP (Joint Emergency Services Interoperability Programme) multi-agency framework for chemical incident response in the UK today.

Syrian chemical weapons. The OPCW has verified multiple uses of chemical weapons in the Syrian civil war, including chlorine and sarin. The Douma attack of 7 April 2018 was attributed to Syrian government forces in the OPCW’s 2020 attribution report. Executives operating in conflict-adjacent regions should be aware that industrial-sector targets – pipelines, chemical facilities – may be at risk of secondary chemical hazard release in conflict environments.

Biological Threats: Anthrax and Beyond

The 2001 anthrax letters. Between 18 September and 9 October 2001, letters containing Bacillus anthracis spores were mailed to US senators, congressional offices, and media organisations. Five people died; 17 were infected. The FBI’s AMERITHRAX investigation, one of the most complex in the bureau’s history, identified Dr Bruce Ivins – a USAMRIID microbiologist – as the primary suspect before his death in 2008 (FBI AMERITHRAX investigation summary, 2010). The investigation cost over USD 100 million.

The anthrax letters established the corporate mailroom as a CBRN threat vector. USPS implemented mail irradiation for congressional correspondence. Corporate mailroom protocols – now formalised in NPSA and NaCTSO guidance on suspicious substances – derive directly from the 2001 response.

Suspicious package protocol. The NPSA suspicious substances guidance is the operational standard for UK corporate environments:

1. Do not open the item. Do not smell it.
2. Leave it exactly where it is.
3. Evacuate the immediate area. Close any doors behind you.
4. Wash hands and face with soap and cold water – not hot water.
5. Call 999 and report what you have seen.
6. Notify building security management and reception.
7. Do not allow anyone who has handled the item to leave the building area until emergency services advise.

Mailroom staff should receive this training on appointment and at annual refresher. The NPSA has produced a brief training module suitable for non-specialist staff.

Natural pandemic as a planning scenario. COVID-19, regardless of its origin, demonstrated that a respiratory pathogen can produce the operational conditions for a CBRN-type response: border closures, evacuation failures, hospital overload, and the sudden unavailability of commercial aviation. Corporate business continuity plans and MEDEVAC arrangements should be reviewed against a pandemic scenario alongside conventional CBRN scenarios.

Radiological Threats: IAEA Data and RDD Scenarios

The ITDB. The IAEA’s Incident and Trafficking Database has recorded 4,243 confirmed incidents of nuclear and radiological material out of regulatory control since 1993 (IAEA ITDB 2023). The majority involve radioactive sources used in medical and industrial applications – Caesium-137, Cobalt-60, Americium-241, and Iridium-192 are the most frequently encountered materials. Lost, abandoned, and stolen radioactive sources are a persistent problem, particularly in the former Soviet states.

Alexander Litvinenko, November 2006. The assassination of Alexander Litvinenko – a former FSB officer and British citizen – by Polonium-210 poisoning in London represented the first confirmed use of a radioactive substance as an assassination weapon. Litvinenko died on 23 November 2006. The Litvinenko public inquiry, chaired by Sir Robert Owen, concluded in January 2016 that the operation was “probably approved” by Vladimir Putin and Nikolai Patrushev, then Director of the FSB. The Polonium trail – detectable in the aircraft Litvinenko’s killers had used on prior trips to London – demonstrated both the operational sophistication of the attack and the intelligence value of radiation monitoring (High Court of Justice Litvinenko Inquiry, 2016).

Radiological dispersal devices. A dirty bomb combines conventional explosives with radioactive material. No confirmed RDD detonation by a terrorist group has occurred. But the IAEA documents active efforts by non-state actors to acquire suitable materials, and the combination of readily available radiological sources and widely understood bomb-making techniques makes it a credible scenario in major cities.

The immediate response to a suspected RDD detonation: move rapidly upwind and away from the scene. Do not touch surfaces that may be contaminated. Avoid touching your face. Await emergency service guidance on decontamination. Do not use potassium iodide (KI) – KI only protects against radioactive iodine-131 and is relevant only in nuclear scenarios, not in most RDD scenarios involving Cs-137 or Co-60.

Nuclear Considerations for Executive Travel

The probability of a nuclear weapon detonation in an area where a corporate executive is operating is vanishingly small under almost any scenario. The relevant nuclear considerations for most executive travel programmes are:

States with documented nuclear programmes. DPRK has an estimated 40 to 60 nuclear warheads as of the Arms Control Association assessment 2024. It is designated under the Chemical Weapons Convention by the US State Department for its documented CW programme. Iran’s enrichment activities are documented by ongoing IAEA safeguards monitoring following the JCPOA breakdown. For executives operating in proximity to these states – South Korea, Japan, Gulf states, Iraq – awareness of the geopolitical context is part of the travel security briefing.

Nuclear facility proximity. Executives visiting industrial sites in regions where nuclear power infrastructure has been targeted in conflict – Ukraine’s Zaporizhzhia Nuclear Power Plant was seized by Russian forces in March 2022 and remained under military control – face secondary radiological hazard risk from infrastructure damage.

Corporate Response Framework: What Security Managers Need

Building-level measures. For corporate buildings assessed as potential targets, CBRN-modified emergency procedures should be documented and rehearsed. This includes: building air intake locations (relevant for airborne chemical release scenarios), room sealing capability (improvised shelter-in-place using tape and plastic sheeting for short-duration chemical incidents), decontamination shower location, and HAZMAT team contact arrangements.

Training. ASIS PSI.01 standard for physical security identifies CBRN as a component of comprehensive threat assessment. NaCTSO provides free-to-access training materials for corporate security managers. NPSA provides specialist guidance for organisations assessed at higher risk. Annual awareness training for mailroom and reception staff is a minimum.

Travel briefings. For executives travelling to states or regions with documented CBRN programmes, CBRN awareness should be part of the pre-departure security briefing – alongside conventional crime, terrorism, and evacuation planning.

Medical intelligence. International SOS and Global Rescue both provide CBRN-aware medical support for corporate travellers. Their 24-hour operations centres can advise on suspected exposure scenarios in real time and coordinate with local emergency services where needed.

For the broader framework covering terrorism awareness for corporate travellers, see our guide to terrorism awareness for corporate travellers. For the surveillance indicators that often precede targeted attacks – including CBRN scenarios – see hostile reconnaissance detection.

James Whitfield is a Senior Security Consultant with operational experience across corporate and close protection environments. Sources: OPCW Technical Secretariat Salisbury report 2018; OPCW Douma attribution report 2020; IAEA Incident and Trafficking Database 2023; FBI AMERITHRAX investigation summary 2010; High Court of Justice Litvinenko Public Inquiry 2016; Journal of Emergency Medicine (Tokyo sarin secondary contamination) 1996; Arms Control Association Nuclear Threat 2024; NPSA suspicious substances guidance 2024; NaCTSO CBRN guidance 2024; ASIS PSI.01; WHO decontamination guidance; JESIP framework 2024; Europol TE-SAT 2024.