Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 73
Responsible Research with Biological Select Agents and Toxins 4 Issues Related to Personnel Reliability INTRODUCTION For those concerned about the security of laboratories conducting research with biological select agents and toxins (BSAT), personnel issues are among the most difficult and controversial. Many of the proposals and new policies that followed from the July 2008 conclusion by the Federal Bureau of Investigation (FBI) that Bruce Ivins, a longtime employee at the U.S. Army Medical Research Institute of Infectious Disease, was responsible for the 2001 anthrax attacks focused on how to be more proactive in order to prevent another such incident by identifying individuals who may pose a threat before they can act. For example, much of the time and attention of the Executive Order (EO) Working Group on Strengthening the Biosecurity of the United States and its public consultations and site visits were devoted to the challenge of how the nation could guard against such threats. In fact, several of the reports offered in response or related to the EO process focused only on personnel issues (NSABB 2009; AAAS 2009; Leduc et al. 2009). This committee’s charge includes both personnel reliability issues and physical security. But because current practices and the prospect of additional measures related to personnel assurance have caused so much anxiety about the impact of the measures on the ability to attract and retain high-quality research and technical personnel and conduct the best science, the committee has devoted an entire chapter to these specific issues. The first part of this chapter discusses screening, that is, the process of identifying whether or not someone should be eligible to have access to BSAT materials. The second part of the chapter, recognizing that individuals accused or convicted in a number of major U.S. terrorism and espionage cases had already passed the screening phase, addresses how one might monitor employee
OCR for page 74
Responsible Research with Biological Select Agents and Toxins behavior and performance and manage the workplace to reduce the risk of an insider either carrying out thefts or sabotage or acting to assist others. SCREENING Introduction Personnel screening seeks to identify individuals who may pose a potential security risk as early as possible, ideally prior to hiring. Identifying security risks can be considered part of the broader challenge of hiring competent, trustworthy, and reliable employees, and most organizations have a selection procedure to identify education and training, competencies, aptitude, and experience among potential employees.1 Many private- and public-sector organizations also conduct background checks to identify (in)appropriate actions or to assess personal qualities that are considered desirable or necessary for effective job performance. As discussed in this section, screening for security risks poses special issues. The current screening process for individuals to work in facilities conducting BSAT research is based on identifying any of a set of disqualifying behaviors/activities that would automatically and permanently deny a person access (see Chapter 2 for additional details). Most of the policy discussions about the current Security Risk Assessment (SRA) screening process focus on four issues: the adequacy of the information used to assess individual applicants; the necessity to make changes in the types of information collected as part of the background checks; the need to make changes in the way the current SRA process makes decisions about granting access; and 1 “Selection procedures refer to any procedure used singly or in combination to make a personnel decision including, but not limited to, paper-and-pencil tests, computer-administered tests, performance tests, work samples, inventories (e.g., personality, interest), projective techniques, polygraph examinations, individual assessments, assessment center evaluations, biographical data forms or scored application blanks, interviews, educational requirements, experience requirements, reference checks, background investigations, physical requirements (e.g., height or weight), physical ability tests, appraisals of job performance, computer-based test interpretations, and estimates of advancement potential. These selection procedures include methods of measurement that can be used to assess a variety of individual characteristics that underlie personnel decision making” (SIOP 2003:3). “The essential principle in the evaluation of any selection procedure is that evidence be accumulated to support an inference of job relatedness. Selection procedures are demonstrated to be job related when evidence supports the accuracy of inferences made from scores on, or evaluations derived from, those procedures with regard to some important aspect of work behavior (e.g., quality or quantity of job performance, performance in training, advancement, tenure, termination, or other organizationally pertinent behavior)” (SIOP 2003:4).
OCR for page 75
Responsible Research with Biological Select Agents and Toxins the possibility of adding additional forms of screening, in particular various types of psychological tests. It is vital to acknowledge the formidable challenges posed by screening individuals for potential security concerns. The proportion of the population of job candidates who represent true security risks is unknown, but likely to be very small. This low base rate makes it difficult to detect true threats because “screening in populations with very low rates of the target transgressions (e.g., less than 1 in 1,000) requires diagnostics of extremely high accuracy” (NRC 2003:5), and these do not exist for the problems we are trying to address (or for many others). There is no way to escape the risk that good candidates will be screened out in order to detect a small number of people who pose genuine threats to security. This is not a new issue and, as discussed in Chapter 2, the U.S. government attempts to address this dilemma through a number of approaches aimed at assuring personnel reliability. Efforts at screening for rare individuals or behaviors will therefore inevitably struggle with concerns about either failing to identify someone who has the disqualifying background or behavior or identifying someone as having disqualifying background or behavior when she or he does not. These two concerns are inversely related: the more one tries to avoid letting a security risk get through the screening, the more one increases the number of innocent individuals who will “fail” the test. The 2003 National Research Council (NRC) study The Polygraph and Lie Detection illustrates the difficult trade-offs facing policymakers with the example of a polygraph screening exam with an accuracy index of 0.90 for a hypothetical population of 10,000 government employees that includes 10 spies: If the test were set sensitively enough to detect about 80 percent or more of deceivers, about 1,606 employees or more would be expected [to] “fail” the test; further investigation would be needed to separate the 8 spies from the 1,598 loyal employees caught in the screen. If the test were set to reduce the numbers of false alarms (loyal employees who “fail” the test) to about 40 of 9,990, it would correctly classify over 99.5 percent of the examinees, but among the errors would be 8 of the 10 hypothetical spies, who could be expected to “pass” the test and so would be free to cause damage. (NRC 2003:6) In addition to the general dilemma of such trade-offs, the impact of unnecessarily excluding someone who does not introduce a security risk poses a special problem for the technical and research personnel in the BSAT workforce. If there is a large pool of potentially qualified applicants, a manager could decide that she or he can “afford” to incorrectly exclude someone who is in fact qualified because there are many others from whom to choose. (Even if the employer is not affected, “failing” the test could have harmful conse-
OCR for page 76
Responsible Research with Biological Select Agents and Toxins quences for the innocent individual involved, especially if there is a risk of any lasting career impact.) But tangible costs may be incurred when highly skilled workers are incorrectly excluded from consideration. Because there may be a relatively small number of qualified candidates, especially for senior research positions, turning away a good candidate will entail at least the costs of finding a replacement, if one even exists. Moreover, SRA screening will only take place after an individual has been selected for other reasons. Even graduate students considering work with BSAT materials have already been selected for advanced study because of other, desirable characteristics and have undergone significant periods of training. In addition, difficulties during the screening process may also create a disgruntled applicant who may continue to be part of a relatively small specialized research community. Experts in personnel screening have long been concerned with the challenge that a system applicants find too intrusive or unfair could make even successful applicants feel the selection process is unjust, creating negative feelings or attitudes that could ironically contribute to someone’s becoming disgruntled and potentially susceptible to the very behavior screening is intended to prevent (Murphy 2009). Although there does not appear to be clear empirical evidence that screening systems actually affect the subsequent behavior of selected applicants (Sackett and Lievens 2008:438), the perception of the research community should be considered in designing screening procedures for those working with BSAT materials. Finally, the Society for Industrial and Organizational Psychology (SIOP) has recognized a potential negative consequence from the use of testing—creating complacency or a false sense of security—that could apply to any form of screening. Testing may prompt institutions to relax other procedures, for example to reduce theft, because they believe the threat to have been eliminated: An organization that introduces an integrity test to screen applicants may assume that this selection procedure provides an adequate safeguard against employee theft and will discontinue use of other theft-deterrent methods (e.g., video surveillance). In such an instance, employee theft might actually increase after the integrity test is introduced and other organizational procedures are eliminated. Thus, the decisions subsequent to the introduction of the test may have had an unanticipated, negative consequence on the organization. (SIOP 2003:7) With this brief introduction to the challenges of screening for security risks, the next two sections consider (1) the current SRA and whether changes to either the disqualifying background/activities or the operation of the process is warranted; and (2) whether other screening methods, in particular testing, would add to the confidence that one could identify problematic potential employees.
OCR for page 77
Responsible Research with Biological Select Agents and Toxins Identifying Individuals with Backgrounds or Activities That Could Pose a Risk Issues with the Current SRA The committee considered the appropriateness of current criteria included in the SRA as disqualifying factors2 and whether changes should be made to the implementation of the screening process (see Chapter 2 for a description of the current SRA). The very small number of rejections and appeals reported by the Select Agent Program—192 rejections out of a total of 31,349 applications processed and 58 appeals, of which 22 resulted in the denial being overturned3—can be interpreted either that the screening is not restrictive enough, allowing potential risks to gain access to BSAT facilities, or as effective institutional pre-employment screening that weeds out those ineligible for access to BSAT materials prior to the SRA process. Without baseline information about the actual number of high-risk candidates, there is no empirical basis for using these rejection rate data to infer that the process is flawed. Before offering its assessment of the current SRA, the committee notes the need for the Select Agent Program to clarify what constitutes some of the background/activities considered disqualifying factors. The public consultations held by both the National Science Advisory Board for Biosecurity (NSABB) and the EO Working Group revealed a substantial lack of understanding of how issues related to sexual orientation and mental health are addressed by the SRA. This confusion appears to be increasing the concern of the research community about whether the criteria are appropriate. Contrary to the expressed concern, however, individuals who are separated from the armed services as a result of the current “don’t ask, don’t tell” policy or because of personality disorders that, with proper medication and/or treatment, could permit effective 2 Under the USA PATRIOT Act a “restricted person,” that is, someone permanently disqualified to work in a BSAT facility, is under indictment for a crime punishable by imprisonment for a term exceeding one year, has been convicted in any court of a crime punishable by imprisonment for a term exceeding one year, is a fugitive from justice, is an unlawful user of any controlled substance (as defined in section 102 of the Controlled Substances Act (21 USC 802)), is an alien illegally or unlawfully in the United States, has been adjudicated as a mental defective or has been committed to any mental institution, is an alien (other than an alien lawfully admitted for permanent residence) who is a national of a country that has repeatedly provided support for acts of international terrorism, or has been discharged from the Armed Services of the United States under dishonorable conditions. The Bioterrorism Preparedness Act added prohibitions for any person reasonably suspected by any federal law enforcement or intelligence agency of committing a crime specified in 18 USC 2332b(g)(5) [a “federal crime of terrorism”], having a knowing involvement with an organization that engages in domestic or international terrorism (as defined in 18 USC 2331) or with any other organization that engages in intentional crimes of violence, or being an agent of a foreign power (as defined in 50 USC 1801). 3 These data were provided by Julia Kiehlbauch from the Agriculture Select Agent Program on behalf of the Animal and Plant Health Inspection Service, Centers for Disease Control and Prevention, and FBI.
OCR for page 78
Responsible Research with Biological Select Agents and Toxins functioning in a nonmilitary setting, would not receive dishonorable discharges unless they committed offenses that resulted in conviction by a court marshal.4 The restriction on an individual who “has been adjudicated as a mental defective or has been committed to any mental institution” also raised concern in the public consultations. However, the SRA does not affect people who, for example, are: (1) suffering from problems such as bipolar disorder or forms of depression; (2) voluntarily undergoing mental health treatment; or (3) have been voluntarily hospitalized for mental health problems in the past.5 The committee believes the Select Agent Program can help reduce these concerns by providing more specific guidance about what is meant by these terms and perhaps by including clarification on the SRA form itself.6 In making its assessments, the committee considered how the SRA compares with other basic security and suitability screening carried out by the federal government. The broader context is important for understanding the committee’s conclusions and recommendation; it seems reasonable, for example, to ask how the SRA compares to a process that enables 2.4 million people to have access to various levels of classified information (GAO 2009b).7 Although the committee did not have time to conduct a thorough review of processes in all parts of the government that affect scientists, there could be important lessons or cautionary tales from the long experience in several areas, such as the nuclear weapons laboratories or the National Security Agency, which carries out research in cryptography. As described in Chapter 2, the committee did consider personnel security requirements beyond the SRA that various federal agencies have adopted for their staff and, sometimes, for their contractors and grantees. Potential Changes to the Current SRA Of the various changes to the current SRA discussed in the public consultations and assessments of the program to which the committee had access (e.g., NSABB 2009; DSB 2009), four particular issues garnered enough attention that the committee decided to address them. Adding Additional Databases to the Current Screening One question that has arisen in policy discussions is whether the FBI, which carries out the back- 4 See a report by the Congressional Research Service (Burrelli 2009) for discussion of discharge policies related to “don’t ask, don’t tell.” 5 However restrictive the definition, it still goes against much current thinking among medical health professionals not to treat someone who has suffered from a severe mental disorder and been successfully treated as permanently disabled or, in this case, permanently ineligible. 6 The NSABB also recommends clarifying the mental health issues in its report (NSABB 2009:12). 7 This figure, which does not include individuals who work in some areas of national intelligence, has declined from an estimated 3.2 million people who held security clearances in 1993.
OCR for page 79
Responsible Research with Biological Select Agents and Toxins ground checks for the SRA, is taking advantage of all the appropriate databases to which it has access. (Chapter 2 contains a list and discussion of the databases currently being used.) Discussion among the members of the committee, including several who have experience with the databases used for this type of screening, consultation with a number of outside experts, including in a public session during the committee’s second meeting devoted to federal security and suitability screening practices, and public discussion about these issues suggested that the SRA may be consulting even more databases than those in the routine federal security clearance process. Although there may be specialized databases held by other agencies to which the FBI would not have access, information available to the committee suggests that the databases used for the current SRA are equivalent or comparable to those used for most other federal screening processes. The committee concluded that the databases being used in the SRA are consistent with current U.S. government practices in determining the eligibility of persons to have access to classified and proprietary information and sensitive sites and are adequate for assessing whether applicants possess disqualifying background/activities. Adding a Mandatory Drug Test The current SRA addresses past use of illegal drugs only through database checks that identify anyone convicted of a crime carrying a potential prison term greater than one year, which would include drug-related crimes. By contrast, the general application form for a federal security clearance (Form SF86) maintained by the Office of Personnel Management (OPM) asks about illegal use of any controlled substances or prescription drugs since the age of 16 or within the past seven years, whichever is shorter. A number of federal agencies—and private firms as well—have concluded that experimentation with illegal drugs is so common among U.S. young adults that the agencies do not consider that admission of past use necessarily makes someone ineligible. Acknowledgment of past illegal use of drugs is not automatically disqualifying in these cases, although any applicant who did admit to past use could expect to be questioned further. In any case, agencies would terminate an employee who continued that use once on the job. As opposed to past and noncontinuing use, the current SRA policies with regard to current use of illegal drugs are consistent with the broader federal approach. Public Law 110–181, Section 3002, prohibits any officer or employee of a federal agency, including active-duty military and federal contract employees, from being granted, or maintaining continued eligibility for, a security clearance if they are an unlawful user of a controlled substance or an addict. No waivers are permitted, which is consistent with the SRA.8 The SRA assesses current use through a question on the application form (see Appendix D), but the issue is 8 Information provided by electronic communication with OPM and the Office of the Director of National Intelligence, August 6, 2009.
OCR for page 80
Responsible Research with Biological Select Agents and Toxins whether to add a mandatory test to verify an applicant’s statement that he or she is not using illegal drugs. In addition to potential security risks, use of illegal drugs could be regarded as a safety issue. Successfully passing a drug test could also be considered a sign of reliability or evidence of respect for the law. This type of testing is becoming more common in industry and government, but not in academia. Routine drug testing could also be part of ongoing monitoring of employees. The committee concluded that there was insufficient information to say that routine or random drug testing would significantly reduce the risk of an insider threat. The committee noted, however, that use of illegal drugs provides insight into a person’s judgment and reliability, which are critical attributes for those with access to highly pathogenic infectious agents. If the select agent list is stratified, consideration could be given to adding a mandatory drug test for those who would have access to agents in the highest risk group. Adding a Credit Check or Financial History An obvious omission from the current SRA is querying an applicant’s financial and credit history. At least some consideration of credit history is common in many sectors as part of pre-employment screening and standard practice in federal security clearance and suitability investigations. In most cases, however, the issue is not one of an individual’s level of debt per se, but whether spending patterns provide a means to assess judgment and reliability and possible vulnerabilities. This information would be a logical element for inclusion in ongoing assessment and monitoring of employees, which is discussed later in the chapter. A major reason for considering addition of financial information is that greed or susceptibility to bribery has been found to be a factor, in some cases, in the decision to become an accomplice to those undertaking illegal acts. Most espionage cases during the end of the Cold War, for example, involved spies acting out of economic rather than ideological motivation (Herbig and Wiskoff 2002). However, a 2008 analysis of data collected by the Defense Personnel Security Research Center on about 170 U.S. citizens who committed espionage between 1947 and 2007 showed a more complicated picture: “Since 1990, money has not been the primary motivation for espionage. While getting money was the sole motive for 47 percent of the first cohort9 and 74 percent for the second cohort, since 1990 only 7 percent (which represents one individual) spied solely for the money. Money remained one of multiple motives in many recent cases as well” (Herbig 2008:ix). Since 1990, 35 percent of the spies that were apprehended were naturalized citizens (as compared to 80 percent native-born before that time), 58 percent had “foreign attachments” (relatives or close friends overseas), 9 The analysis divides the cases into three cohorts: those that began their spying between 1947 and 1979; those that began between 1980 and 1989; and those that began in or after 1990.
OCR for page 81
Responsible Research with Biological Select Agents and Toxins and 50 percent had foreign business or professional connections, with the result that, whereas “divided loyalties” were the sole motive for less than 20 percent prior to 1990, since 1990 that number has increased to 57 percent (Herbig 2008:vi-vii). “Since 1990, the proportion of American spies demonstrating allegiance to a foreign country or cause more than doubled to 46 percent compared to the 21 percent in the two earlier cohorts, reinforcing the sense that globalization has had a noticeable impact and that the influence of foreign ties has become more important since 1990” (Herbig 2008:x). A formidable barrier to adding financial history as a consideration to the current SRA, however, is that there is no clear indicator or threshold from which to base a decision about whether someone should be automatically disqualified. Any assessment would need to be appropriate for the particular segment of the applicant pool. For example, many students and those in training will have student-loan debts, some of them very heavy. Trainees are also likely to have relatively low salaries, especially relevant to their educational attainment. Scientists from outside the United States may not have a credit history that would permit them to obtain credit cards and other normal measures of financial responsibility. Judgment would inevitably be required, and the current SRA process does not include that kind of discretion. The committee concluded that the difficulties of establishing a meaningful baseline make adding credit or financial history to the current SRA screening process too challenging. In any event, signs of sudden, unexplained affluence or evidence of irresponsible financial behavior would be appropriate to consider as part of the process of monitoring employees’ behavior. Adding an Adjudication Process The current practice of automatic and permanent denial of eligibility for anyone who reveals or is found to have any disqualifying factor has raised concern. The current SRA system has no statute of limitations on disqualification: it does not matter how long ago the offense was committed. There is also no consideration of extenuating circumstances. The only appeal is to permit correction of factual errors. By contrast, information collected under other current federal suitability and security screening is subject to an adjudication process, whereby issues such as how long ago the offense occurred, whether recent behavior shows positive or negative trends, and mitigating circumstances are taken into account to determine whether to grant access to protected information. Guidelines for making these determinations are available and periodically reviewed and updated (White House 2005). The appeal process also can take these factors into account in assessing whether a decision to deny access was justified. The committee considered whether the SRA process should more closely mirror the security screening process by introducing adjudication to provide
OCR for page 82
Responsible Research with Biological Select Agents and Toxins an opportunity for considering the circumstances of a disqualifying offense. Although the reform measures undertaken in response to EO 13467 are reducing the processing time for security and suitability investigations, introducing judgment into the current process would almost certainly make the screening longer and more expensive (see Chapter 2 for discussion about security clearance investigations). The research community has already expressed concern about the length of time needed to clear personnel for access, so adding to the time would likely be perceived as a further inconvenience. Moreover, the small number of exclusions suggests that adjudication need not be incorporated in all cases, but only as part of the appeal process. The committee concluded that the questions raised about the current automatic and permanent disqualifications were sufficiently serious that it would be worthwhile to change the system to incorporate a broader appeal process more aligned with personnel security practices already in place across the government. Recommendation The committee’s conclusions with regard to potential changes to the SRA are conditional because we believe the appropriateness of additional measures, in some cases, depends on whether or not the recommendation in Chapter 5 to stratify the list of select agents and toxins by risk groups is adopted. A stratified list, which presumably would restrict the highest level of security measures to a smaller set of agents and toxins, would also dictate a stratified SRA that could add additional requirements only to those who would work with those agents and toxins in the most stringent risk group. RECOMMENDATION 5: The current Security Risk Assessment screening process should be maintained, but the appeal process should be expanded beyond the simple check for factual errors to include an opportunity to consider the circumstances surrounding otherwise disqualifying factors. Identifying Potential Insider Threats through Testing Introduction Policy discussions have included the issue of whether to require more extensive testing and evaluation of applicants to work with BSAT materials, perhaps as part of a formal Personnel Reliability Program. Some government agencies and private entities, including academic institutions, have considered undertaking additional screening using psychological or psychophysiological
OCR for page 83
Responsible Research with Biological Select Agents and Toxins tests. This section discusses the types of testing available and what is known about their appropriateness and effectiveness for these purposes. Given the various definitions of what constitutes an insider threat (see Chapter 1), at least two different types of problems need to be addressed when individuals are screened to identify those potentially posing a threat. One set of problems arises in determining the normal range of adult personality; persons outside of this range would be identified as those who either might attempt deliberate deception or those who might be susceptible to corruption or recruitment to aid in the theft of materials or acts of sabotage. Another set of problems involves identifying individuals suffering from a range of serious personality disorders that might lead to their using BSAT materials to deliberately cause harm or assist others in doing so. In making these broad and admittedly inexact distinctions, we are not addressing individuals who might provide unwitting aid through a lack of awareness and those who might be subject to coercion that background checks can help identify. There is an extensive literature on approaches to identifying insider threats, including from terrorists (see discussion below). There is also extensive experience from government and the private sector using various types of tests for screening purposes. Currently available tests fall into two broad categories. Polygraph exams are the best known and most commonly used example of psychophysiological tests, which rely on assessing the body’s physiological responses. Psychological tests include both “normal range” testing and tests that measure possible aberrant or psychopathological traits. Polygraph Testing Polygraph testing is described here because it is used by some government agencies for national security screening—including some who may conduct BSAT research. A polygraph is an instrument that measures and records several physiological responses such as blood pressure, pulse, respiration, breathing rhythms, body temperature, and skin conductivity while the subject is asked and answers a series of questions; it is based on the theory that false answers will produce distinctive measurements that a skilled examiner will be able to recognize and interpret. The polygraph is used in a variety of settings for (1) investigation of specific incidents—such as in law enforcement situations, (2) evaluation of current employees, and (3) assessment of prospective employees. The NRC produced a report on The Polygraph and Lie Detection in 2003 at the request of the Department of Energy, which had begun using polygraph testing for some personnel at nuclear weapons laboratories in response to the alleged spy activities of Wen Ho Lee at Los Alamos National Laboratory. In addition to its extensive review of polygraph testing, the study also examined
OCR for page 94
Responsible Research with Biological Select Agents and Toxins of appropriate behavior. Training and educational experiences will have to be multifaceted to address the many interrelated issues in promoting the culture of trust and responsibility that Recommendation 1 seeks to instill. Although some training will need to be tailored to particular segments of the BSAT community, at least some discussions need to include everyone. It seems particularly important, for example, to foster discussions among and between the scientific and technical staff and those with responsibility for security so that common understanding can be built. Leadership Development Incorporating engagement as a critical factor in managing a safe and secure workforce should be part of leadership development, but the requirement for engaged management may not come naturally to laboratory managers and officials. Most scientific laboratory managers attain their position by intellectual achievement. The qualities that lead to success as an outstanding researcher do not necessarily relate to management skills. Moreover, many who are promoted to supervisory positions in laboratories are not provided opportunities for training in management. Nevertheless, there are many good laboratory managers who do provide engagement and oversight. Since the principal investigator is the most likely individual to interact regularly with a broad cross-section of research and technical staff, he or she will need particular support in the form of resources to acquire the skills needed for effective engagement and monitoring. The diversity of facilities carrying out BSAT research makes it difficult to offer generalizations about approaches to this kind of leadership development that would apply nationally. Such resources may be more readily available in federal laboratories or private and commercial entities, where management training is more often provided and encouraged, than in academic environments, where managers maintain a greater degree of independence. Moreover, the opportunity to develop and/or sharpen management skills seems less likely to be seen as important for an academic scientific career than for a career in private or government environments. Education to Raise Awareness and Foster Responsibility Building a culture of trust and responsibility to reduce the risk that BSAT materials might be stolen for use by terrorists or used in acts of sabotage in the laboratory can draw upon longstanding traditions in the life sciences as well as more recent efforts focused on security risk. The iconic example of the life sciences’ exercising responsibility is its response in the early 1970s to concerns about potential safety risks arising in the then newly developing field of recombinant DNA research. The 1975 Asilomar Conference on Recombinant DNA brought scientists together to discuss risks of manipulating DNA from
OCR for page 95
Responsible Research with Biological Select Agents and Toxins different species. The results of the meeting led to the National Institutes of Health’s (NIH) issuing its Guidelines for Research Involving Recombinant DNA Molecules and creation of a process for reviewing proposed experiments that continues today.16 The Human Genome Project created an ethical, legal, and social implications program to explore how advances in genetics intended to improve human health could proceed without undermining other dimensions of human well-being.17 More recently, concerns have been raised about the so-called “dual use dilemma” of the life sciences, in which results of research intended for beneficial purposes, such as therapies against infectious diseases, might be misused for biological weapons or bioterrorism. This has led to calls for educating the life sciences community about its responsibility to reduce such risks. Dual use research is a broader concept than BSAT, but it is reasonable to assume that much of the research conducted under the Select Agent Program could potentially be considered dual use. A series of NRC reports has endorsed education on dual use issues (NRC 2004ab, 2006, 2007b, 2009ab). The NSABB has proposed that all federally funded researchers in the life sciences receive training about dual use issues (NSABB 2007) and, at the time of this report, the proposal is under review by an interagency working group. The American Association for the Advancement of Science (AAAS) and the Federation of American Societies for Experimental Biology (FASEB) have also recommended training programs, although both stop short of recommending that such programs be mandatory (AAAS 2008; FASEB 2009). This suggests that education for BSAT researchers might be able to draw on and fit within at least some of these initiatives, especially if the NSABB’s recommendation of mandatory training is adopted. In most cases, recommended training on dual use issues is viewed as becoming part of other, broader training for life scientists on responsible conduct, rather than as standalone activities. In the United States, there are three types of existing education to which the kind of training envisioned by the committee naturally might be added. Biosafety training has not traditionally included security issues, but there is evidence that some training programs have added discussions and modules (AAAS 2009; the appendix includes a list of training programs). This might be the venue best able to reach the full range of laboratory technical and research staff, as well as those outside academia. NIH mandates training in the responsible conduct of research (RCR) 16 The current version of the Guidelines is available at <http://oba.od.nih.gov/rdna/nih_guidelines_oba.html>. The first revisions to the scope of the Guidelines are currently being made to reflect the implications of the new field of synthetic genomics. 17 See <http://www.ornl.gov/sci/techresources/Human_Genome/research/elsi.shtml> for more information.
OCR for page 96
Responsible Research with Biological Select Agents and Toxins for those who are supported by its training grants (NRC 2009c). RCR training is frequently cited as the most promising U.S. venue for dual use education; although its scope would have to be expanded beyond the current focus on research integrity and beyond those supported by its training grants to reach a much broader segment of life scientists, there are signs the RCR community is interested in the opportunities dual use education offers (AAAS 2008). Bioethics training, which largely reaches those in biomedical research including BSAT researchers, offers another potential venue, and, again, there are signs of interest from some in that community in taking on the additional issues (AAAS 2008). It was not within the committee’s charge to offer highly specific recommendations on how best to undertake the education and training needed to foster the culture of trust and responsibility that is recommended. The committee believes, however, that whatever venue is chosen—and all of them might be appropriate for particular contexts in order to reach the range of BSAT research entities—educational materials will need to be developed and resources provided to support and sustain implementation. Box 4-2 offers two BOX 4-2 Sample Educational Materials for Considering Dual Use Research Issues The Federation of American Scientists’ Case Studies in Dual-use Biological Research illustrate the “dual use” potential of actual life science research. The case studies provide a historical background on bioterrorism and bioweapons and the current laws, regulations, and treaties that apply to biodefense research. They include interviews with researchers as well as the primary scientific research papers and discussion questions meant to raise awareness about the importance of responsible biological research. The case studies are available at <http://www.fas.org/programs/ssp/bio/educationportal.html>. The Policy, Ethics and Law Core of the NIH-funded Southeast Regional Center of Excellence in Biodefense has developed an online module to assist those involved with the biological sciences to better understand the “dual use” dilemma of some life science research. This module is intended for graduate students and postdoctoral scholars, faculty members, and laboratory technicians involved in biological research in microbiology, molecular genetics, immunology, pathology, and other fields related to emerging infectious disease and biodefense. The module consists of an approximately 20-minute online presentation followed by a brief assessment and has been used by more than 600 people. The module is available at <http://sercebtraining.duhs.duke.edu/>.
OCR for page 97
Responsible Research with Biological Select Agents and Toxins examples of current online resources to illustrate some of the types of materials that would be needed. The report of a workshop on ethics education held in 2008 by the National Academy of Engineering’s (NAE’s) Center for Engineering, Ethics and Society (NAE 2009) offers an introduction to some of the current thinking about the components of effective ethics education in science and engineering. The NSABB’s strategic plan for outreach and education on dual use issues (NSABB 2008) and the AAAS workshop on dual use education (AAAS 2008) offer ideas focused more directly on BSAT-related issues. Here, the agencies overseeing and supporting BSAT research and the professional societies, separately and in collaboration, can play a major role in supporting and disseminating materials and sharing successful practices. Current Training by Registered BSAT Entities The Select Agent Program requires all registered entities to provide training in biosafety and security before individuals can enter areas where select agents and toxins are handled or stored (7 CFR 331.15(a) and 9 CFR 121.15(a)). The training “must address the particular needs of the individual, the work they will do, and the risks posed by the select agents or toxins.” Annual refresher training is required, and an entity’s training program is included in inspections conducted by the Centers for Disease Control and Prevention (CDC) and the Animal and Plant Health Inspection Service (APHIS). Current training programs are primarily technical, focusing on biocontainment and biosafety practices and the details of a facility’s security plan. Required training offers an opportunity to reach all participants in BSAT research with at least some essential messages that will promote personnel reliability. Support for this type of training was strongly endorsed during one of the committee’s site visits. The committee believes that, without substantially increasing the time entailed in security training, a module focused on the risk of an insider threat could be added. At a minimum such a module could include the likelihood of warning signs and examples of what they might be, the expectation for peer and self-reporting, and the resources available to make a report. CDC and APHIS could work with federal security agencies or with outside experts to develop relevant materials for use by entities or provide resources that entities could use to develop their own. Discussions about individual responsibility and updates on available resources could be part of the required refresher training. Systems for Peer and Self-Reporting Specific examples of programs already exist in many laboratory settings to assist with some of the aspects of monitoring behavior as part of safety that can support monitoring for security as well. When warning signs appear, peers and
OCR for page 98
Responsible Research with Biological Select Agents and Toxins colleagues are most likely to be in a position to notice them. Part of the culture of trust and responsibility includes individuals’ feeling encouraged to report on themselves and others if they find signs of trouble or feel that an individual poses a safety or security risk. To enable coming forward, it is important to provide reporting mechanisms that individuals trust. Management plays an essential role and has important responsibilities. It is management’s responsibility, for example, to provide or permit mechanisms for people to self-report problems and relay concerns about others via a safe mechanism (e.g., ombuds offices, hotlines, and/or confidential reporting systems). Management may also provide mechanisms for individuals to obtain help in dealing with concerns proactively via employee assistance programs (EAPs). Although often focused on safety concerns, these processes can serve security as well. In creating “safe” reporting mechanisms, it is important to be sensitive to management’s need for information and its ultimate responsibility for whatever happens. In some cases, including the BSAT program, there may be legal requirements, including potential civil or criminal penalties for noncompliance, as part of managers’ responsibilities to assure security. Encouraging reporting can be difficult even if most of those working in a facility believe that they can trust their managers. Where managers are considered “part of the problem,” the difficulties of creating effective reporting mechanisms multiply. Simply requiring such reporting is not an answer if the basic culture of trust is absent. In fact, imposing reporting requirements in the wake of an incident may have negative consequences, unless those affected believe it is part of a positive change and is not punitive or palliative. Reporting Systems: The Ombuds Many organizations that made presentations during the public consultations for the NSABB report and the EO Working Group described reporting systems for identifying problems. In addition, the committee heard a presentation from two experienced ombuds at its first meeting, who reported their research on why people do or do not report “inappropriate” behavior: Most people consciously or intuitively consider the context when they perceive behavior that they think is wrong. They may consider the rules—and also the actual norms—of their organization, about acting on the spot or “coming forward.” They may review their own and their colleagues’ perceptions of the local supervisor. They may, consciously or intuitively, evaluate their complaint system and its options, in terms of safety, accessibility and credibility. Recent events may also affect peoples’ actions. Personal factors include how people understand the issues at hand, their personal preferences, gender and cultural traditions, and their perceived power or lack of power. People also may behave differently depending on their role in the situation—as an injured party, a perpetrator, supervisor, senior officer, peer or “bystander.” (Rowe et al. 2009:10)
OCR for page 99
Responsible Research with Biological Select Agents and Toxins Although not directed at the problem of preventing an insider threat of bioterrorism, the findings are informative for thinking about the design of systems for reporting and self-reporting. The research cited above concluded that: “There is no single policy that will make an organization seem trustworthy and no single procedure or practice that will guarantee that people will overcome all the barriers to coming forward. A well-publicized commitment to fairness and to procedural justice may be a good beginning” (Rowe et al. 2009:24; italics in original). The findings of an extensive review of the literature on reporting systems identified five “core” characteristics of the most effective ones, which are summarized in Box 4-3. Occupational Health Programs A monitoring program intended to identify problems before they occur may take advantage of programs already in existence for other purposes. In situations where the health and safety of workers is a BOX 4-3 Core Characteristics of Effective Reporting Systems Elegance—simple to understand, apply to a broad range of issues, and use an effective diagnostic framework. Those who manage the system should be able to respond definitively to the issues raised. Accessibility—easy to use, with information about how to report or file a complaint widely advertised and readily comprehensible. Correctness—(1) relevant input about the problem can be reported, (2) the organization can investigate and call for more information if needed, (3) a system exists for classifying and coding information in order to determine the nature of the problem, (4) employees can appeal lower-level decisions, and (5) both procedures and outcomes make good sense to most employees. Responsiveness—at the most basic level, responsive systems let individuals know that their input has been received. Responsive systems provide timely responses, are backed by management commitment, are designed to fit an organization’s culture, provide tangible results, involve participants in the decision-making process, and give those who manage the system sufficient clout to ensure that it works effectively. Nonpunitiveness—essential if employees are to trust the system. Individuals must be able to present problems, identify concerns, and challenge the organization in such a way that they are not punished for providing this input, even if the issues raised are sensitive and highly politicized. If the input concerns wrongdoing or malfeasance, the individual’s identity must be protected so that direct or indirect retribution cannot occur. Employees as well as managers must be protected. SOURCE: Sheppard et al. 1992.
OCR for page 100
Responsible Research with Biological Select Agents and Toxins major and continuing concern, institutions may have ongoing relationships with occupational health physicians.18 The current edition of Biosafety in Microbiological and Biomedical Laboratories, which is directly relevant to BSAT research, discusses the need for an occupational health program, although it does not specifically include mention of resources to address mental or emotional health (CDC/NIH 2007). Several representatives of BSAT research facilities who spoke at the public consultations for the NSABB and EO Working Group described these types of arrangements. In some cases, physicians may be responsible for periodically reviewing and certifying the continued fitness of workers, including their mental health (perhaps in consultation with mental health specialists as needed). In others, occupational health professionals are on call to provide assistance to management or employees. When these arrangements work well, they provide a source of assurance that those working in BSAT laboratories are physically and mentally fit to be carrying out their research. Employee Assistance Programs In addition to, or in some settings instead of, occupational health programs, employee assistance programs may play a role. EAPs are benefit programs offered by employers, usually at no cost to employees and as an adjunct to health insurance plans. Very generally, EAPs are intended to assist employees in addressing personal problems that might negatively affect their performance at work (e.g., substance abuse, major life event, financial or legal issues, family relations, workplace relations, etc.). Some degree of assessment, short-term counseling, and referral services are typical components of an EAP. Many employers contract with an outside firm to provide EAP services, since the range and variety of issues that may arise are likely to be beyond the expertise of a normal human resources office. Most EAPs have toll-free numbers that provide round-the-clock access, which is also beyond the capacity of most institutions. In addition to providing confidential resources that employees may seek on their own, in some cases employers may refer employees for performance-related issues. EAPs have the advantage of relieving a manager of the expectation that he or she will be able to diagnose specific problems; instead, the manager’s role is to identify declining work performance and then refer the employee to the EAP. Summing Up Having occupational health specialists available and active in monitoring laboratory personnel could provide genuine assistance in monitoring for insider threats, at least for the type of behavior that is most likely to 18 This section does not address legal requirements that might be imposed by the Occupational Health and Safety Administration (OSHA). Note that the Select Agent Program includes regulations and guidance from OSHA as one of the set of suggested standards for ensuring biosafety requirements of the program (see <http://www.osha.gov/pls/oshaweb/owadisp.show_document?p_id=3359&p_table=OSHACT>).
OCR for page 101
Responsible Research with Biological Select Agents and Toxins be detected. An EAP could support such efforts, and the fact that these types of programs already exist for other purposes has a significant cost advantage. There is the possibility that someone suffering from personal stress that might lead him or her to undertake, or be an accomplice to, terrorism might seek help and in doing so provide an alert.19 If employees believe that seeking help, which might include taking themselves out of the laboratory for a period of time, will not have a significant impact on their careers, then the existence of such programs could have substantial benefit in avoiding larger problems. It is important to note that standard practice in industry is to return people to their safety-sensitive jobs after treatment. This is consistent with the Americans with Disabilities Act and also assures affected employees that partaking in interventions such as through an ombuds office, occupational health program, or EAP does not have “career-ending” consequences. Implementation Because the committee did not conduct a detailed review and assessment of current and potential programs for monitoring, this report can only raise a number of issues that need to be considered in the development and implementation of such programs. The committee notes that these programs could contribute substantially to a safe and secure research environment, although we emphasize that no system can provide complete insurance against the risk of an insider threat. One of the most difficult issues involved in creating a monitoring program is ensuring that peer or self-reporting can be done in a manner that is not damaging or “career-ending.” This applies across the board for all kinds of behavior but becomes increasingly difficult as the behavior in question moves toward instances where someone’s conduct is potentially negligent or even criminal. In such instances, reporting in a system built for safety rather than security becomes problematic. What will be the consequences for a person who reports on him- or herself? Is it more important to learn about the behavior, correct any damage, and perhaps find ways to avoid similar behavior in the future or to be sure that there are consequences for inappropriate actions? When are “zero tolerance” policies productive by establishing clear rules and when are they counterproductive by making people feel they dare not report even unintentional lapses? What happens to a person who “blows the whistle” on a colleague? Which disincentives, such as a fear of being sued, might keep managers from acting on warning signs, which in addition to any security risk, could undermine the integrity of the reporting system? Moving beyond the particular facility or organization, what is the role of those charged with regulating BSAT entities? How do hotlines or other 19 Privacy concerns as well as norms of confidentiality, reinforced by local, state, or national regulations and laws, might hinder reporting these signs to institutional management or authorities, unless protocols were already in place.
OCR for page 102
Responsible Research with Biological Select Agents and Toxins reporting mechanisms maintained by regulatory agencies fit into the picture? What is an appropriate mix, if any, between “compliance assistance,” which might include permitting entities to report violations provided culpability is acknowledged or a plan is in place to prevent future transgressions, and “enforcement”? One message from many of the presentations and the committee’s own discussions was the importance of keeping oversight for reporting systems at the local level to the extent possible. Some of this may reflect the natural reaction of the regulated or potentially regulated to yet another requirement from higher authorities. But there was also a strong sense that many if not most of the problems identified by a reporting system would be most readily and effectively dealt with at the local level. And there is already considerable information flowing upward: the current incident and theft and loss reporting requirements, for example, already provide CDC and APHIS with information about operations in BSAT facilities. For a number of reasons, including increasing the chances of an appropriate and effective response in the event of an incident, it may also be important to use opportunities provided by internal institutional reporting systems to establish constructive relationships with local law enforcement and FBI officials. Anecdotal evidence suggests that building these relationships is challenging, yet the effort involved may be worth it if it contributes to overcoming some of the concerns and “culture clash” found in a 2008 survey by the Federation of American Scientists and the FBI on how scientists view law enforcement (Hafer et al. 2008).20 Summing Up One of the most important recommendations in this report is to foster a culture of trust and responsibility in the laboratory and undertake education and training to support it. The BSAT research community—and the life sciences community more broadly—has a responsibility to help reduce the risk that the results of the knowledge, tools, and techniques developed for beneficial purposes are not misused. Given that no personnel screening process can be 20 “The attitudes of scientists toward law enforcement personnel are not vastly different from those of the general public…. However, a larger percentage of scientists indicated cooler feelings towards the FBI than the general public, suggesting that these reservations are particular to the scientific community and require specific solutions with the scientific community in mind. The results show that scientists hold more favorable feelings towards state and local law enforcement than federal law enforcement. However, when confronted with specific issues or concerns, the responses reveal no significant distinction between interacting with the FBI or with law enforcement in general” (Hafer et al. 2008). The survey, conducted among AAAS members, suffered from a low response rate (just above 13 percent) but those who responded indicated a clear preference for local control.
OCR for page 103
Responsible Research with Biological Select Agents and Toxins expected to predict the behavior of employees in all contexts at all times, active management, monitoring, and support for those working in BSAT laboratories are key components of a comprehensive approach that builds trust and ultimately leads to safer and more secure BSAT research. Such programs are already in place in some of the laboratories carrying out BSAT research, but to be fully effective this type of program needs to be transformed into standard practice throughout the Select Agent Program.
OCR for page 104
Responsible Research with Biological Select Agents and Toxins This page intentionally left blank.