Anthrax Case Raises Doubt On Security
Gaps in Lab Safeguards Prompt Calls for Investigations

By Nelson Hernandez and Philip Rucker
Washington Post Staff Writers
Friday, August 8, 2008

Revelations about anthrax scientist Bruce E. Ivins's mental instability have exposed what congressional leaders and security experts call startling gaps in how the federal government safeguards its most dangerous biological materials, even as the number of bioscience laboratories has grown rapidly since the 2001 terror attacks.

An estimated 14,000 scientists and technicians at about 400 institutions have clearances to access viruses and bacteria such as the Bacillus anthracis used in the anthrax attacks, but security procedures vary by facility, and oversight of the labs is spread across multiple government agencies.

Screening for the researchers handling some of the world's deadliest germs is not as strict as that for national security jobs in the FBI and CIA, federal officials said.

In Ivins's case, the microbiologist expressed homicidal thoughts to a therapist eight years ago and grappled with mental health problems long before he emerged as the FBI's lead suspect in the 2001 anthrax attacks. But his comments never came up in security and medical screenings at the Army lab where he worked.

"The system is supposed to catch and report that sort of information," said Jeffrey Adamovicz, who supervised Ivins at the Army's Medical Research Institute of Infectious Diseases in Frederick. "I had never heard of any of this before. His previous supervisor had never heard of any of this before. His current supervisor had never heard of any of this before."

The case sparked calls yesterday in Congress for investigations into whether the labs are physically secure and whether too many scientists have been granted clearances to handle deadly biological agents.

"I think we need to tighten up the procedures," Rep. Jane Harman (D-Calif.), chairman of a House Homeland Security subcommittee, said in an interview. "It surely seems as though [Ivins] was a troubled man and something should have picked this up earlier. He should have been rescreened and reevaluated in terms of his ability to have the access that he had."

Sen. Susan M. Collins (R-Maine), the ranking member of the Senate's Homeland Security committee, said in a statement that the Ivins case "raises serious questions about the effectiveness" of lab security.

More than a year before the anthrax attacks, Ivins told a counselor that he was interested in a young woman who lived out of town and that he had "mixed poison" that he took with him when he went to watch her play in a soccer match, the counselor said in an interview Wednesday.

Even though the therapist told police and Ivins's one-time psychiatrist, Ivins continued to have unfettered lab access at Fort Detrick, where he worked for more than 28 years before committing suicide last week. His bosses were apparently unaware of his e-mails and online postings fixating on the Kappa Kappa Gamma sorority, complaints of mental disturbances, an unusual poem hinting at a double life, and suggestions of substance abuse.

Before the anthrax attacks, Ivins and his colleagues at USAMRIID received regular background and medical checks, said Caree Vander Linden, the institute's spokeswoman. She did not know how often these checks occurred, though security risk assessments are now valid for five years. Medical screenings were done every year by base doctors, she said, but she did not know whether they included psychological evaluations or drug tests, both of which have been added after the attacks.

After 2001, labs at Fort Detrick were subject to random inspections by an "elite roving observer force," then constant video surveillance. Ivins and others were required to enroll in a "personnel reliability program," which relies on scientists and technicians to self-report anything unusual, even something as minor as taking cold medicine. Co-workers are required to report abnormal behavior or risk losing their security clearances.

Yet none of these measures stopped Ivins from working in his lab until November 2007, when his access was revoked, Vander Linden said. Medical privacy laws forbid her to discuss what ended his access, she said, though former colleagues have said they believe he was banned from the lab in connection with the FBI investigation.

Neither Vander Linden nor Ivins's colleagues could explain how the mental troubles outlined in FBI documents released Wednesday went unnoticed for so long.

"It's just incongruous with the individual that I knew," said Kathleen Carr, a former USAMRIID scientist who worked with Ivins and helped develop the institute's new security measures.

For the 14,000 scientists with clearances to work with "select biological agents" such as Bacillus anthracis -- many of them civilians working at private universities -- the security regulations are remarkably lax, some experts said.

An individual is denied clearance if he or she has been committed to a mental institution or charged with a federal crime, according to the "select agent" security clearance program operated by the Centers for Disease Control and Prevention and the Department of Agriculture, in concert with the Justice Department. Also denied clearance are individuals who are involved in any terrorist group, are engaged in intentional acts of violence or are agents of a foreign power.

"They would not, for example, exclude a person who is a radical white supremacist," said Richard H. Ebright, a Rutgers University professor who closely follows lab security protocols. "They would not, for example, exclude a person who is a radical Islamist. They would not, for example, exclude a person who has homicidal tendencies or even a person diagnosed with having a sociopathic personality."

Richard Besser, a director at the CDC who oversees the select agent security assessments, said the background checks for lab scientists are not as stringent as screenings for other federal agencies.

"The select agent program has, I think, led to major improvements in lab security and safety, but it's highly unlikely that we're ever going to be able to fully prevent someone from doing harm with a biological agent if they're really intent on causing harm and they have the know-how," Besser said.

The number of labs equipped to handle biological agents has increased dramatically since Sept. 11, 2001. Before then, there were only five "biosafety level 4" labs -- places equipped to study highly lethal agents such as Ebola that have no human vaccine or treatment -- a Government Accountability Office report stated last fall. Fifteen are in operation or under construction now, according to the report. There are hundreds more biosafety level 3 labs, which handle agents such as Bacillus anthracis, which does have a human vaccine.

In inspecting the 400 biosafety level 3 and 4 labs, the government has numerous security guidelines, but its only legal requirement is that the laboratory doors have locks, Ebright said.

"This is less security than at your local McDonald's or your local convenience store, which does have video surveillance," he said.

The Ivins case is not the first to highlight security lapses in the nation's labs. In 2006, at Texas A&M University, a lab worker unknowingly was exposed to the highly infectious agent brucella while cleaning an aerosol chamber, and campus authorities neglected to report the incident to the CDC as required. A subsequent CDC investigation revealed that the university was not authorized to aerosolize brucella and allowed unauthorized access to toxins and other protocol violations, according to the GAO report.

At the National Institutes of Health, most of the dangerous viral and bacterial agents are confined to one building on the Bethesda campus. That facility is monitored by video surveillance and guards. Scientists are not allowed to work in such laboratories alone, and alarms sound when an employee enters an unauthorized area.

Some institutions have been reluctant to adopt tighter scrutiny. At the University of Texas in Austin, which has two level 3 labs, Harold Davis, an associate vice president who oversaw security compliance, said he resigned in June because the university's faculty and administrators resisted federal security guidelines.

Even at Fort Detrick, there was resistance to tighter security, Carr, the former USAMRIID scientist, and three others wrote in a 2004 paper for a biosecurity journal. Roving patrols inspecting scientists' work could be perceived as an "intrusive and unwelcome presence," the paper said.

Besser, of the CDC, said it is difficult to strike a balance between necessary safeguards and an overly stringent work environment for scientists.

"The line that we end up drawing is probably one that leaves no one happy," he said. "Those who favor the most rigorous lab security will say it's not enough, and those who are doing their research will say it's too much."

View all comments that have been posted about this article.

© 2008 The Washington Post Company