NCBI Bookshelf. A service of the National Library of Medicine, National Institutes of Health.

National Research Council (US) Committee on Laboratory Security and Personnel Reliability Assurance Systems for Laboratories Conducting Research on Biological Select Agents and Toxins. Responsible Research with Biological Select Agents and Toxins. Washington (DC): National Academies Press (US); 2009.

Cover of Responsible Research with Biological Select Agents and Toxins

Responsible Research with Biological Select Agents and Toxins.

Show details

2The Current Regulatory Environment

INTRODUCTION

Fundamental International Commitments

The fundamental international commitments not to use disease as a weapon are embodied in the Geneva Protocol, which was signed in 1925 and entered into force in 1928, and the Biological and Toxin Weapons Convention (BWC), which was signed in 1972 and entered into force in 1975.1 The Geneva Protocol prohibits the first use of chemical and biological warfare but does not ban production, storage, or transfer. That gap was closed by the BWC and later by the Chemical Weapons Convention of 1993. Article I of the BWC states:

Each State Party to this Convention undertakes never in any circumstances to develop, produce, stockpile or otherwise acquire or retain:

  1. Microbial or other biological agents, or toxins whatever their origin or method of production, of types and in quantities that have no justification for prophylactic, protective or other peaceful purposes;
  2. Weapons, equipment or means of delivery designed to use such agents or toxins for hostile purposes or in armed conflict.

The BWC does not prohibit research on defenses against biological weapons, which a number of countries, including the United States and its major allies, have continued.

Of more direct relevance to bioterrorism, United Nations (UN) Security Council Resolution (UNSCR) 1540, passed in 2004 with strong support from the United States, imposes a binding international commitment on all UN members not to provide “any form of support to non-State actors that attempt to develop, acquire, manufacture, possess, transport, transfer or use nuclear, chemical or biological weapons” (UN 2004). UN member states must undertake and enforce domestic measures against the proliferation of weapons of mass destruction (WMD), related materials, and the means to deliver them, including specific measures such as effective border controls and physical security. “If implemented successfully, each state’s actions will significantly strengthen the international standards relating to the export of sensitive items and support for proliferators (including financing) and ensure that non-state actors, including terrorist and black-market networks, do not gain access to chemical, nuclear or biological weapons, their means of delivery or related materials” (Department of State 2009a).2

Evolution of U.S. Policies and Procedures for Research with Biological Agents and Toxins

Measures to Address Safety: Biosafety Guidelines

Over time, scientists have developed best practices for research with potentially dangerous biological agents or toxins—including but not limited to biological select agents and toxins (BSAT). Such practices are designed to ensure this research does not cause harm to those working in laboratories or to the broader public and environment because of accidents or accidental releases. In the United States, the National Institutes of Health (NIH) published its first edition of Biosafety in Microbiological and Biomedical Laboratories (BMBL) in 1984; the fifth edition was published in 2007 (CDC/NIH 2007).3 The BMBL categorizes infectious agents and laboratory activities into four biosafety levels (BSL-1 through BSL-4) and establishes safety requirements for each level based on risk.4

  • BSL-1 laboratories are for working with agents and toxins that do not consistently cause disease in healthy human adults;
  • BSL-2 laboratories are for working with agents and toxins that can be spread through puncture, absorption through mucus membranes, or ingestion;
  • BSL-3 laboratories are for working with agents and toxins that are capable of aerosol transmission and that may cause serious or lethal infection; and
  • BSL-4 laboratories are for working with agents or toxins that pose a high risk of life threatening disease that may be aerosol transmitted and for which there is no available therapy or vaccine.

BSL-3 and BSL-4 laboratories are considered “high” and “maximum containment,” respectively. They require specialized expertise to design, construct, operate, and maintain. It should be noted that there are no inherent security requirements associated with the BSL levels; these are intended for safety. Security considerations are tied to the agents being used; the specific type of agent or toxin drives the requirement for security.

While some research and testing for the development of countermeasures for select agents can be conducted at BSL-2, work on the most dangerous agents requires BSL-3 and -4 conditions. High and maximum containment laboratories may also be necessary for some diagnostic and analytical services and for basic research on pathogenesis and other aspects of hazardous infectious agents. Table 2-1 contains a more detailed summary of the recommended practices, safety equipment, and facilities for each of the biosafety levels for infectious agents.

TABLE 2-1. Recommended Practices, Safety Equipment, and Facilities for Biosafety Levels 1-4.

TABLE 2-1

Recommended Practices, Safety Equipment, and Facilities for Biosafety Levels 1-4.

The BMBL guidelines have become the accepted practice in U.S. laboratories and have provided a model for similar practices in other countries. They are not codified in formal regulations, but are powerful performance-based standards for how laboratories are expected to operate. “According to federal grant policy and standard contract language, researchers and laboratory workers at institutions receiving federal funds are to be trained in the procedures described in the BMBL before they gain access to the laboratory” (Gottron and Shea 2009:6).

For the first time, the fifth edition of the BMBL contains a discussion of “biosecurity,” whose objective is defined as preventing “loss, theft or misuse of microorganisms, biological materials, and research-related information” (CDC/NIH 2007:105).5 The manual provides guidelines for a biosecurity program, including physical security and personnel management measures.

Measures to Address Security

The BWC calls on its member states to enact legislation to support the implementation of the treaty. The United States passed the Biological Weapons Anti-Terrorism Act of 1989 (Public Law 101–298, May 22, 1990), which established penalties for violating the Convention’s prohibitions, unless “(1) such biological agent, toxin, or delivery system is for a prophylactic, protective, or other peaceful purpose; and (2) such biological agent, toxin, or delivery system, is of a type and quantity reasonable for that purpose.” In keeping with the treaty, the legislation focused on the purpose for which agents or toxins were possessed, rather than the agents themselves. The law authorizes the government to apply for a warrant to seize any biological agent, toxin, or delivery system that has no apparent justification for peaceful purposes, but prosecution under the law would require the government to prove that an individual did not have peaceful intentions (Atlas 1999). Since President Richard M. Nixon had already ended the U.S. offensive biological weapons program 20 years earlier,6 the law attracted little attention when it was enacted.

THE BEGINNINGS OF THE SELECT AGENT PROGRAM

The first legislation that sought to limit the threat that biological agents or toxins from legitimate U.S. research laboratories would fall into the hands of terrorists was the Antiterrorism and Effective Death Penalty Act of 1996 (Public Law 104–132, April 24, 1996). The Act was passed amid rising concerns about terrorism, including with nuclear, chemical, or biological materials, in the wake of the 1993 World Trade Center and 1995 Oklahoma City bombings and the revelation of the Aum Shinrikyo’s efforts to create biological as well as chemical weapons after its release of sarin in the Tokyo subway system. The immediate cause of the legislation was the attempt by a U.S. scientist with ties to white supremacist organizations to obtain plague-causing bacteria for potentially nefarious purposes (Stern 2000; Carus 2001; Gronvall 2008).

The Act contained several findings about the risks of bioterrorism:

  1. certain biological agents have the potential to pose a severe threat to public health and safety;
  2. such biological agents can be used as weapons by individuals or organizations for the purpose of domestic or international terrorism or for other criminal purposes;
  3. the transfer and possession of potentially hazardous biological agents should be regulated to protect public health and safety; and
  4. efforts to protect the public from exposure to such agents should ensure that individuals and groups with legitimate objectives continue to have access to such agents for clinical and research purposes. (Public Law 104–132, April 24, 1996, Sec. 511)

The Act required the Secretary of Health and Human Services (HHS) to issue regulations to govern the transport of biological agents with the potential to pose a severe threat to public health and safety through their use in bioterrorism. In establishing the list of materials to regulate, the Secretary was to consider: “(I) the effect on human health of exposure to the agent; (II) the degree of contagiousness of the agent and the methods by which the agent is transferred to humans; (III) the availability and effectiveness of immunizations to prevent and treatments for any illness resulting from infection by the agent; and (IV) any other criteria that the Secretary considers appropriate” (Public Law 104–132, April 24, 1996, Sec. 511). The Secretary delegated the authority to regulate these “select agents” to the Centers for Disease Control and Prevention (CDC). To ensure that the transfer of these agents was carried out only by and between responsible parties, CDC required that laboratories transferring select agents be registered and report each transfer.7

The initial list of select agents, introduced in 1997, contained 42 agents and toxins. It included some agents that could affect both humans and animals (for example, Bacillus anthracis and Francisella tularensis), but did not include those affecting only animals and plants. In drawing up the list, groups of experts from inside and outside the government focused on the agents and toxins that had been weaponized in the United States. and other offensive biological weapons programs prior to the advent of the BWC or those that were considered to have the greatest potential for weaponization.8

In the wake of the terrorist attacks of September 11, 2001, and the Bacillus anthracis9 mailings in October of 2001, Congress passed legislation that substantially expanded the scope of the Select Agent Program. The USA PATRIOT Act of 2001 (Public Law 107–56, October 26, 2001) made it an offense for a person to knowingly possess any biological agent, toxin, or delivery system of a type or in a quantity that, under the circumstances, is not reasonably justified by prophylactic, protective, bona fide research, or other peaceful purpose. The Act also established restrictions on the possession or transfer of select agents by “restricted persons,” which are individuals with one or more disqualifying factors in their background or behavior (see below).

The provisions of the USA PATRIOT Act were subsequently augmented by the Public Health Security and Bioterrorism Preparedness and Response Act, known as the Bioterrorism Act of 2002 (Public Law 107–188, June 12, 2002). This Act added requirements for regulations governing possession of select agents, including approval for laboratory personnel by the Attorney General following a background check by the Federal Bureau of Investigation (FBI). It also gave the U.S. Department of Agriculture (USDA), through its Animal and Plant Health Inspection Service (APHIS), the authority to regulate the possession, use, and transfer of BSAT materials that relate to plant and animal health and products, complementing the authority granted to CDC for human pathogens. The regulation of select agents and toxins is thus a shared federal responsibility involving HHS/CDC, USDA/APHIS, and the Department of Justice (DOJ). The Bioterrorism Act has been implemented through a series of regulations; the final regulations—42 CFR 73 (human pathogens), 9 CFR 121 (animal pathogens), and 7 CFR 331 (plant pathogens)—became effective in the spring of 2005.10

THE CURRENT SELECT AGENT PROGRAM

The current Select Agent Program has a number of components, which are described in the first part of this section. This is followed by a discussion of the operation of the program, such as inspections and inventory requirements.

The List of Select Agents and Toxins

The addition of agents and toxins that could affect animals and plants almost doubled the size of the original select agent list (see Table 2-2 for the current list). In the years since the revised list was issued, the reconstructed 1918 influenza virus was added to the list in 2005; some of the discussion over the wisdom of reconstructing the virus focused on its potential as a biological weapon or bioterror agent. As mentioned in Chapter 1, at the time this report was written, two Federal Register notices were seeking comment on proposals to add the SARS-associated coronavirus and Chapare virus to the list (HHS 2009a,b). The question of adding the SARS and Chapare viruses also illustrates a continuing argument/discussion of whether the list should include agents and toxins that are primarily serious public health threats rather than only those that are likely candidates for use in bioterrorism. The language of the USA PATRIOT Act and the Bioterrorism Preparedness Act speak of agents that pose threats to “public health,” but the acts are focused on the threats posed by bioterrorism rather than more general infectious diseases. Some of the proposals to stratify the list reflect an effort to focus the Select Agent Program on those agents and toxins that pose the greatest threats to security (e.g., NSABB 2009). We return to this issue in Chapters 3 and 5 but note it here as part of the context for the operation of the Select Agent Program.

TABLE 2-2. Current List of Select Agents and Toxins.

TABLE 2-2

Current List of Select Agents and Toxins.

The Security Risk Assessment11

A Security Risk Assessment (SRA) is required for all individuals who have access to select agents or toxins, including principal investigators, laboratory staff, and some maintenance personnel. Certain designated officials—the Responsible Official (RO) and the Alternate Responsible Official (ARO), who oversee the program at an individual entity,12 as well as any owners/controllers of nongovernment entities—must also undergo an SRA even if they will not have personal access to select agents. All registered entities (except for federal, state, or local governmental agencies or accredited public academic institutions) must also undergo an SRA.13

The SRA for individuals is carried out by the FBI’s Criminal Justice Information Services (CJIS) Division. An individual’s SRA is valid for five years unless terminated sooner by CDC, APHIS, or the employer. The SRA is tied to the entity for which the individual works; it cannot be transferred if she or he moves to another BSAT facility. A certificate of registration for an entity is valid for a maximum of three years. The entity, the RO, ARO, and individuals that own or control the entity must obtain security risk assessment approval each time the certificate of registration is renewed.

The purpose of the SRA is to determine whether an applicant has any of the factors that would prohibit him or her from working with select agents, based upon the exclusions enumerated in relevant legislation. An individual is considered a “restricted person” under the USA PATRIOT Act if he or she:14

  • Is under indictment for a crime punishable by imprisonment for a term exceeding one year or has been convicted in any court of a crime punishable by imprisonment for a term exceeding one year.
  • Has received a dishonorable discharge from the U.S. military. This provision ensures that those who commit comparable crimes while in the military will also be denied access to BSAT materials.
  • Is a fugitive from justice.
  • Is an unlawful user of any controlled substance (as defined in section 102 of the Controlled Substances Act (21 USC 802)).
  • Has been adjudicated as a mental defective or has been committed to any mental institution. The prohibition is based on specific legal distinctions that make this a small category of individuals.15
  • Is an alien illegally or unlawfully in the United States.
  • Is an alien (other than an alien lawfully admitted for permanent residence) who is a national of a country that has repeatedly provided support for acts of international terrorism. This is operationalized as nationals of countries formally designated as state sponsors of terrorism. Currently there are four such countries: Cuba, Iran, Sudan, and Syria (Department of State 2009b).16

Unlike formal security clearances, foreign nationals are thus eligible for access to BSAT.17

Additionally, under the Bioterrorism Preparedness Act, an individual could not have access to select agents if he or she is “reasonably suspected” by any federal law enforcement or intelligence agency of:

  • Committing a crime specified in 18 USC 2332b(g)(5);18
  • Having a knowing involvement with an organization that engages in domestic or international terrorism (as defined in 18 USC 2331) or with any other organization that engages in intentional crimes of violence; or
  • Being an agent of a foreign power (as defined in 50 USC 1801).19

Evidence of any of the disqualifying factors leads to a permanent denial of access to select agents and toxins, without statute of limitations or sunset provision on any of the prohibitions. An individual whose request for access is denied receives a formal, written notification, which will contain the specific reason for the denial. An individual may appeal the denial in writing to CDC or APHIS within 30 calendar days if he or she believes the information used as the basis for the denial is incorrect (such as in the case of mistaken identification). The appeal must state the factual basis for the request to overturn the denial and provide supporting documentation. If the denial was based on material produced by the CJIS review of federal databases, the appeal will be forwarded to the FBI.

According to data provided to the committee by CDC, USDA, and the FBI, as of September 10, 2009, a total 31,349 individual applications had been processed by CDC and USDA since the beginning of the program. Of these, 1,860 were withdrawn prior to renewal and 192 applicants were denied as restricted persons. Fifty-eight restricted individuals had appealed the denials, of which 36 denials were sustained and 22 were overturned. Of those denied access, 158 individuals were restricted for a single prohibited factor, while 12 had multiple disqualifying factors. In just under 70 percent of the cases, the disqualifying factor was being convicted of a crime with greater than a one-year imprisonment as the potential penalty.

According to information provided by FBI/CJIS to the committee, as of September 10, 2009, approximately 13,609 individuals had active SRA approval for access to select agents regulated by CDC or APHIS. At present, the average turnaround time for an SRA screening is 31 days, down from an average of 61 days in 2008 (Weyant 2009). CDC did not keep records on processing times from the start of the program, but, in the initial phases of implementation, the processing time was much longer, sometimes months, because the need to review so many people initially overwhelmed the system. Some of the committee’s discussions and site visits suggested that the process still can take several months, although now only for specific cases.

Implementing the SRA

The assessment of whether an individual has any of these disqualifying factors is based on responses to questions on the SRA application (FBI Form FD-961; see Appendix D) along with a fingerprint check and a search of a wide range of federal databases to identify disqualifying background/activities.20 Box 2-1 contains a list of the databases searched as part of the SRA.

Box Icon

BOX 2-1

Databases Used to Carry Out SRA Investigations. National Crime Information Center Files Foreign Fugitive File

SRA screening to identify those with criminal records relies on the standard criminal databases maintained by the FBI and Department of Homeland Security (DHS) for these purposes and used to conduct routine suitability or security screening for other federal agencies. These databases are also available to, and widely used by, employers outside the federal government. It is noted in a DOJ study of the government’s criminal history databases that the FBI handles more fingerprint checks for noncriminal justice purposes than for those related to law enforcement (DOJ 2006:3); for example, it processed approximately 10 million such requests in 2005.

There is widespread interest in obtaining access to criminal history record information from reliable sources for the purpose of screening an individual’s suitability for employment, licensing, or placement in positions of trust. The interest comes from private and public employers, as well as non-profit organizations that place employees and volunteers to work with vulnerable populations such as children, the elderly, and disabled persons. The interest is based on a desire or perceived need to evaluate the risk of hiring or placing someone with a criminal record in particular positions and is intended to protect employees, customers, vulnerable persons, and business assets. Employers and organizations are subject to potential liability under negligent hiring doctrines if they fail to exercise due diligence in determining whether an applicant has a criminal history that is relevant to the responsibilities of a job and determining whether placement of the individual in the position would create an unreasonable risk to other employees or the public. In addition to addressing this litigation risk, employers want to assess the risks to their assets and reputations posed by placing persons with criminal histories in certain positions. To meet these business needs, employers can and frequently do ask applicants whether they have a criminal history. Such employers and organizations want access to criminal history records to determine whether applicants are answering the question about their criminal history truthfully and completely. They believe that having access to good sources of criminal history information is the only way the interest in performing due diligence to protect employees, assets, and the public can be served. Public employers’ need for the information often goes beyond considering job suitability and includes security clearance determinations. There also has been a growing use of criminal history screening in certain sectors of the economy related to counterterrorism efforts. (DOJ 2006:1)

It should be noted that questions have been raised about the accuracy and completeness of the standard databases. The same DOJ study cited above found, for example, that although the Interstate Identification Index (III or “Triple I”) system—one of those used in the SRA screening—was “quite comprehensive in its coverage of nationwide arrest records for serious offenses,” it was missing information about the final disposition of about 50 percent of the cases in the database (DOJ 2006:3; emphasis added).21 In addition, a recent study of the Transportation Security Agency’s (TSA) screening of port workers found substantial delays in the processing time and some evidence of a problem with incorrectly identifying some candidates as having criminal records, although the appeal process seemed able to address most of the mistakes (NELP 2009).

The SRA relies upon 10 databases maintained by the Bureau of Immigration and Customs Enforcement’s Law Enforcement Support Center to identify whether non-U.S. citizens are in the country legally. These are the standard databases used throughout the federal government for screening an individual’s immigration status. Increased security concerns after the September 11, 2001, terrorist attacks and ongoing debate over immigration policy have led to significant investment in identifying and tracking foreign nationals visiting or living in the United States. This has resulted in substantial improvements in the databases, although concerns about errors and misidentifications remain, for example because the same name may be shared by multiple individuals or because of confusion caused by the transliterated spelling of names. It should be noted that the policy discussions related to screening non-U.S. citizens have focused largely on the difficulty of acquiring information about an individual’s life prior to his or her arrival in the United States rather than the adequacy of the databases for tracking people once they have arrived. The report on personnel reliability from the National Science Advisory Board for Biosecurity (NSABB), for example, recommends more rigorous screening for foreign nationals but does not make specific suggestions for how that should be implemented (NSABB 2009).

As mentioned above, the Bioterrorism Preparedness Act added prohibitions for work with BSAT materials that concern involvement in crimes of terrorism or with groups who commit acts of violence. Additional databases, such as the Violent Gang and Terrorist Organizations File, the Terrorist Screening Center Database, and TSA’s No Fly and Selectee databases, are used for this part of the screening.

The issue of illegal drug use is captured by SRA screening in two ways. Criminal database searches would identify anyone convicted of a drug-related felony offense as part of the general criminal check.22 The application also asks, “Are you an unlawful user of any controlled substance (as defined in Section 102 of the Controlled Substance Act [21 U.S.C. 802])?” and anyone answering affirmatively is disqualified. There is no attempt to verify the accuracy of statements about current use, however.

In addition to the initial review and a new review every five years or if an individual moves to a new entity, “the FBI is automatically notified when an individual with a favorable SRA is arrested and fingerprinted or checked against criminal databases for whatever reason. The FBI also monitors individuals with favorable SRAs for criminal activity or terrorist ties by periodically cross-checking their names and fingerprints against federal databases. Access to select agents can be denied, limited, or revoked at any time by the institutional RO or ARO, CDC, or USDA if deemed appropriate” (NSABB 2009:3).

Recognizing the importance of collaboration in scientific research, procedures are in place to enable an individual with a current SRA to visit another registered entity. The RO of the home entity must notify the RO of the receiving entity in writing that the proposed visitor has an active approved SRA. The RO of the entity that will be hosting the visitor must submit this letter and a request to amend the registration to the lead agency (APHIS or CDC), which will approve or deny the amendment. Once the visit is complete, the receiving entity RO should amend the entity’s registration to remove the visitor.23

Participation in the Program24

The Select Agent Program requires “registration of facilities including government agencies, universities, research institutions, and commercial entities that possess, use or transfer biological agents and toxins that pose a significant threat to public, animal or plant health, or to animal or plant products.”25 Material provided to the committee by CDC and APHIS showed that, as of early September 2009, 388 entities had received authorization to work with select agents and toxins (see Figure 2-1), of which 84 percent were registered with CDC and 16 percent with APHIS (Kielbauch et al. 2009). The largest single components were nonfederal government laboratories (121 entities) and academic entities (120 entities). Federal laboratories comprised 65 entities, and the remaining component was commercial and private entities (82 entities) (Kielbauch et al. 2009). There is no directory of the facilities within these categories, because the names of the registered facilities are not made public.

FIGURE 2-1. Entities registered to work with select agents and toxins.

FIGURE 2-1

Entities registered to work with select agents and toxins. Data provided by APHIS and CDC

One of the most serious challenges to implementing the Select Agent Program is the sheer diversity of facilities that work with select agents. This diversity extends both within and across the four main categories of entities and includes, among other factors, size, the type and mix of personnel, the characteristics of work carried out, the variety of sponsors for the work, and the variety of BSAT materials each holds. What follows is a brief description to illustrate the range of facilities encompassed within the program. Given its charge, the committee’s interest focused on those facilities that have the conduct of research as their primary focus, which includes at least some entities within each category.

Academic Entities

The public consultations organized to inform related reports, public discussions held by the committee, and the committee’s site visits revealed significant diversity among academic laboratories. In addition to research facilities at universities and academic medical centers, “academic entities” include a few nonprofit research facilities such as the Southwest Foundation for Biomedical Research in San Antonio, Texas.

Three of the five currently operating BSL-4 laboratories fall within this category: the Southwest Foundation, Georgia State University, and the University of Texas Medical Branch at Galveston (UTMB). UTMB has also constructed a new, larger BSL-4 laboratory—the Galveston National Laboratory—that is awaiting final certification, and Boston University has completed construction of a BSL-4 laboratory but is awaiting resolution of legal issues surrounding an environmental impact statement before it can be opened (NRC 2007a).

Most select agent laboratories involve research at the BSL-3 safety level. In most cases, select agent laboratories comprise a small fraction of the total number of biological laboratories on a campus; for example, the biosafety officer from Vanderbilt University informed the committee that there is one select agent laboratory out of a total of 500 at her university (Burnett 2009).26 The size, staffing, and type of research conducted by academic select agent laboratories varies substantially. The NIH-funded New England Regional Center of Excellence National Screening Laboratory, located at Harvard Medical School, reported an SRA-cleared staff of 12, including four technical staff members, four animal care staff, two administrators, and two postdoctoral researchers. George Mason University anticipates registering 30–40 individuals employed by the university, as well as several contracted animal care technicians when its Biomedical Research Laboratory is operational in 2010.

Federal Entities

The federal government operates the largest category of entities that are part of the Select Agent Program. NIH and CDC within HHS, USDA, the Department of Defense (DOD) and the separate military services, the Department of Energy (DOE), and the Environmental Protection Agency—operate laboratories conducting research on select agents and toxins. Some of the facilities conduct specifically defense-related research, such as DOD’s Edge-wood Chemical Biological Center, which focuses on defensive needs of the warfighter, including development of protective equipment. Others, such as DHS’ National Biodefense Analysis and Countermeasures Center (NBACC), which will focus on threat characterization and bioforensics research when it is operational, reflect increasing concern with homeland security. And others, such as NIH’s Rocky Mountain Laboratories or USDA’s National Plant Germplasm and Biotechnology Laboratory, primarily carry out research related to broader threats of select agents and toxins to human or animal health or plant and animal products.

Private and Commercial Entities

Private nonprofit and commercial for-profit entities include pharmaceutical and biotechnology firms carrying out research with select agents and toxins as part of developing a range of diagnostics, vaccines, and related therapeutics. Some of this research is supported by the federal government, and some is part of product development by companies for the private market. A number of the entities in this category also specialize in carrying out contracted research for multiple sponsors, pubic and private, who do not choose to maintain a laboratory. It is these facilities that are particularly affected by multiple inspections and conflicting security requirements imposed by different agencies.

State and Local Government Entities

State and local government laboratories are generally quite different from the other entities in the program. Most are state and local public health laboratories, part of the Laboratory Response Network (LRN), a national network of approximately 150 laboratories created in 1999 by HHS to respond to chemical and biological terrorism and other public health emergencies.27 Although some of the larger state laboratories conduct research, most of these laboratories do not conduct regular work with select agents. They are included in the Select Agent Program because they might encounter select agents as part of routine diagnostic work and because they maintain reference strain collections to confirm specific select agents and toxins as part of the LRN.

Reference labs, sometimes referred to as “confirmatory reference,” can perform tests to detect and confirm the presence of a threat agent. These labs ensure a timely local response in the event of a terrorist incident. Rather than having to rely on confirmation from labs at CDC, reference labs are capable of producing conclusive results. This allows local authorities to respond quickly to emergencies. (CDC 2009)

Operation of the Program28

All entities registered to possess select agents and toxins must develop a security plan to safeguard the select agents in their possession against unauthorized access, theft, or loss. There must also be a biosafety plan, commensurate with risks posed by the agents or toxins, to safeguard against their release in the laboratory or to the wider environment. The existing BMBL, NIH Guidelines for Research Involving Recombinant DNA Molecules, and regulations from the Occupational Safety and Health Administration provide guidance for developing the safety plan (current biosafety guidelines were discussed in more detail earlier). Laboratories registered to work with toxins must also have a chemical hygiene plan. Finally, an incident response plan is required to be sure the entity is prepared to deal with the consequences of an accident or deliberate act.

Inspections

“An important tenet of the CDC Select Agent Program is that it treats all registered entities the same—whether that lab is a commercial lab, state or local public health lab, or a federal lab (including CDC and Department of Defense labs)” (Besser 2007); the same principle applies for those entities supervised by APHIS for USDA. Implementation of this principle means that common standards are employed, the checklists used during inspections and the requirements laboratories are expected to meet are the same, and there is a consistent determination of what will trigger a referral of any laboratory to the HHS Office of Inspector General (OIG) or APHIS Investigative and Enforcement Services (APHIS-IES) for possible violations of the regulations. CDC and APHIS provide training and compliance assistance to help individuals and entities understand and meet the requirements of the program.

Inspections are the primary means by which compliance with the regulations is confirmed. Routine inspections are carried out every three years, with additional inspections taking place whenever an entity desires to make a significant change to its select agent registration, such as changes in currently registered laboratories or additional new laboratories that require registration. Other inspections may take place as follow-up resulting from audits by federal partners or investigation of potential biosafety or security concerns that could affect public health and safety. Between 2003, when the interim regulations for the program were released, and early summer 2009, CDC conducted 840 select agent inspections and APHIS 324 inspections. The inspections were frequently done in collaboration with each other and other federal agencies.

The procedure for routine inspections involves an extensive review of laboratory safety and security as related to the possession, use, and transfer of select agents, using checklists based on the select agent regulations and recognized safety standards.29 Inspectors observe the physical safety and security components of the facility, examine the documentation available, and interview laboratory personnel to collect information used to complete the checklists. Results of the CDC or APHIS inspection are provided to the institution in a written report, and entities must respond within a specified time to any deficiencies noted in the inspection report, with documentation of how they have resolved those deficiencies. If the deficiencies are considered serious enough, a verification site visit would be used to confirm that the problems have been corrected.

Several types of enforcement actions can occur in cases where there are possible violations of the select agent regulations:

  • Administrative actions: a registered entity’s certificate of registration can be suspended or revoked (a suspension can include work at a registered entity or be specific to particular agents or particular types of experiments). An entity’s application to possess, use, or transfer select agents can also be denied.
  • Civil or criminal penalties: Civil monetary penalties (up to $250,000 for an individual for each violation and up to $500,000 for an entity for each violation) or criminal enforcement actions (imprisonment for up to five years, a fine, or both) are possible for more serious violations.
  • Referral to FBI: Possible violations involving criminal negligence or a suspicious activity or person are referred to the FBI for further investigation.30

The Select Agent Program also promotes laboratory safety and security by providing technical assistance and guidance to registered entities, which includes presenting workshops, having a primary point of contact assigned to each entity, developing frequently asked questions that are posted on the program Web site, and making technical presentations at meetings and conferences.

Inventory

Entities that possess BSAT materials are required to keep specific kinds of records and other information about the materials in their possession. (Addtional information about current policies is included in Chapter 5.) An accurate, current inventory is required for each agent in long-term storage, that is, maintained in a condition that keeps them viable for future use.31 Entities are also required to have protocols in place for transfer and accountability of inventories when the investigator responsible for the inventory leaves, including change in employment, retirement, death, sabbatical, or other reasons, and no longer has an active role in the entity.

Reports of Theft, Loss, and Release

All reports of theft, loss, or release of select agents are investigated to ensure that public health and safety are protected. From 2003 until the end of September 2009, there were 154 incidents reported to CDC and USDA through the Select Agent Program’s theft, loss, and release reporting system. Follow-up investigations conducted by HHS, USDA, and the FBI determined that there were no confirmed losses or theft of a select agent. There were three confirmed releases of a select agent, and these were all identified by illnesses in five laboratory workers as a result of working with the agents (Besser 2007).

OTHER FEDERAL REGULATIONS RELATED TO BSAT RESEARCH

The Select Agent Program’s regulations apply to all federal agencies and departments. Most of the federal agencies conducting or supporting BSAT research—including DOD and the military services, NIH, CDC, DOE, and USDA—currently have additional security-related policies or regulations in place beyond these requirements. At least some of the agencies require that the entities conducting BSAT research they fund via contracts and grants also apply these practices. This section contains a brief summary of these additional polices and regulations, based largely on information provided by the Executive Order (EO) Working Group on Strengthening the Biosecurity of the United States. After a brief recap of personnel reliability and physical security, the section is organized by agency.32

Physical Security and Personnel Reliability

Physical Security

Physical security programs are intended to prevent unauthorized access to BSAT materials. They are largely but not exclusively addressed to combating the outsider threat. Three common elements of physical security programs are: (a) access controls, which include security for the perimeter, points of entry, and the interior of the facility; (b) information systems control, which includes information technology, protection of infrastructure and hardware, assuring reliability of information technology personnel or vendors, and inventory protection; and (c) inventory controls, which includes managing and tracking both the BSAT materials and the data about them.

Personnel Reliability

A “personnel reliability program” (PRP) is the general term used to describe policies intended to ensure that individuals who are given access to BSAT materials are worthy of that trust. There may be many qualities that define a “reliable” employee; the NSABB, for example, concluded that trustworthy, responsible employees would:

  • Be free of felony convictions;
  • Have no domestic or international terrorist ties;
  • Have no history of scientific or professional misconduct in the workplace;
  • Possess emotional stability and capacity for sound judgment;
  • Have a positive attitude toward safety and security measures, and standard operating procedures; and
  • Be free of vulnerability to coercion (NSABB 2009).33

A PRP may apply in the pre-employment screening phase as part of the hiring process or to measures that apply while an individual is working or both. At hiring, applicants may be screened for drug or alcohol (ab)use; undergo medical examinations, psychological evaluations, credit checks, and reviews of past employment or service records; be required to take psychological tests or polygraph exams; and undergo background investigations, possibly including a formal security clearance process. Drug and alcohol screening might continue during employment, along with a range of mechanisms for continuous monitoring, including self-reporting and peer reporting and periodic updates of the checks and assessments done prior to hiring. A number of the personnel reliability programs carried out by federal agencies require various types of formal background investigations; these are described briefly in Box 2-2.

Box Icon

BOX 2-2

Types of Personnel Security Investigations. National Agency Check. The National Agency Check (NAC) consists of searches of the Security/Sustainability Investigation Index and the Defense Clearance and Investigations Index, as well as the FBI Identification (more...)

The federal Office of Personnel Management (OPM) currently conducts 90 percent of the suitability and security clearance investigations for 100 federal agencies, using approximately 9,000 investigators to conduct 2.2 million background investigations each year (Crowley 2009). Of these, approximately 750,000 are national security clearance investigations (GAO 2009b:1). The process for determining access to classified information rests on a series of executive orders dating back to the 1950s; the current process is based on EO 12968, issued in August 1995.34

Examples of Federal Agency Physical Security and Personnel Reliability Requirements

This section is intended to provide a sampling, agency by agency, of some of the additional provisions that federal agencies have put in place to increase security for BSAT materials beyond the requirements of the Select Agent Program. Some of the measures simply reflect the agency’s practice for many of its employees—such as requiring security clearances—and are not limited to those working with BSAT materials. Others, such as the Army’s Biological Surety Program, are specifically directed at BSAT research.

U.S. Department of Agriculture

USDA’s PRP policy covers personnel who work with BSAT at the BSL-3 level, with the extent of the background investigation determined by the level of risk. Continuous evaluation by managers and required self-reporting are part of the system. USDA employees have an employee assistance program in place to provide counseling services.

Agricultural Research Service (ARS) ARS policies regarding BSAT inventories are included in a USDA manual that sets out procedures for BSL-3 laboratories (USDA 2002). Three types of records are required for facilities to demonstrate proper accountability for BSAT materials. The first is the National Pathogen Inventory, a system that is intended to enable managers to determine quickly what pathogens are in use at their facility. The second requirement is for a detailed inventory of records, both current and historical, which must be retained for five years. Facilities are also expected to have a materials accountability program for experimental and working samples they maintain.

Department of Defense

DOD has a number of special instructions related to physical security, some across the military and others specific to individual services. The DOD personnel reliability program includes one kind of security clearance and background investigation for military personnel and contractors, the National Agency Check with Local Agency Check and Credit Check (NACLC), to confirm information supplied by applicants, in most cases going back seven years. DOD also has another, comparable process for federal civilian employees, the Access National Agency Check and Inquiries (ANACI). Reinvestigations are done every five years if a clearance is to be continued. Unlike the nuclear and chemical PRP programs, foreign nationals are allowed access in the biological PRP. Peer and self-reporting of any potentially disqualifying information are required.

As the Defense Science Board (DSB) report on the DOD biological safety and security program notes, DOD’s nuclear surety program has two categories for personnel in its workforce and each category is subject to different background investigations. “A critical position is someone who possesses both technical knowledge and access to the nuclear weapon/system (e.g., launch officers, maintenance personnel, etc.) and non-critical is an individual who possesses access but not technical knowledge (e.g., guard forces)” (DSB 2009:31; emphasis added).

Department of the Army The Army applies additional physical security measures to all of the BSAT laboratories and facilities it owns or controls. The same rules apply to the major Army commands, and to contractors who have received BSAT materials from DOD; the latter requirement caused some questions and concerns during the public consultations. Commenters suggested a formal vulnerability assessment for both outsider and insider threats, based on Army and DOD guidance. Rather than the site-specific plan required by the Select Agent Program, an extensive list of specific features, subject to annual review, is required for both the facility and the rooms and laboratories where BSAT work takes place under Army regulations. Two people are required to access reference stocks, for example, but there is no current requirement for cameras.

In the summer of 2008, the U.S. Army issued a new set of regulations governing personnel reliability: AR 50-1, the “Biological Surety” program (Department of the Army 2008). In addition to the security clearances required for those granted access to BSAT, AR 50-1 gives responsible officials substantial new discretion to deny or remove access. Some of the provisions, which describe factors well beyond those in the current SRA that would disqualify an individual access to BSAT, are potentially exceedingly expansive. For example, one can be disqualified for an “inappropriate attitude, conduct, or behavior” (Department of the Army 2008:10).

Department of Energy

Of the five DOE national laboratories that work with BSAT materials, all require elements of a PRP beyond what is required by the Select Agent Program. Polygraph examinations are not required, in contrast to DOE’s nuclear activities where individuals with access to certain kinds of highly classified information may be required to undergo polygraph testing. Different laboratories use one of two different programs, both of which include an annual medical exam and psychological evaluation, annual credit and criminal records checks, and various training components.

As part of its Worker Safety and Health Program outlined in 10 CFR 851, DOE sets out requirements for its contractors to maintain an inventory and to submit an annual report on its status to the contractor’s Institutional Biosafety Committee, which is also provided to the relevant DOE field and area offices. Copies of reports of transfers of BSAT materials, including notification when the transfer is complete, are also sent to the relevant DOE field office.

Department of Health and Human Services

National Institutes of Health The NIH Biological Surety Program covers all personnel who work in BSL-4 facilities and anyone who works in certain other designated facilities. These individuals must undergo a Collective Foreign Threats Assessment, which searches most of the databases used in the SRA and several others. The level of additional background investigation conducted is based on the sensitivity of the job responsibilities. For those working in designated facilities including BSL-4 laboratories, NIH may require a two-person rule or buddy system, although this is for occupational health and safety rather than security. On the job, continuous monitoring, self- and peer-reporting, training, and medical and behavioral health exams are required, although again the primary motive is safety.

Centers for Disease Control and Prevention CDC is currently developing a personnel screening program and monitoring program for all employees who work with or have access to BSAT that is expected to include an ANACI security clearance process, drug testing and occupational health screening, and self and peer-reporting.

Smallpox was declared eradicated in 1980, and in 1983, two centers—CDC and one in Russia—were authorized by the World Health Assembly as the sole entities able to house or conduct research on smallpox. The original plan was to destroy all remaining stocks after 10 years, but this was changed to create a standing World Health Organization (WHO) Advisory Committee on Variola Virus Research that monitors the state of all research, grants permission to conduct specific experiments, and reports to the World Health Assembly annually (IOM 2009:1-2; WHO 2008).

Department of Homeland Security

Although it does not have a formal PRP program, DHS already requires all employees to have a minimum of a Secret security clearance. The two DHS laboratories that work with BSAT materials—the Plum Island Animal Disease Center and NBACC—require drug screening for all potential employees. NBACC also requires a reliability screening by a senior laboratory manager, which includes personnel and medical information. Employees are required to report potentially disqualifying information.

REGULATIONS AND PRACTICES OUTSIDE THE UNITED STATES

Life sciences research is an increasingly global enterprise, including that involving BSAT materials (NRC 2006). A number of regional and international organizations have developed standards and practices that are relevant to the conduct of BSAT research. In addition, a number of countries have regulations and guidance that either govern work with BSAT materials directly or have an impact on how such work is conducted. What happens outside the United States needs to be considered because it may provide useful ideas or models. Moreover, international collaboration benefits from harmonized standards and practices.

The Geneva Protocol, the BWC, and UN Security Council Resolutions 1540 and 1810 were described earlier in this chapter. In addition, a number of formal and informal groups address parts of BSAT research.

International and Regional Activities

The Australia Group

The Australia Group (AG) is an informal forum of 40 countries and the European Commission that “through the harmonisation of export controls, seeks to ensure that exports do not contribute to the development of chemical or biological weapons.”35 The AG was formed in 1985 in response to a proposal from Australia to improve consultation over export controls on chemical weapons precursors after the use of chemical weapons in the Iran-Iraq War. Biological materials and equipment were included in the AG’s concerns in the early 1990s. The AG maintains “common control lists” for dual use biological equipment and related technology and software, biological agents, and plant and animal pathogens to provide the basis for encouraging standard national export licensing regulations.

European Committee for Standardization

The European Committee for Standardization/Comité Européen de Normalisation (CEN) is a private, nonprofit organization that seeks to promote the development of standards in order to reduce trade barriers, promote safety, allow interoperability of products, systems and services, and promote common technical understanding. “All standards help build the ‘soft infrastructure’ of modern, innovative economies. They provide certainty, references, and benchmarks for designers, engineers and service providers. They give ‘an optimum degree of order.’”36 Much of CEN’s effort is carried out through workshops that reach consensus on voluntary standards (called CEN Workshop Agreements) that can be applied internationally and do not have the force of regulation. In 2008, CEN published its International Laboratory Biorisk Management Standard (CEN 2008), whose goal “is to set requirements necessary to control risks associated with the handling or storage and disposal of biological agents and toxins in laboratories and facilities” (CEN 2008:8), with a “biorisk” defined as the “combination of the probability of occurrence of harm and the severity of that harm where the source of harm is a biological agent or toxin” (CEN 2008:9).37

World Health Organization

As mentioned earlier, the WHO published its most recent Biosafety Manual in 2004, which for the first time, contains a discussion of “biosecurity” (WHO 2004). To complement the manual, WHO published Biorisk Management: Laboratory Biosecurity Guidance in 2006, which attempts to “strike a balance” between longstanding biosafety practices and newer concepts of biosecurity by recommending a “biorisk management approach” to provide guidance to its member states in developing their own national approaches (WHO 2006:1). The WHO defined “biorisk” as the “probability or chance that a particular adverse event (in the context of this document: accidental infection or unauthorized access, loss, theft, misuse, diversion or intentional release), possibly leading to harm, will occur” (WHO 2006: iii).

National Regulations and Practices38

At present very few countries other than the United States have regulations in place governing either facilities or personnel, and for those that do—the United Kingdom (UK), France, Japan, Australia and Canada—the regulations are of recent vintage (i.e., since 2001). The exception is Germany, which has had regulations in place since 1900. Rather than attempt to describe various national practices in any detail, we offer some summary comments on the trends in various regulatory practices.

Personnel There is a wide variety among regulations addressing personnel reliability, ranging from strong local control to national registries. In the cases of local control, there is almost always a provision in the regulations that higher authorities should have access to personnel records upon request. Only the UK, Germany, and Australia appear to conduct personnel screening comparable to the SRA or security clearances. Canada has passed legislation creating the equivalent of security clearances for those working in BSL-4 laboratories, and Germany has the equivalent of security clearances for those working at the BSL-4 level already in place.

Facilities Unlike personnel, facilities are generally regulated at the national level. Such regulation takes many forms and may include requirements governing registration of specific activities. These types of regulations appear to be more common than those governing personnel, perhaps because of the prevalence of concerns with biosafety or genetically modified organisms (GMOs). In general, biosafety regulations are more common than those focused specifically on BSAT research.

A number of countries have tiers of regulations, requiring various levels of notification, authorization, record keeping, and so forth. Some countries require permission or licensing of facilities at a particular biosafety level, independent of the agents the facility may work with and store. Some form of registration or licensing of BSL-3 and -4 facilities is required in Germany, China, South Korea and Switzerland. There are also examples of stratification of the types of notifications and permissions required to work at various biosafety levels. In Switzerland, for example, the equivalent of BSL-2 research requires notifying the relevant authorities, while permission is required to work at the BSL-3 or -4 level. Japan has four tiers, ranging from internal record keeping at the lowest level to notification and then permission. Some activities are prohibited outright.

European countries have strict rules governing work with GMOs, which in many cases are more stringent than their rules governing pathogens. These rules tend to be focused on regulating facilities and setting standards for accounting for inventories. Since much of potential pathogen research would involve the use of recombinant DNA methods, however, the GMO regulations effectively cover a large portion of pathogen research as well.

Some countries regulate BSAT research via their regulations on biosafety risk levels. Germany, Canada, and Switzerland regulate personnel and/or facilities for all the agents designated as BSL-3 or BSL-4. Other countries regulate via lists of “select agents,” which vary in length and composition, and in what special requirements they impose upon listed agents. The lists range in size from Australia’s 22 to South Korea (32), France (37), Japan (51), and the UK (105).

SUMMARY

This chapter has provided background information on the origins and current operation of the Select Agent Program, additional requirements for personnel reliability and physical security that many federal agencies have applied to their own and, in some cases, their grant and contract BSAT research, and how the regulation of BSAT research is handled outside the United States. The committee drew on this information, as well as its own knowledge and experience, to develop a set of principles to guide formulation of its recommendations. Those principles are presented in the next chapter.

The Geneva Protocol’s formal title is the Protocol for the Prohibition of the Use in War of Asphyxiating, Poisonous or Other Gases, and of Bacteriological Methods of Warfare and the BWC treaty’s formal title is the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction. The United States signed the Geneva Protocol in 1925 but did not ratify it until 1975, at the same time the Senate ratified the BWC.

UNSCR 1810, passed in 2008, extended the mandate of UNSCR 1540 for an additional three years and urges states to complete its implementation (UN 2008).

The World Health Organization (WHO) also produces a Laboratory Biosafety Manual. The first edition was published in 1983, and the third was released in 2004.

The risk groups defined by the NIH Guidelines for Research Involving Recombinant DNA Molecules provide another classification of agents and toxins based on risk. See Box 5-1 for more information.

The latest edition of the WHO manual also includes information on “laboratory biosecurity,” which is defined as the “institutional and personal security measures designed to prevent the loss, theft, misuse, diversion or intentional release of pathogens and toxins” (WHO 2004:47).

On November 25, 1969, President Nixon issued National Security Decision Memorandum 35, which renounced the “use of lethal methods of bacteriological/biological warfare. The United States bacteriological/biological programs will be confined to research and development for defensive purposes (immunization, safety measures, et cetera)” (NSC 1969:2-3). The Memorandum stated, “This does not preclude research into those offensive aspects of bacteriological/biological agents necessary to determine what defensive measures are required” (NSC 1969:3). This order did not regulate possession of potentially dangerous pathogens, but instead focused on the purpose of the research. The BWC took a similar approach, as already noted.

“The purpose of registration was to control domestic transfers based upon a permitting system. A registered laboratory could legally transfer select agents only to another registered laboratory; some transfers were denied because of concerns about the adequacy of the facility proposed to receive the agent. Transfers to nonregistered laboratories were prohibited. Registration, however, was principally a matter of notification: a laboratory was obligated to notify relevant authorities of a transfer to another registered facility and that the transfer itself complied with applicable safety standards. Specific information about particular pathogens that the facility possessed did not have to be reported, not even if they were the subjects of extensive research, so long as they were not transferred. This was not intended to be a strict licensing system but merely a way of overseeing transfers and shipments of lethal pathogens” (NRC 2004a:75).

The United States had also weaponized some anti-crop agents, but they were not included in the initial list.

Bacillus anthracis is the bacterium that causes anthrax.

Agents that can affect both human and animals, called “overlap agents,” are listed in both the CDC and USDA lists.

Unless otherwise noted, this section is based on a briefing prepared for the committee by Robbin Weyant, Division of Select Agents and Toxins, Coordinating Office for Terrorism Prepared-ness and Emergency Response, Centers for Disease Control and Prevention, and Elizabeth Snyder, Criminal Justice Information Services, Federal Bureau of Investigation, and presented on June 29, 2009 (Weyant and Snyder 2009).

“An entity is defined as any government agency (federal, state, or local), academic institution, corporation, company, partnership, society, association, firm, sole proprietorship, or other legal entity. An entity is thus not limited to a single facility or to a single laboratory. An entity may possess one or multiple facilities, each facility containing one or multiple laboratories” (Gottron and Shea 2009:2). Clinical laboratories were granted a special exemption to permit them to legally isolate and identify (and thereby possess) select agents cultured from patients as part of the medical diagnostic process, even if they were not registered to possess select agents, and to handle those materials that were part of proficiency training. This was considered essential for medical diagnoses where there is no way to predict what disease a patient might have, thereby precluding the ability to register for specific select agents. The clinical laboratories, however, are mandated to destroy any select agents or transfer them to a registered laboratory that is permitted to possess them within specified periods, and they must also notify public health authorities whenever a select agent has been isolated and identified (Deminn 2007:547).

The government facilities are presumed to have equivalent security procedures in place.

According to several accounts of the creation of the USA PATRIOT Act, including those at the public consultation for the Executive Order Working Group on Strengthening the Biosecurity of the United States, the list of disqualifying factors was based on those in the Brady Handgun Violence Prevention Act (Public Law 103–159, November 30, 1993), on the principle that anyone who would not be allowed to own a handgun should not be permitted access to dangerous pathogens.

“Adjudicated as a mental defective. (a) A determination by a court, board, commission, or other lawful authority that a person, as a result of marked subnormal intelligence, or mental illness, incompetency, condition, or disease: (1) Is a danger to himself or to others; or (2) Lacks the mental capacity to contract or manage his own affairs. (b) The term shall include (1) A finding of insanity by a court in a criminal case; and (2) Those persons found incompetent to stand trial or found not guilty by reason of lack of mental responsibility pursuant to articles 50a and 72b of the Uniform Code of Military Justice, 10 USC 850a, 876b” (27 CFR 478.11). See Chapter 4 for further discussion.

At the time the SRA was developed, there were seven countries on the list, the four current ones and Iraq, Libya, and North Korea.

Foreign nationals who possess unique skills or knowledge can obtain special security clearances that provide limited access for specific purposes.

This section defines “Federal crimes of terrorism.”

This section refers to persons who engage in clandestine intelligence activities on behalf of a foreign government or in support of a foreign group that engages in international terrorism or preparations for it.

One of the questions on the application is “Have you ever been adjudicated as a mental defective or been committed to any mental institution?” For anyone who answers “yes,” “a complete copy of medical records regarding the commitment will be required.” This is designed to address the difficulties of obtaining such records, which are largely held by states and may be subject to significant privacy restrictions under state or federal law.

The Triple I contains arrest records for serious offenses from all states and territories, as well as from federal and international criminal justice agencies.

“Of current federal prisoners, 55 percent are serving time for drug offenses” (Washington Post 2009).

By comparison, in most cases the transfer of security clearances can be done between the home and host institution without formal permission of the agency that issued the clearance, in part because security officers at these institutions have access to secure databases to verify the clearances.

Under current regulations, entities that do not at any time have more than the following aggregate amounts of a toxin (in the purified form or in combinations of pure and impure forms) under the control of a principal investigator are excluded from requirements of the regulation: abrin (100 mg), botulinum neurotoxin (0.5 mg), Clostridium perfringens epsilon toxin (100 mg), conotoxins (100 mg), diacetoxyscirpenol (1,000 mg), ricin (100 mg), saxitoxin (100 mg), shiga-like ribosome inactivating proteins (100 mg), shigatoxin (100 mg), staphylococcal enterotoxin (5 mg), tetrodotoxin (100 mg), and T-2 (1,000 mg) <http://www​.selectagents​.gov/Permissible%20Toxin%20Amounts​.html>.

Most academic research laboratories that conduct non-select agent research are BSL-1, BSL-2, and BSL-3 facilities.

The LRN also includes federal, military, environmental, veterinary, and food-testing laboratories. See <http://www​.bt.cdc.gov/lrn/factsheet.asp> for more information.

This section is drawn in large part from Congressional testimony given by CDC official Richard E. Besser (2007).

The checklists can be found at <http://www​.selectagents.gov/>.

As of December 19, 2008, APHIS had referred 36 entities to APHIS-IES for violation of the select agent regulations. APHIS-IES had levied $109,250 in civil monetary penalties against seven of the entities. As of early September 2009, the HHS OIG had reported a total of $1,997,000 in fines levied against 13 organizations for failure to comply with various aspects of the select agent regulations (see <http://oig​.hhs.gov/fraud​/enforcement/cmp/agents_toxins.asp> for descriptions of the cases). HHS and USDA have not referred any violations of the select agent regulations to DOJ for criminal prosecution.

A definition of “long-term storage” can be found at <http://www​.selectagents​.gov/LongTermStorage.html>. See Box 5-2 for required elements in inventory records.

The section does not address issues related to transportation, which the committee has decided not to include in its report.

The report goes on to say that: “The NSABB considers these to be reasonable characteristics for individuals with access to select agents and toxins. It found, however, that some of the characteristics were exceedingly difficult to measure in any objective way and that it was unclear whether these characteristics were suitable surrogates (or predictors) for not posing an insider threat. Furthermore, as it considered the potential utility of the various assessments commonly utilized in PRPs, it found little evidence to suggest that personnel reliability assessments going beyond the SRA and other institutional background checks that are already in place would correlate with, or effectively identify, an insider threat. In addition, as was the case with the optimal personnel characteristics, there were no objective criteria for translating the information gathered from a given assessment into a determination of reliability” (NSABB 2009:8).

In June 2008, President George W. Bush issued EO 13467, which was intended to “ensure an efficient, practical, reciprocal, and aligned system for investigating and determining suitability for Government employment, contractor employee fitness, and eligibility for access to classified information” (White House 2008). This EO set in motion a number of reforms, but these are beyond the scope of this study.

For further information see the AG website at <http://www​.australiagroup.net/>.

For further information, see the CEN website at <http://www​.cen.eu/cenorm​/aboutus/benefits/>.

“The source of harm may be an unintentional exposure, accidental release or loss, theft, misuse, diversion, unauthorized access or intentional unauthorized release.”

This section draws on the research undertaken by Dr. Robert Butera, a professor of Bio-engineering and Computer Engineering at the Georgia Institute of Technology while serving as a Jefferson Science Fellow with the Department of State in 2008–2009. The material was contributed by the EO Working Group.

Footnotes

1

The Geneva Protocol’s formal title is the Protocol for the Prohibition of the Use in War of Asphyxiating, Poisonous or Other Gases, and of Bacteriological Methods of Warfare and the BWC treaty’s formal title is the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction. The United States signed the Geneva Protocol in 1925 but did not ratify it until 1975, at the same time the Senate ratified the BWC.

2

UNSCR 1810, passed in 2008, extended the mandate of UNSCR 1540 for an additional three years and urges states to complete its implementation (UN 2008).

3

The World Health Organization (WHO) also produces a Laboratory Biosafety Manual. The first edition was published in 1983, and the third was released in 2004.

4

The risk groups defined by the NIH Guidelines for Research Involving Recombinant DNA Molecules provide another classification of agents and toxins based on risk. See Box 5-1 for more information.

5

The latest edition of the WHO manual also includes information on “laboratory biosecurity,” which is defined as the “institutional and personal security measures designed to prevent the loss, theft, misuse, diversion or intentional release of pathogens and toxins” (WHO 2004:47).

6

On November 25, 1969, President Nixon issued National Security Decision Memorandum 35, which renounced the “use of lethal methods of bacteriological/biological warfare. The United States bacteriological/biological programs will be confined to research and development for defensive purposes (immunization, safety measures, et cetera)” (NSC 1969:2-3). The Memorandum stated, “This does not preclude research into those offensive aspects of bacteriological/biological agents necessary to determine what defensive measures are required” (NSC 1969:3). This order did not regulate possession of potentially dangerous pathogens, but instead focused on the purpose of the research. The BWC took a similar approach, as already noted.

7

“The purpose of registration was to control domestic transfers based upon a permitting system. A registered laboratory could legally transfer select agents only to another registered laboratory; some transfers were denied because of concerns about the adequacy of the facility proposed to receive the agent. Transfers to nonregistered laboratories were prohibited. Registration, however, was principally a matter of notification: a laboratory was obligated to notify relevant authorities of a transfer to another registered facility and that the transfer itself complied with applicable safety standards. Specific information about particular pathogens that the facility possessed did not have to be reported, not even if they were the subjects of extensive research, so long as they were not transferred. This was not intended to be a strict licensing system but merely a way of overseeing transfers and shipments of lethal pathogens” (NRC 2004a:75).

8

The United States had also weaponized some anti-crop agents, but they were not included in the initial list.

9

Bacillus anthracis is the bacterium that causes anthrax.

10

Agents that can affect both human and animals, called “overlap agents,” are listed in both the CDC and USDA lists.

11

Unless otherwise noted, this section is based on a briefing prepared for the committee by Robbin Weyant, Division of Select Agents and Toxins, Coordinating Office for Terrorism Prepared-ness and Emergency Response, Centers for Disease Control and Prevention, and Elizabeth Snyder, Criminal Justice Information Services, Federal Bureau of Investigation, and presented on June 29, 2009 (Weyant and Snyder 2009).

12

“An entity is defined as any government agency (federal, state, or local), academic institution, corporation, company, partnership, society, association, firm, sole proprietorship, or other legal entity. An entity is thus not limited to a single facility or to a single laboratory. An entity may possess one or multiple facilities, each facility containing one or multiple laboratories” (Gottron and Shea 2009:2). Clinical laboratories were granted a special exemption to permit them to legally isolate and identify (and thereby possess) select agents cultured from patients as part of the medical diagnostic process, even if they were not registered to possess select agents, and to handle those materials that were part of proficiency training. This was considered essential for medical diagnoses where there is no way to predict what disease a patient might have, thereby precluding the ability to register for specific select agents. The clinical laboratories, however, are mandated to destroy any select agents or transfer them to a registered laboratory that is permitted to possess them within specified periods, and they must also notify public health authorities whenever a select agent has been isolated and identified (Deminn 2007:547).

13

The government facilities are presumed to have equivalent security procedures in place.

14

According to several accounts of the creation of the USA PATRIOT Act, including those at the public consultation for the Executive Order Working Group on Strengthening the Biosecurity of the United States, the list of disqualifying factors was based on those in the Brady Handgun Violence Prevention Act (Public Law 103–159, November 30, 1993), on the principle that anyone who would not be allowed to own a handgun should not be permitted access to dangerous pathogens.

15

“Adjudicated as a mental defective. (a) A determination by a court, board, commission, or other lawful authority that a person, as a result of marked subnormal intelligence, or mental illness, incompetency, condition, or disease: (1) Is a danger to himself or to others; or (2) Lacks the mental capacity to contract or manage his own affairs. (b) The term shall include (1) A finding of insanity by a court in a criminal case; and (2) Those persons found incompetent to stand trial or found not guilty by reason of lack of mental responsibility pursuant to articles 50a and 72b of the Uniform Code of Military Justice, 10 USC 850a, 876b” (27 CFR 478.11). See Chapter 4 for further discussion.

16

At the time the SRA was developed, there were seven countries on the list, the four current ones and Iraq, Libya, and North Korea.

17

Foreign nationals who possess unique skills or knowledge can obtain special security clearances that provide limited access for specific purposes.

18

This section defines “Federal crimes of terrorism.”

19

This section refers to persons who engage in clandestine intelligence activities on behalf of a foreign government or in support of a foreign group that engages in international terrorism or preparations for it.

20

One of the questions on the application is “Have you ever been adjudicated as a mental defective or been committed to any mental institution?” For anyone who answers “yes,” “a complete copy of medical records regarding the commitment will be required.” This is designed to address the difficulties of obtaining such records, which are largely held by states and may be subject to significant privacy restrictions under state or federal law.

21

The Triple I contains arrest records for serious offenses from all states and territories, as well as from federal and international criminal justice agencies.

22

“Of current federal prisoners, 55 percent are serving time for drug offenses” (Washington Post 2009).

23

By comparison, in most cases the transfer of security clearances can be done between the home and host institution without formal permission of the agency that issued the clearance, in part because security officers at these institutions have access to secure databases to verify the clearances.

24

Under current regulations, entities that do not at any time have more than the following aggregate amounts of a toxin (in the purified form or in combinations of pure and impure forms) under the control of a principal investigator are excluded from requirements of the regulation: abrin (100 mg), botulinum neurotoxin (0.5 mg), Clostridium perfringens epsilon toxin (100 mg), conotoxins (100 mg), diacetoxyscirpenol (1,000 mg), ricin (100 mg), saxitoxin (100 mg), shiga-like ribosome inactivating proteins (100 mg), shigatoxin (100 mg), staphylococcal enterotoxin (5 mg), tetrodotoxin (100 mg), and T-2 (1,000 mg) <http://www​.selectagents​.gov/Permissible%20Toxin%20Amounts​.html>.

25

<http://www​.selectagents.gov/>.

26

Most academic research laboratories that conduct non-select agent research are BSL-1, BSL-2, and BSL-3 facilities.

27

The LRN also includes federal, military, environmental, veterinary, and food-testing laboratories. See <http://www​.bt.cdc.gov/lrn/factsheet.asp> for more information.

28

This section is drawn in large part from Congressional testimony given by CDC official Richard E. Besser (2007).

29

The checklists can be found at <http://www​.selectagents.gov/>.

30

As of December 19, 2008, APHIS had referred 36 entities to APHIS-IES for violation of the select agent regulations. APHIS-IES had levied $109,250 in civil monetary penalties against seven of the entities. As of early September 2009, the HHS OIG had reported a total of $1,997,000 in fines levied against 13 organizations for failure to comply with various aspects of the select agent regulations (see <http://oig​.hhs.gov/fraud​/enforcement/cmp/agents_toxins.asp> for descriptions of the cases). HHS and USDA have not referred any violations of the select agent regulations to DOJ for criminal prosecution.

31

A definition of “long-term storage” can be found at <http://www​.selectagents​.gov/LongTermStorage.html>. See Box 5-2 for required elements in inventory records.

32

The section does not address issues related to transportation, which the committee has decided not to include in its report.

33

The report goes on to say that: “The NSABB considers these to be reasonable characteristics for individuals with access to select agents and toxins. It found, however, that some of the characteristics were exceedingly difficult to measure in any objective way and that it was unclear whether these characteristics were suitable surrogates (or predictors) for not posing an insider threat. Furthermore, as it considered the potential utility of the various assessments commonly utilized in PRPs, it found little evidence to suggest that personnel reliability assessments going beyond the SRA and other institutional background checks that are already in place would correlate with, or effectively identify, an insider threat. In addition, as was the case with the optimal personnel characteristics, there were no objective criteria for translating the information gathered from a given assessment into a determination of reliability” (NSABB 2009:8).

34

In June 2008, President George W. Bush issued EO 13467, which was intended to “ensure an efficient, practical, reciprocal, and aligned system for investigating and determining suitability for Government employment, contractor employee fitness, and eligibility for access to classified information” (White House 2008). This EO set in motion a number of reforms, but these are beyond the scope of this study.

35

For further information see the AG website at <http://www​.australiagroup.net/>.

36

For further information, see the CEN website at <http://www​.cen.eu/cenorm​/aboutus/benefits/>.

37

“The source of harm may be an unintentional exposure, accidental release or loss, theft, misuse, diversion, unauthorized access or intentional unauthorized release.”

38

This section draws on the research undertaken by Dr. Robert Butera, a professor of Bio-engineering and Computer Engineering at the Georgia Institute of Technology while serving as a Jefferson Science Fellow with the Department of State in 2008–2009. The material was contributed by the EO Working Group.

Copyright © 2009, National Academy of Sciences.
Bookshelf ID: NBK44957
PubReader format: click here to try

Views

  • PubReader
  • Print View
  • Cite this Page
  • PDF version of this title (934K)
  • Disable Glossary Links

Recent Activity

Your browsing activity is empty.

Activity recording is turned off.

Turn recording back on

See more...