PDF Version




                                                        S. Hrg. 111-353
 
      STRENGTHENING SECURITY AND OVERSIGHT AT BIOLOGICAL RESEARCH 
                              LABORATORIES

=======================================================================



                                HEARING

                               before the

                       SUBCOMMITTEE ON TERRORISM
                         AND HOMELAND SECURITY

                                 of the

                       COMMITTEE ON THE JUDICIARY
                          UNITED STATES SENATE

                     ONE HUNDRED ELEVENTH CONGRESS

                             FIRST SESSION

                               __________

                           SEPTEMBER 22, 2009

                               __________

                          Serial No. J-111-48

                               __________

         Printed for the use of the Committee on the Judiciary




                  U.S. GOVERNMENT PRINTING OFFICE
55-644                    WASHINGTON : 2009
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001



                       COMMITTEE ON THE JUDICIARY

                  PATRICK J. LEAHY, Vermont, Chairman
HERB KOHL, Wisconsin                 JEFF SESSIONS, Alabama
DIANNE FEINSTEIN, California         ORRIN G. HATCH, Utah
RUSSELL D. FEINGOLD, Wisconsin       CHARLES E. GRASSLEY, Iowa
CHARLES E. SCHUMER, New York         JON KYL, Arizona
RICHARD J. DURBIN, Illinois          LINDSEY GRAHAM, South Carolina
BENJAMIN L. CARDIN, Maryland         JOHN CORNYN, Texas
SHELDON WHITEHOUSE, Rhode Island     TOM COBURN, Oklahoma
AMY KLOBUCHAR, Minnesota
EDWARD E. KAUFMAN, Delaware
ARLEN SPECTER, Pennsylvania
AL FRANKEN, Minnesota
            Bruce A. Cohen, Chief Counsel and Staff Director
                  Matt Miner, Republican Chief Counsel
                                 ------                                

            Subcommittee on Terrorism and Homeland Security

                 BENJAMIN L. CARDIN, Maryland, Chairman
HERB KOHL, Wisconsin                 JON KYL, Arizona
DIANNE FEINSTEIN, California         ORRIN G. HATCH, Utah
CHARLES E. SCHUMER, New York         JEFF SESSIONS, Alabama
RICHARD J. DURBIN, Illinois          JOHN CORNYN, Texas
AL FRANKEN, Minnesota                TOM COBURN, Oklahoma
EDWARD E. KAUFMAN, Delaware
                Bill Van Horne, Democratic Chief Counsel
               Stephen Higgins, Republican Chief Counsel


                            C O N T E N T S

                              ----------                              

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page

Cardin, Hon. Benjamin L., a U.S. Senator from the State of 
  Maryland.......................................................     1
    prepared statement...........................................    33

                               WITNESSES

Graham, Hon. Robert, former U.S. Senator from the State of 
  Florida, Chair, Commission for the Prevention of Weapons of 
  Mass Destruction Proliferation and Terrorism, Washington, D.C., 
  statement......................................................    17
Greenberger, Michael, Founder and Director, University of 
  Maryland Center for Health and Homeland Security, and Law 
  School Professor, University of Maryland School of Law, 
  Baltimore, Maryland, statement.................................    23
Kingsbury, Nancy, Ph.D., Managing Director, Applied Research and 
  Methods, Government Accountability Office, Washington, D.C., 
  statement......................................................    20
Pasco, Brandt, Compliance Assurance Program Manager, Department 
  of Homeland Security, Washington, D.C..........................     8
Reed, Jean, Deputy Assistant to the Secretary of Defense, 
  Chemical and Biological Defense, Chemical Demilitarization, 
  Department of Defense, Arlington, Virginia.....................     5
Roberts, Daniel D., Criminal Justice Information Services, 
  Federal Bureau of Investigation, Department of Justice, 
  Washington, D.C................................................     3

                       SUBMISSIONS FOR THE RECORD

Center for Disease Control and Prevention, Select Agent Program, 
  Washington, D.C., statement....................................    35
Graham, Hon. Robert, former U.S. Senator from the State of 
  Florida, Chair, Commission for the Prevention Weapons of Mass 
  Destruction Proliferation and Terrorism, Washington, D.C., 
  statement......................................................    38
Greenberger, Michael, Founder and Director, University of 
  Maryland Center for Health and Homeland Security, and Law 
  School Professor, University of Maryland School of Law, 
  Baltimore, Maryland, statement.................................    43
Kingsbury, Nancy, Ph.D., Managing Director, Applied Research and 
  Methods, Government Accountability Office, Washington, D.C., 
  statement......................................................    73
Pasco, Brandt, Compliance Assurance Program Manager, Department 
  of Homeland Security, Washington, D.C..........................    81
Reed, Jean D., Deputy Assistant to the Secretary of Defense, 
  Chemical and Biological Defense/Chemical Demilitarization, 
  Department of Defense, Arlington, Virginia, statement..........    86
Roberts, Daniel D., Assistant Director, Criminal Justice 
  Information Services Division, Federal Bureau of Investigation, 
  Department of Justice, Washington, D.C., statement.............    93


      STRENGTHENING SECURITY AND OVERSIGHT AT BIOLOGICAL RESEARCH 
                              LABORATORIES

                              ----------                              


                      TUESDAY, SEPTEMBER 22, 2009

                                       U.S. Senate,
           Subcommittee on Terrorism and Homeland Security,
                                Committee on the Judiciary,
                                                     Washington, DC
    The Subcommittee met, pursuant to notice, at 2:42 p.m., 
Room 226, Dirksen Senate Office Building, Hon. Benjamin Cardin, 
Chairman of the Subcommittee, presiding.

 OPENING STATEMENT OF HON. BENJAMIN L. CARDIN, A U.S. SENATOR 
FROM THE STATE OF MARYLAND, CHAIRMAN, SUBCOMMITTEE ON TERRORISM 
                     AND HOMELAND SECURITY

    Senator Cardin. Well, the Subcommittee will come to order. 
Let me apologize for being a few minutes late. The Senate was 
taking its traditional every, I think, 2-year photograph, so 
that's one of the busy moments on the floor of the U.S. Senate. 
So, I apologize for the late start.
    I also want to express Senator Kyl's regrets. He's going to 
try to come by. He is involved in the Senate Finance Committee 
right now on health care reform, and obviously is very busy on 
that issue. So he's going to try to come by, but he wanted me 
to express his strong support for this hearing, the oversight 
role that the Judiciary Committee needs to play on the labs 
that we have, the biological research laboratories in this 
country, and he is very much interested in the recommendations 
that are coming out from the various workgroups and commissions 
that are looking into this matter.
    After the 9/11 terrorist attacks, Americans suffered 
another type of terrorist attack in October of 2001: the 
biological attacks. Letters were mailed to Members of Congress 
using the U.S. Postal Service, ultimately resulting in the 
death and sickening of dozens of individuals. The Federal 
Government responded by increasing funds for bio-defense. 
Congress also implemented the 9/11 Commission recommendations, 
which called for the creation of the Department of Homeland 
Security and urged the government to take stronger measures to 
deny weapons of mass destruction to terrorists.
    High-containment laboratories played a critical role in the 
bio-defense effort and evolved collaborative efforts between 
the public and private sectors, military and civilian 
communities, as well as our international partners. At the same 
time, increasing the number of personnel in laboratories with 
access to these deadly agents may increase the chances of 
accidental or deliberate misuse of hazardous materials, posing 
a significant public health threat.
    Today's hearing will examine the current security measures 
at our laboratories, including both physical security and 
personnel reliability, and look at the best practices in both 
the government and private sector, including our Nation's 
preeminent research laboratories.
    We will also examine the various government agencies that 
have oversight responsibilities for these programs, as well as 
recommendations from organizations as to how to strengthen and 
improve our security at these laboratories, while not unduly 
chilling innovation, research, and collaborative efforts with 
our international allies.
    The FBI recently concluded that the October 2001 anthrax 
attacks were carried out by a government scientist working in a 
biological research lab at Ft. Detrick, in my own State of 
Maryland. I have visited this military base on numerous 
occasions. Just last month, the Army broke ground on a new $680 
million headquarters building for the U.S. Army Medical 
Research Institute for Infectious Diseases at Ft. Detrick, 
Maryland, which will house the most cutting-edge research on 
dangerous biological organisms in the highest possible bio-
safety space known as a Bio-Safety Level IV, BSL-IV. This 
precaution is being used in order to protect the workers at Ft. 
Detrick and the surrounding communities in Frederick, Maryland.
    The laboratories will conduct research on the most deadly 
pathogens known to mankind, including anthrax, the plague, and 
the Ebola virus. I know that our Ft. Detrick employees have 
also been working to help the government to combat swine flu 
and the West Nile virus, among others.
    Panel one this afternoon will examine the executive 
branch's current efforts to strengthen and improve bio-security 
and bio-safety at laboratories, including personnel 
reliability, physical and perimeter security, and inventory 
control. I look forward to hearing from the witnesses from the 
Departments of Justice, Defense, and Homeland Security.
    In panel two, we will receive testimony from outside 
experts, including the recent report on the Commission on the 
Prevention of Weapons of Mass Destruction, chaired by the 
distinguished former Senator from Florida, Senator Graham, who 
has also served as Chairman of the Senate Intelligence 
Committee. We will also receive testimony from the Government 
Accountability Office and the Center for Health and Homeland 
Security at the University of Maryland at Baltimore.
    With that, we will go directly to our first panel, who will 
consist of Daniel Roberts, who is the Assistant Director of the 
FBI's largest division, the Criminal Justice Information 
Services Division, established in 1992 to serve as the focal 
point and central repository for Criminal Justice Information 
Services in the FBI.
    Jean Reed is the Deputy Assistant to the Secretary of 
Defense for Chemical and Biological Defense and Chemical 
Demilitarization in the Office of the Assistant to the 
Secretary of Defense for Nuclear, Chemical, and Biological 
Programs.
    Brandt Pasco was appointed to be the Deputy Secretary to be 
the DHS Compliance Assurance Program Manager. He is an attorney 
in the Department of Homeland Security, Office of General 
Counsel, who supports the Science and Technology Directorate, 
managing an office with 14 staff.
    With that, if I could ask the three of you to please stand 
in order to take the traditional oath of our Committee, and 
then we'll get started with your testimony.
    [Whereupon, the witnesses were duly sworn.]
    Senator Cardin. Thank you all very much. Please have a 
seat.
    Mr. Roberts, we are glad to hear from you.

 STATEMENT OF DANIEL D. ROBERTS, CRIMINAL JUSTICE INFORMATION 
 SERVICES, FEDERAL BUREAU OF INVESTIGATION, U.S. DEPARTMENT OF 
                    JUSTICE, WASHINGTON, DC

    Mr. Roberts. Good afternoon, Chairman Cardin, Ranking 
Member Kyl, and the distinguished members of the Subcommittee 
on Terrorism and Homeland Security. I am Daniel D. Roberts, 
Assistant Director of the FBI's Criminal Justice Information 
Services Division, or CJIS, located in Clarksburg, West 
Virginia. I have served in the FBI for over 22 years, but have 
only held my current position since June of 2009. I thank you 
for the opportunity to appear before this Subcommittee.
    The CJIS Division maintains oversight of two major 
background assessment programs: the more commonly known, 
National Instant Criminal Background Check System, assesses a 
person's eligibility to possess a firearm or explosive; the 
lesser known program, the Bio-Terrorism Risk Assessment Group, 
or BRAG, is similar in mission. BRAG's role is to enhance 
national security and public safety by providing the timely and 
accurate determination of an individual's eligibility to use, 
possess, or transfer select agents and toxins.
    Candidates are evaluated for access to select agents and 
toxins against criteria delineated within the Public Health, 
Security, and Bio-Terrorism Preparedness and Response Act of 
2002, and against prohibitive categories defining a restricted 
person within the USA Patriot Act. Pursuant to the Bio-
Terrorism Act, the Attorney General of the United States is 
charged with using criminal, immigration, national security, 
and other electronic data bases to determine whether an entity 
or an individual is a restricted person.
    The Attorney General delegated this authority to the 
Director of the Federal Bureau of Investigation in January of 
2003. The BRAG began conducting Security Risk Assessments, or 
SRAs, in collaboration with officials from the Department of 
Health and Human Services and the Department of Agriculture in 
April of 2003.
    SRAs are conducted on entities, except Federal, State, and 
local government agencies, including public accredited academic 
institutions, any individual who owns or controls the entity, 
responsible officials, and alternate responsible officials 
managing entity operations every 3 years.
    SRAs are conducted not less frequently than once every 5 
years on individuals requiring access to select agents and 
toxins. A typical SRA takes about 1 month to complete. The SRA 
is different than a full background investigation, such as 
those conducted for security clearances, and complies with the 
requirements of the Bio-Terrorism Act.
    The SRA commences when BRAG receives a candidate's Form FD-
961 and two legible fingerprint cards. The fingerprint cards 
are processed by the FBI's integrated automated fingerprint 
identification system and flagged to identify the record as 
belonging to an individual who underwent an SRA. The FD-961 
data, supplied by the candidate in response to questions 
directly concerning each prohibitor, is then entered into 
BRAG's stand-alone bio-terrorism data base maintained by CJIS.
    The candidate's case is subsequently assigned to a BRAG 
personnel security specialist for research. Upon completion of 
all data base searches, the candidate's status is determined 
and the results are submitted to the sponsoring agency. The 
sponsor provides, in writing, the decision indicating denial or 
approval of access to the candidate.
    If the access is denied, the candidate is advised of the 
specific prohibiting factor applied to them. Candidates may 
appeal the decision via their sponsor within 30 days of 
notification of denial. The sponsor will forward a statement of 
factual basis for the appeal and supporting documentation 
provided by the candidate to the FBI for reconsideration.
    The FBI will review the candidate's documentation and 
research the appropriate data bases. The FBI will either 
overturn the results of the original SRA or sustain the 
original determination of status. The sponsor is again advised 
of the results and, in turn, notifies the candidate in writing 
of the decision.
    Since the inception of the program, the BRAG has completed 
32,742 SRAs; 208 individuals have been restricted. The CJIS 
Division, in close coordination with the Centers for Disease 
Control and Prevention and the Animal and Plant Health 
Inspection Service, is continually scrutinizing and evaluating 
the SRA process. Efforts are ongoing to automate the workflow 
and improve information sharing capabilities.
    Mr. Chairman, I would like to conclude by thanking you, 
Ranking Member Kyl, and this Subcommittee for your service and 
support. I look forward to working with you in the years to 
come as we continue to counter bio-security threats of the 
future. I would also like to personally thank the Department of 
Health and Human Services, Centers for Disease Control and 
Prevention, and the Department of Agriculture's Animal and 
Plant Health Inspection Service for years of unwavering 
support.
    Thank you for the opportunity to appear before your 
Subcommittee, and I look forward to answering any questions you 
may have.
    [The prepared statement of Mr. Roberts appears as a 
submission for the record.]
    Senator Cardin. Thank you very much for your testimony.
    Mr. Reed.

 STATEMENT OF JEAN REED, DEPUTY ASSISTANT TO THE SECRETARY OF 
       DEFENSE, CHEMICAL AND BIOLOGICAL DEFENSE/CHEMICAL 
  DEMILITARIZATION, U.S. DEPARTMENT OF DEFENSE, ARLINGTON, VA

    Mr. Reed. Chairman Cardin, I would request that my printed 
statement be entered in the record.
    Senator Cardin. Without objection, the full statements of 
all of the witnesses will be included in the record today.
    [The prepared statement of Mr. Reed appears as a submission 
for the record.]
    Mr. Reed. Mr. Chairman, it's a pleasure to testify before 
the Committee today. I'm accompanied by Major General James 
Gilman, Commanding General, U.S. Army Medical Research and 
Materiel Command in Ft. Detrick; and Colonel John Skvorak, 
Commander of the U.S. Army Medical Research Institute for 
Infectious Diseases, whom I believe you know; and also by 
Captain Kenneth Cole, who's the Medical Director for the 
Chemical/Biological Defense program, and they're here to bail 
me out if I get in trouble, so I would beg leave to perhaps 
have them provide some of the detailed answers to the 
questions.
    Senator Cardin. You've got a good support team.
    Mr. Reed. Great. They are good people.
    It's a pleasure, again, to be able to have the opportunity 
to discuss with you the safety and security of our Nation's 
biological research laboratories. They are a keystone to our 
Nation's life science research and are essential to developing 
public health infrastructure and medical countermeasures 
crucial to protecting U.S. citizens from biological threats, 
whether as a result of natural or intentional actions.
    Today I will briefly discuss Department of Defense 
regulations, practices, and procedures put in place since the 
2001 anthrax incidents that can be applied to improve 
laboratory bio-security. It is imperative that the 
implementation of best practices on a national scale optimize 
the security of biological agents, while providing minimal 
impact on that life science research necessary to develop 
public health and medical countermeasures against these agents. 
I will provide an overview of how DOD regulations came into 
existence, how they have been implemented, their proposed 
integration into current national efforts, and a possible way 
forward to develop best practices and procedures for Bio-Safety 
Level, BSL-IV, laboratory safety and security.
    Our BSL-III and BSL-IV laboratories operate as a critical 
element of our bio-defense efforts to understand pathogens of 
concern and to develop medical countermeasures to defeat these 
pathogens, whether they are biological warfare agents, or are 
infectious diseases to which our armed forces may be exposed.
    Following the 2001 anthrax incidents, Congress passed a 
series of legislative initiatives to control human, plant, and 
animal pathogens of concern. This legislation led to the 
expansion of Select Agent Regulations, which require each 
Federal agency to conduct safety and risk assessments, but did 
not preclude agencies from implementing efforts above and 
beyond those required by the regulations for safeguarding 
biological select agents and toxins.
    The term ``select agent'' refers to a specific group of 
chemical or biological agents that historically have been 
evaluated and developed for use in weapons. Although the United 
States does not have a biological weapons program, the use of 
this term and its historical connotation as being associated 
with weapons programs heavily influenced the direction the 
Department would take to safeguard biological agents in its 
laboratories.
    Accordingly, the Department drew, from its current chemical 
and nuclear programs, safeguarding measures in developing the 
regulations for so-called biological select agents and toxins, 
which the Department uses only for basic and applied research 
in the development of vaccines, therapeutics, and protective 
countermeasures.
    The current DOD risk management framework for safeguarding 
select agents and toxins consists of a fourfold approach: bio-
safety, bio-security, personal reliability, and agent 
accountability.
    Bio-safety consists of the application of knowledge, 
techniques, and equipment to prevent personal, laboratory, and 
environmental exposure to potentially infectious agents or bio-
hazards. Bio-security refers to the protection, control, and 
accountability of high consequence biological agents and 
toxins, critical relevant biological materials and information 
within laboratories to prevent unauthorized possession, loss, 
theft, misuse, diversion, or intentional release. The 
biological personal reliability program consists of security 
background investigations, as well as medical, mental health, 
and drug screening.
    Agent accountability consists of the registration of 
agents, personnel, entities, and locations, agent inventory 
control, and limiting access to registered personnel.
    All of the above measures implemented by the Department of 
Defense exceed the prescribed requirements of the Select Agent 
Rules. This does not mean that the additional measures 
constitute a series of best practices and procedures, but only 
represents the extrapolation of the DOD current weapon materiel 
safeguarding policies as applied against biological agents. In 
fact, they highlight the challenges that arise from the direct 
application of DOD current policies for safeguarding weapons 
materiel to the unique situation of defense research on 
biological organisms.
    Biological agents differ from nuclear and chemical threats 
by their nature and by virtue of their context. Nuclear and 
chemical agents are entirely man-made; biological agents are 
found throughout nature and exist in the context of infectious 
disease and public health threats, notwithstanding that they 
can be potentially used for hostile purposes.
    This is not to say that there are elements of these 
regulations that could not be incorporated into best practices. 
However, a series of studies, both within the DOD and 
externally, suggest that some elements of this program may be 
too extreme and could not be implemented by other agencies or 
the civilian sector without severe impact.
    For example, the use of Single-Scope Background 
Investigations precludes foreign nationals or personnel having 
limiting factors, such as financial difficulties or prior non-
criminal legal actions, from working with select agents. Such 
background investigations are time-intensive and expensive.
    Additionally, they would preclude a large segment of 
exceptionally qualified and talented researchers, particularly 
foreign national researchers who currently make daily 
contributions to the advancement of medical or other life 
science research, from participating in this activity that is 
so important to the Nation.
    Several recent studies highlight the lack of data to 
demonstrate that such detailed background investigations 
provide substantial value over the current Department of 
Justice Security Risk Assessment. There have been a number of 
internal DOD studies and external studies over the past 2 years 
that have explored the efficacy and efficiency of current and 
proposed regulations and policies to strengthen laboratory bio-
security.
    Reports from the National Science Advisory Board for Bio-
Security and the Defense Science Board were submitted to the 
executive branch with a series of recommendations and policy 
options that can be applied to establishing best practices and 
procedures for the Nation. Reports of Executive Order 13486 
Working Group on Strengthening the Laboratory Bio-Security of 
the United States and the National Academy of Sciences are in 
their final stage of staffing and will be submitted to the 
executive branch in the very near future. Additionally, the 
Trans-Federal Task Force on Optimizing Bio-Safety and Bio-
Containment Oversight is soon submitting its report to the 
executive branch.
    A potential way forward would be to allow the National 
Security Council to use its interagency policy committee 
process in conjunction with input from industry and academia, 
to review the recommendations and policy options from the 
collective reports, and develop an approach for the Nation that 
optimizes the balance between science and security. Once such 
an approach is identified, legislative action could be well-
targeted to ensure the full range of helpful measures needed to 
enable its implementation.
    In summary, the current DOD safety and security measures 
for safeguarding biologicals, select agents, and toxins are 
derived from its protocols that were originally developed to 
safeguard nuclear and chemical weapons materiels, and not the 
biological organisms that are critical to developing defenses 
against our adversaries' biological weapons and naturally-
occurring infectious diseases.
    Although these practices derive from a robust history of 
security, they might not constitute the basis for best 
practices and procedures for the Nation, as they could 
discourage participation by critical organizations and could be 
limiting to medical and other life sciences research programs.
    A more prudent approach would be to exploit the information 
gathered by the various studies conducted over the past 2 
years, develop a series of appropriately tailored policies and 
practices that balance between safety and security and the 
pursuit of a robust biological research and development program 
necessary to ensure the ability to respond to naturally-
occurring pathogens, defense of the U.S. homeland, and 
protection of our service members.
    Senator, thank you for this opportunity to address you on 
this matter of national importance, as well as your continued 
support to the Department of Defense. I would be happy to 
answer any questions the Subcommittee may have.
    Senator Cardin. Thank you very much, Mr. Reed.
    Mr. Pasco.

    STATEMENT OF BRANDT PASCO, COMPLIANCE ASSURANCE PROGRAM 
 MANAGER, U.S. DEPARTMENT OF HOMELAND SECURITY, WASHINGTON, DC

    Mr. Pasco. Chairman Cardin, Ranking Member Kyl, and 
distinguished Senators, thank you for the opportunity to talk 
about the good work being done today at DHS related to bio-
security. It's a pleasure to be back in the U.S. Senate, where 
I started my professional life. I have submitted testimony for 
the record, so I will be brief to ensure there's time for 
questions.
    By way of introduction, allow me to explain, briefly, my 
role at DHS. I was appointed by the Deputy Secretary to be the 
Department's Compliance Assurance Program Manager. I'm an 
attorney in the Office of the General Counsel, who supports the 
Science and Technology Directorate. I manage an office with 14 
staff and an fiscal year `09 budget of approximately $2.8 
million, and I oversee compliance efforts at the Science and 
Technology Directorate, including for biological safety and 
security.
    DHS's compliance program provides an objective and 
independent review of all ongoing DHS life science programs. It 
is a complete programmatic life cycle review. Treaty compliance 
is ensured both at the program's inception and when significant 
changes are proposed. Regulatory compliance is checked 
throughout the life of project execution, and information 
generated by the program is continually reviewed for national 
security concerns.
    The cornerstone of the process is the Department's 
Compliance Review Group, which oversees arms control treaty 
compliance. The Compliance Review Group is comprised of DHS 
senior leadership and chaired by the Deputy Secretary. All 
biological research conducted by the Department must be 
determined by the Compliance Review Group to be compliant with 
U.S. law and our international obligations.
    In generating compliance assessments for the Compliance 
Review Group, projects fall within one of three categories. 
Category 1 projects, as presented, do not raise compliance 
concerns. Three hundred and sixty-eight Category 1 projects 
have been approved by the Compliance Review Group to date.
    Category 2 projects, as presented, might reasonably raise 
the perception of a compliance issue but do not involve the 
National Science Advisory Board for Bio-Security Research 
concern. Eighteen Category 2 projects have been approved by the 
Compliance Review Group to date.
    Category 3 projects, as presented, might reasonably raise a 
perception of compliance and likely do involve research of 
concern. Twenty-two Category 3 projects have been approved by 
the Compliance Review Group to date.
    DHS has established a regulatory compliance program for 
bio-safety, select agent and toxin security, and the care and 
use of animals in research. DHS's select agent and toxin 
research is subject to the regulatory control of the Centers 
for Disease Control and Prevention and Animal and Plant Health 
Inspection Service. At DHS, we conduct significant additional 
oversight because of unique sensitivities related to bio-
defense research, as distinct from conventional public health 
research.
    The regulatory compliance program is significantly driven 
by our treaty compliance efforts. Laboratories conducting 
Category 2 or 3 projects are subject to onsite inspections. 
Other laboratories are visited because we have some indication 
that there may be problems with non-compliance.
    To assist the Under Secretary in exercising original 
classification authority, the Science and Technology 
Directorate established the Classification Review Panel, which 
I co-chair with the Director of Security. DHS has a significant 
priority in maintaining openness in life science research, but 
the nature of bio-defense threat characterization studies 
requires that some elements remain classified to protect the 
public from harm. The Classification Review Panel co-chairs are 
responsible for ensuring that all Science and Technology 
Directorate programs have, and are appropriately applying, 
classification guidance.
    In conclusion, DHS has an exceptionally effective record at 
strengthening biological safety and security in DHS-funded 
laboratories. I thank you for your attention and I would be 
pleased to take any questions you may have.
    [The prepared statement of Mr. Pasco appears as a 
submission for the record.]
    Senator Cardin. Well, once again, let me thank all three of 
you for being here and the work that each of your agencies do. 
I have been to Detrick, as I said in my opening comments. I've 
seen the work that's being done there, the dedicated men and 
women who are serving our country in a very dangerous 
situation, and we very much appreciate their professionalism 
and their dedication to trying to deal with these extremely 
difficult subjects.
    I know that we have a working group that is prepared to 
make recommendations, or at least make a report to the 
administration, and we're looking forward to receiving that 
report. Quite frankly, we thought it would be available by now, 
but we do have at least some of the information that's coming 
out of their work, which I think is useful for us today.
    Let me just raise the first fundamental issue. There are 
about 15 Federal agencies that deal with labs and no one agency 
has primary or full responsibility here. So I listened to your 
testimony. I see Department of Justice indicating that they've 
done Security Risk Assessments on about 32,000 individuals.
    I listened to what Department of Homeland Security said, 
that they're dealing with 42 labs and have done 23 onsite 
inspections. My staff tells me that when we take a look at the 
information on select agents regulations, that there are 390 
entities that have gotten registered, with 15,000 employees. So 
these numbers seem to be not totally consistent.
    I guess my concern is, I don't know who to ask the question 
for in the Federal Government as to, where are the labs? Are we 
satisfied they're properly secure, that are dealing with agents 
that we have concerns about? Does anyone have a handle on the 
inventories we have on these agents, select agents that we're 
concerned about? Is anyone primarily responsible to make sure 
that we have adequate securities in place dealing with these 
labs? Shouldn't we have more direct responsibility?
    I know that, again, I expect that the working group is 
going to deal with this. We have some recommendations from 
other groups that have looked at it. Mr. Pasco, most will turn 
to Department of Homeland Security and say that's the logical 
place to have the responsibility. I had a chance to talk to 
Director Mueller at the FBI. He said his role is pretty 
limited. He does the reviews, gets the information out, but 
he's certainly not responsible for the labs.
    Mr. Pasco. Thank you, Senator. It's an important question 
and I understand why you would be concerned. The Department of 
Homeland Security is, at this point, a funding agency. That is 
to say, we conducted research. My job as the Compliance 
Assurance Program Manager is to ensure that that research is 
compliant with existing regulatory standards. So we have 42 
laboratories that are currently or have recently been involved 
in DHS-funded research.
    As I indicated, we prioritized those for inspections based 
on the nature of the work that's being done there, and then 
also if we have reason to think that there may be compliance 
issues. But our inspections are essentially under authorities 
granted by the FAR, that we would have to inspect work that's 
being performed under contract. So we don't have distinct 
regulatory authority for this type of thing.
    Senator Cardin. I understand that the authority is not 
there. The question is, should you have the authority? Should 
you be able to track what is happening in our Nation on those 
who handle select agents so that we have some understanding of 
the training, some understanding of the best practices.
    Let me just give you one example. You might visit a lab and 
see a procedure that's used for a select agent that is worthy 
of being utilized in more labs around this Nation for the 
purposes of protecting the workforce and protecting the public. 
Is there a mechanism where that information gets out, where we 
can share that type of security information? A university may 
not be dealing with you. They may not be one of the 42 that 
you're talking about, and that's certainly one that you haven't 
inspected, but they may be dealing with the same pathogens. How 
do we coordinate and make sure that we are dealing with these 
pathogens in the safest possible way? Mr. Reed?
    Mr. Reed. Sir, the Centers for Disease Control, Department 
of Health and Human Services, and the Animal and Plant Health 
Inspection Service, Department of Agriculture have the 
responsibility for inspecting all facilities for compliance 
with the select agent programs and maintain----
    Senator Cardin. How did I know that you would mention one 
of the agencies we didn't have at the table today as the 
responsible----
    [Laughter.]
    Mr. Reed. Well, you know, it gives the staff something to 
work on.
    Senator Cardin. We could have had 15 of you up there. My 
point is, there's 15 agencies that do have some responsibility.
    Mr. Reed. Right. And I want to come to that point in just a 
moment. Those two activities maintain a listing of each 
Biological Select Agent being operated on at each laboratory, 
the personnel who are cleared for handling of BSAT and 
inventories, and approve transfers of BSAT between 
laboratories. What we have been doing as a body within the 
interagency for about a year now is to review these issues. 
(And you just alluded to the report that has been provided in 
draft to the administration in response to the President's 
Executive Order is going through its final coordination with 
the interagency.) There needs to be, clearly, someone in 
overall charge of directing that oversight.
    All of the reports that are coming forward note the need 
for activity that can bring that all together. But what we're 
looking for, quite frankly, is the development of, if you will, 
a set of minimal requirements in terms of personnel 
reliability, accounting, security, training, best laboratory 
practices that take into account the views of all the 
stakeholders, and then bringing that together and saying, okay, 
here's what we have done that does represent that balance 
between the critical elements of security for the select 
agents, which quite frankly are of varying degrees of 
virulence. So, you might come out with the idea of a stratified 
system that one might use.
    Senator Cardin. The Commission to prevent the proliferation 
of weapons of mass destruction has suggested a tier approach.
    Mr. Reed. Yes.
    Senator Cardin. I think there are 80 agents today that are 
of concern that are under the regulation. They are suggesting 
tier one would be about eight.
    Mr. Reed. Yes, sir.
    Senator Cardin. Does that make sense? Does that make it 
easier for you to be able to really track those agents that are 
of the most concern, those pathogens that require much closer 
scrutiny on inventory and access?
    Mr. Reed. With my colleagues who have been participating in 
those studies, there would be agreement--yes, there would be. 
It then becomes a question of, what goes in what bin: the 
guidelines for what in terms of the BSL Levels I through IV 
agent categories.
    Senator Cardin. Mr. Roberts, you talked about the 
background checks that you do in regards to the regulations. If 
I understand that correctly--and you were very clear, it's not 
at all the same as what we do for people who need clearance. 
That's a different type of a background check--it seemed like 
what you were describing is mostly getting information from the 
applicant and checking your data bank.
    But do you actually go out in the field? Do you do 
interviews? Is there anything more done as far as checking the 
person's psychological capacities, weaknesses, or checking 
their sources to make sure that it's accurate, the information 
they've given you, which is what we do on clearance where there 
is more direct contact?
    Mr. Roberts. You're right, Mr. Chairman. There is quite a 
bit of difference between what we do for an SRA and what we 
would do for a Top Secret security clearance, for example. No. 
To answer your question, we don't do any interviews, 
neighborhood interviews or interviews of friends or associates 
of the individuals. We do more than just data base checks of 
FBI data bases. We, for example, will check the terror 
screening center data bases, which has access to the entire 
intelligence community. Much of it also filters through ICE and 
their law enforcement center in Vermont as well, so it's not 
just the FBI data base.
    However, I will tell you that the FBI has a very robust 
fingerprint data base, maybe the most robust in the world when 
it comes to criminals being stored--fingerprints being stored. 
We have 60 million-plus fingerprints of subjects on record with 
us at CJIS in West Virginia. So it is a wealth of information 
that we do tap into when we receive the individual's SRA 
package. That's the first place we will start, but it isn't the 
last. But you are correct, sir, that it is just a data base 
check. We do not do further checks in terms of information of 
the individual more than data bases.
    Senator Cardin. And after the person has been cleared by 
the review that you do, what would trigger you looking at that 
person again, if anything?
    Mr. Roberts. There is something. Actually, what we do is we 
put a stop on the individual's fingerprint records. So if, for 
example, any of the 18,000-plus law enforcement agencies that 
are in the United States were to arrest an individual who had 
been through an SRA, we would be notified of that. We place 
what would be a stop in our systems so that we are notified 
anytime they are arrested, and then we would then notify the 
sponsoring agency of that arrest.
    Senator Cardin. So you're actually putting their 
fingerprints into the data bank then, I take it?
    Mr. Roberts. We're actually putting stops into the data 
bank, yes. We're not putting their fingerprints into the whole 
criminal data base, no. We're just putting stops against them, 
their names.
    Senator Cardin. So it's a name? I'm a little confused as to 
how that would come----
    Mr. Roberts. Yes. I'm sorry.
    Senator Cardin. How would they know that's the person?
    Mr. Roberts. Yes. It would be a biographic. It would be a 
biographic, not a biometric. It would be a name search.
    Senator Cardin. And then you would confirm that's the right 
person before, I take it, you would take action?
    Mr. Roberts. Absolutely.
    Senator Cardin. But as a matter of routine, if the person 
was hospitalized for a mental condition, that would not come to 
your attention, would it?
    Mr. Roberts. That is correct, sir. That is a gap in the 
system. If you ask my personal opinion, we have no national 
data base of mental health records that we can lean on. As you 
know, we also manage the firearms check program for the FBI as 
well, and that is also a prohibiting factor for purchasing 
firearms.
    We have some records that have been submitted to us in the 
firearms programs from hospitals, such as the VA hospitals, for 
example, but we are not allowed to share, by law, that firearms 
individual with the BRAG group that does the SRAs.
    So you're correct in that there's a gap there, that we rely 
a great deal on the person's self-admission to a mental 
problem. There are some criminal histories which do identify 
the fact that the individual arrested may have a mental 
deficiency if you query that person and they have a criminal 
record, but beyond that, there isn't much information there 
available, other than what the person self-reports.
    Senator Cardin. So let me come back to Mr. Reed for a 
moment. If we were to use a tiered approach as far as 
regulatory responsibilities, is it conceivable that the 
background check could be--you could differentiate between 
those that are handling the pathogens that are in tier one to 
require a more sophisticated background check for those that 
have access to those types of agents?
    Mr. Reed. I think, Senator, that would quite possibly be 
something one might choose to employ. You would also have 
different levels of security in terms of how the agents are 
handled and stored. In all cases, there would have to be the 
matter of training of the individual investigator in terms of 
the safety and security that had to be employed within the 
laboratory, and there could be very well gradations of that.
    One example that has been used in transferring from the so-
called ``two-man'' rule of nuclear practice--nuclear weapons 
practice or of chemical weapons practice, where you had to have 
two fully qualified individuals, one to check the other and to 
report on the other.
    There are cases, particularly in terms of working with the 
Level I biological agents, if you will, in particular, where 
(in order to reduce the potential for exposure and reduce the 
potential for a mistake, one worker getting in the way of the 
other while working in a quite tight situation) you would have 
a single individual, but under observation remotely. So there 
are a whole series of gradations that could be applied, but the 
issue of training, of oversight by the supervisors and peer 
review, and then self-reporting if an individual felt that they 
were getting stressed out and incapable of operating properly.
    Senator Cardin. I think that's very--that's the types of 
observations I think we need to take a look at. The burden to 
have you do security clearances on every person that would be--
you couldn't handle that, I understand that. But I think we 
have to have a more sophisticated way in which we look at those 
that are handling the most dangerous of the pathogens.
    I think there are some common-sense ways that we can 
differentiate here and could have that done. I know at Ft. 
Detrick there was an issue concerning the inventory of the 
pathogens. I don't know who I want to ask this question to. 
It's not really specific to Ft. Detrick. It's more general as 
to inventory.
    Are you confident that we know where these pathogens are in 
this country and that we have inventory controls, and that if 
something is missing there are adequate procedures in place to 
find out where those pathogens are at all times? It's really, I 
think, a Homeland Security issue more so than a specific 
agency, but I'd be more than happy to let Defense also have a 
crack at it.
    Mr. Pasco. Thank you, Senator. For DHS-funded programs, we 
spend quite a lot of attention on inventory issues. It's one of 
the reasons----
    Senator Cardin. That's not the real question. The real 
question is, Homeland Security is responsible for homeland 
security. We don't really care whether you're giving money to a 
different group or not. If they have control over a pathogen 
that can be used for biological mischief to America, we want to 
make sure that you know where that pathogen is at all times, at 
least our government knows where those pathogens are at all 
times.
    Mr. Pasco. Thank you, sir. You're right, that is the 
question that is underlying it. The Department of Homeland 
Security only has visibility into the programs that we fund as 
far as pathogen inventories. Of course, all of the select agent 
inventories are subject to Centers for Disease Control and 
APHIS regulatory process, but the Department of Homeland 
Security only reviews inventory processes of our own 
laboratories and programs that we are funding.
    Senator Cardin. Well, that's clearly inadequate. I assume, 
DOD, you take responsibility for your own labs? Is that what 
you're----
    Mr. Reed. Yes, sir. But also in the context, we are subject 
to the CDC and APHIS oversight. But it really becomes a 
question of discipline and a culture of safety and security at 
the individual installations. Of course, they're subject to 
inspection on an annual basis by the other two activities, and 
DOD labs in particular, and John Skvorak can probably testify 
to it, and the subject to inspections within the Department as 
well.
    The key issue from my perspective--and I hearken back to my 
experience as an artillery battalion commander--is standards--a 
common set of standards that one can work towards--and a common 
set of inspections and inspection criteria. In order to 
facilitate the research, a common view is that there be a 
minimum standard possible in order to give you the flexibility 
you need, but it needs to be a standard that we apply and that 
we arrive at, I think, administratively and through rulemaking, 
as opposed to through legislation.
    Senator Cardin. Yes. Certainly?
    Mr. Reed. John, do you want to comment on that at all?
    Colonel Skvorak. I think, Senator Cardin----
    Senator Cardin. Could you just state your name for the 
record?
    Colonel Skvorak. I'm John Skvorak, Colonel John Skvorak.
    Senator Cardin. Yes.
    Colonel Skvorak. Mr. Reed, in his opening statement, 
explained a little bit of the challenge that biological agents 
represent as far as inventory relative to chemical and nuclear, 
being naturally occurring and replicating. You know, the 
inspections are a very important part of our ability to 
maintain an accurate inventory. We have the CDC inspections and 
the Army IG inspections. We do 100 percent inventories 
annually. We do disinterested party audits of our inventories 
within the Institute.
    We have different categories of agents as far as long-term 
and working stocks that present unique problems, and we have to 
find unique solutions to inventory those. We have developed an 
in-house data base for us to help maintain and to track 
inventory.
    Obviously the folks at USAMRID understand how important 
inventory is, with the inventory stand-down that we did back in 
February through about 4 months for us to complete that 
process. It is a difficult challenge, but it is, as also was 
said, a cultural change that has to be instituted within the 
laboratory. It's a leadership issue and it's something we can 
just continue to enforce, continue to monitor, and continue to 
use the peer review and outside reviews to make sure that we 
can maintain accurate inventories.
    Senator Cardin. Well, thank you for that. We will wait for 
the recommendations of the in-house working group, but there 
really needs to be better lines of responsibility here. I think 
we all would appreciate having those lines understood. I think 
we also need to differentiate between the different types of 
pathogens as far as the degree of interest.
    Mr. Pasco, I come back to your point. You're giving money 
to a particular entity, let's say, a research lab on a 
particular campus. I've been told that there's a lot of 
collaboration among different institutions on a lot of the 
pathogens, and therefore I assume it's possible, though the 
funds go to one lab, there may be more than one lab involved in 
the work that's being done.
    In fact, it may be done outside the United States. I know 
there's a lot of--so I'm not sure I understand your 
responsibility, even under the limited requirements, limited 
authority that you have. Are you just reviewing the work at the 
lab that is the recipient of your grants? You certainly are 
not--are you looking at who they're working with? Do you have 
any responsibility outside of the United States, if they're 
collaborating with an entity outside of our country?
    Mr. Pasco. Thank you, sir. Yes. In fact, we follow the 
money where it goes through the chain of providers. So it is, 
indeed, possible that you would have--for example, NBAC, the 
national bio-defense laboratory that we're building at Ft. 
Detrick, would have as a subcontractor other companies or 
laboratories around the country, and that they in turn might 
subcontract with laboratories either elsewhere in the country 
or outside of the United States.
    That certainly does happen. So it becomes my responsibility 
to make sure that we are examining the work where it's being 
done. We have not--typically, to address specifically your 
point on international work, we do make sure that, to the 
greatest extent possible, things are being done in a safe way, 
wherever it happens to be done. Is that responsive to your 
question, sir?
    Senator Cardin. Well, you mentioned 42 labs.
    Mr. Pasco. Yes, sir.
    Senator Cardin. And that you do physical inspections on 23, 
because I assume you have reason--you said you had reason to go 
onsite. Are those 42 labs all located in the United States?
    Mr. Pasco. Yes, sir.
    Senator Cardin. So then, in fact, if the collaboration is 
outside of the United States, you really don't have much 
ability to follow that money.
    Mr. Pasco. Well, what we would likely be doing is probably 
a paper-based review. That is to say, we would ask the 
laboratory--whether it's in the United States or not, we would 
ask them to provide certain basic documents to us. We'd like to 
see what their security protocols are, what their safety 
protocols are, what is the type of training that they require 
for their staffs?
    Information could be requested about the basic facility. 
And you can learn a lot about the health of a program by that 
type of documentation review, and we would use that, whether 
the lab was in the United States or not, to understand the 
management practices of that facility and whether we would have 
a reason to want to send inspectors to physically visit.
    Senator Cardin. Let me ask one last question on perimeter 
security for our government labs. Is there a uniform protocol 
for perimeter security if you're dealing with the Level IV 
labs? Is that established? Is there a need for a review of 
that, considering the higher risk factors today in regards to 
those interested in weapons of mass destruction?
    Mr. Reed. Let me attempt to respond to that in a general 
sense in terms of what needs to be there, if I may. We have a 
bio-defense campus that you're very familiar with that is being 
established at Ft. Detrick, where we're having laboratories 
from Department of Homeland Security, from the Department of 
Health and Human Services, and from the Department of Defense 
co-located and contiguous.
    If we do not have a common approach to the establishment of 
security for that laboratory, that laboratory complex, we will 
have three independent laboratories that are not able to 
coordinate their activities in the way that I think was 
originally intended when that was established in concept.
    And so from that standpoint, I think that's one of the key 
things that we really need to get to, and then to extend those 
sorts of standards, those sorts of requirements really 
throughout so we know the way the various materials are being 
protected and we have an ability to inspect against that.
    I'm going to ask Captain Cole to respond, if I may, just 
for a moment from the standpoint of the international issue.
    Ken.
    Captain Cole. I am Captain Kenneth Cole. I'm the Medical 
Director of the Chemical/Biological Defense Program within DOD. 
With respect to your question of overseas labs, of course, the 
DOD does operate several overseas labs. These laboratories--our 
primary mission is bio-surveillance, for the protection of not 
only our service members overseas, but for also providing data 
for the World Health Organization, as well as our own public 
health infrastructure in the United States on emerging 
diseases, as well as endemic diseases like the seasonal flu, 
among other things.
    Part of the agreements we have with the countries which we 
participate in is to have full and open collaboration with 
those countries in terms of the monitoring and the exchange of 
information, as well as exchange and collaboration of samples 
with those laboratories. So in those aspects, we do inspect 
those laboratories on our own for compliance with select agent 
rules and the DOD regulations.
    However, we do have to put into certain places waivers to 
certain exemptions of the requirements in order to allow, under 
treaties and other agreements we have with these countries, the 
exchange of information, as well as exchange of samples that 
are required to have a rapid response to an emerging or endemic 
disease outbreak.
    Senator Cardin. Well, let me thank you again for your 
testimony and answering our questions. This is an ongoing 
interest to our Committee. I know there are other committees in 
the Senate that are also interested. We're going to try to 
coordinate our response. We clearly are interested in the 
recommendations that come out of the working group and we'll 
look forward to not only their report, but the administration's 
response to those reports.
    We will follow up with Health and Human Services to get 
their feedback. I know we're all interested in protecting the 
security of our country. These labs, they do extremely 
important work and we want to make sure there's a working 
ability to get the job done, but with maximum protection to the 
public and the security of our country. So, thank you all very 
much. Appreciate it.
    Our second panel will consist of Hon. Bob Graham, our 
former colleague and Chairman of the Commission for the 
Prevention of Weapons of Mass Destruction Proliferation and 
Terrorism. He has spent a total of 38 years in public service; 
a two-term Governor of the State of Florida, before serving for 
18 years in the U.S. Senate. He's also spent 12 years in the 
Florida State legislature. Senator Graham is recognized for his 
leadership on issues ranging from health care and environmental 
preservation to his 10 years of service on the Senate Select 
Committee on Intelligence, including 18 months as its chair 
from 2001 to 2002.
    We also welcome Dr. Nancy Kingsbury, who's the Managing 
Director for Applied Research and Methods at the U.S. 
Government Accountability Office, where she is responsible for 
managing GAO's advanced analytical staff, including economists, 
computer engineers, statisticians, social scientists, analysts, 
program evaluation experts, and scientific specialists.
    And last, let me welcome back Michael Greenberger, who's 
the Director of the Center for Health and Homeland Security at 
the University of Maryland, and a professor at the School of 
Law. The center works on a broad range of homeland security and 
emergency response issues for the Federal, State, and local 
governmental agencies, as well as medical researchers. It's a 
pleasure to have all three of you.
    As is the tradition of the Judiciary Committee, if I could 
ask you to stand for the oath, and then we can get on with your 
testimony. Thank you.
    [Whereupon, the witnesses were duly sworn.]
    Senator Cardin. Thank you all very much. Please have a 
seat.
    Senator Graham, it's a pleasure to have you back here in 
the U.S. Senate. I miss your good advice that I remember with 
fondness, working with you when I was in that other body that, 
quite frankly, I don't understand why we need today now that 
I'm over in the Senate.
    [Laughter.]
    Senator Cardin. But it's a pleasure to have you before our 
Committee.

   STATEMENT OF HON. ROBERT GRAHAM, FORMER U.S. SENATOR FROM 
  FLORIDA, CHAIR, COMMISSION FOR THE PREVENTION OF WEAPONS OF 
  MASS DESTRUCTION PROLIFERATION AND TERRORISM, WASHINGTON, DC

    Senator Graham. Thank you very much, Mr. Chairman. And no 
comment on your last comment.
    [Laughter.]
    Senator Graham. Mr. Chairman, I appreciate the opportunity 
to testify before your Subcommittee today.
    First, a little background. The Commission that I chair was 
founded by the Congress at the suggestion of the 9/11 
Commission, which had found that the ultimate catastrophe for 
this country would be when the worst weapons fell into the 
worst hands. The response of the Congress was to establish a 
commission to review our current policies to avoid 
proliferation and make recommendations for the future.
    We did so in a report entitled, ``World At Risk'', which 
was published in December of '08. Then the Congress asked us if 
we would stay for another year and work with it, as well as the 
administration, in implementing our recommendations, which we 
were honored to do, and I appreciate the opportunity that you 
are affording me today on behalf of the Commission to do so.
    I would like to use my time to give somewhat of an overview 
of where I see the issue of biological weapons fitting into the 
larger picture of preventing the proliferation of weapons of 
mass destruction.
    Mr. Chairman, our Commission made three basic findings. 
One, that since 9/11, we have become less safe, not because we 
have not been diligent in executing policies designed to 
increase our security, but because our adversaries have been 
moving at a more rapid pace and the environment in which this 
competition is occurring gives an advantage to the kind of 
people that our adversaries are.
    The second finding was that, without urgent action, that it 
is more likely than not that a weapon of mass destruction will 
be used someplace on earth between December 2008 and the end of 
2013. That was an assessment reached after consultation with a 
wide range of scientific, intelligence and law enforcement 
experts in this country and abroad. We were given some 
underpinning in that recommendation when, two weeks after our 
report was issued, the then-Director of National Intelligence, 
Mike McConnell, made almost precisely the same prediction.
    The third, is that a weapon of mass destruction is more 
likely to be a biological weapon than a nuclear weapon, for 
reasons that I will comment on in my further statement.
    I believe that there are three clocks running. The first 
clock is a 2013 clock. As I stated, the Commission concluded 
that it was more likely than not that a weapon of mass 
destruction would be used by 2013. The second clock is a 2010 
clock. Under the principal international treaty for nuclear 
proliferation avoidance, the nonproliferation agreement, there 
is, every 5 years, a meeting of the signatories to review 
what's happened in the last 5 years and make recommendations 
for the future. 2010 will be such a year. We believe it is 
critically important that 2010 be used aggressively to deal 
with some of the current gaps and weaknesses in our 
international treaty on nuclear proliferation.
    That issue is primarily in the executive branch. The 
Congress has legislated extensively in the area of nuclear 
proliferation. Most of the heavy lifting to be done must be 
accomplished by the executive branch. I'd like to commend 
President Obama for his initiative, the statements that he has 
made, such as that that he made in Prague, and calling for a 
summit in March of 2010 to precede the conference of the 
signatories to the nonproliferation treaty that should energize 
the work of that conference.
    The third clock is a 2011 clock. As the nonproliferation 
treaty is the basic document for nuclear nonproliferation, the 
Biological Weapons Convention of 1972 has the same role for 
biologicals. It also has provision for periodic review. The 
next review will take place in 2011.
    We believe it is imperative that the United States use its 
influence in order to achieve some significant reform in the 
structure of our dealings with biological proliferation. In 
many ways, the biological treaty is in greater need of amending 
than the nuclear treaty. We also believe that, for the United 
States to play that role of leader, we must lead by example.
    This issue is primarily a Congressional issue. We believe 
that the legislation that Congress, hopefully, will enact in 
the next few months will set the gold standard of what a 
country should do to avoid the proliferation of biological 
weapons, and that that will put us on the moral high ground as 
we go into the 2011 convention to get other countries to see 
our standard as one to which they should also aspire.
    Mr. Chairman, we have felt that there were two principal 
strategies for biological defense against proliferation. One, 
is very similar to the basic strategy for nuclear, which is to 
avoid the terrorists getting access to the materials necessary 
to make, and then distribute and disseminate, biological 
materials.
    This is a much more difficult issue in biological than it 
is in nuclear because the biological materials are so 
ubiquitous, and they do not require the same skill level or the 
technology. They can be transported more readily; a mere vial 
of the right pathogen can do enormous damage.
    The second strategy which is peculiar to biologicals is a 
deter-by-being-prepared strategy. In our discussions, including 
some recent discussions within the intelligence community, the 
feeling is that if an adversary, particularly a non-state 
actor, were to get access to the materials for a weapon, they 
would use it fairly quickly.
    Unlike North Korea, which has a strategy of stockpiling the 
nuclear bombs that it's developing because they want to have a 
second-strike capability, a typical non-state terrorist would 
want to use the material quickly, in part because of safety 
concerns, and second, because it fulfills their rationale for 
wanting to use a weapon of mass destruction.
    The adversary would be looking at a number of potential 
targets to use their biological materials. We think that they 
would be inclined to want to use it against the target where 
they felt they would have the greatest consequence, the 
greatest number of casualties. So the degree to which a 
community has prepared itself not only for a terrorist attack, 
but also for an epidemic, such as what we might be dealing with 
this year with swine flu, that preparation is one of the best 
deterrents that a community can have. The issue that you're 
discussing today, lab security, touches on both of those 
strategies.
    Lab security is a fundamental part of preventing weapons of 
mass destruction from falling into the wrong hands. Also, lab 
security procedures play an important role in our continuing 
ability to be creative and innovative in developing the 
vaccines and other pharmaceuticals that will be a key part of 
our ability to reduce the consequences of the use of a 
biological weapon of mass destruction.
    Mr. Chairman, that is sort of the broad framework. I would 
just conclude by mentioning three areas of action. One, the 
need to have an overall strategy of how we're going to deal 
with the biological issue. I testified earlier today where a 
representative of the Government Accountability Office 
presented a report which had the headline of, ``We Do Not Have 
Anyone in Charge of Our Biological Response.'' It's now been 8 
years since the attack that occurred, in part, in this very 
building, was launched. It is inexcusable that we don't have an 
overall strategy, and I think it's incumbent upon the Congress 
to take those steps to demand that the executive branch 
establish such a strategy.
    Second is the international dimension. The title of our 
report was consciously selected. It is: ``World at Risk,'' 
underscoring the fact that this is not a problem that the 
United States can solve in isolation. We've got to see this as 
a global threat. The 2011 conference, and our preparation for 
it, will be key.
    Finally, returning to the three clocks, we don't have an 
indefinite amount of time. This is my assessment, not the 
Commission's. The Commission assessed that, as of December 
2008, there was better than a 50/50 chance that there would be 
a weapon of mass destruction used between that date and the end 
of 2013.
    It would be my assessment today, on the 22nd of September 
of 2009, that the chances of there being a successful use of a 
weapon of mass destruction are greater than they were even last 
December. That is a testimony to the alacrity and the 
commitment of our opponents, our adversaries, to achieve and 
use this technology.
    So, Mr. Chairman, I thank you for the opportunity to share 
these thoughts on behalf of the Commission. I would be pleased 
to answer any questions.
    [The prepared statement of Senator Graham appears as a 
submission for the record.]
    Senator Cardin. Well, again, thank you very much for your 
testimony. It's very, very helpful.
    Dr. Kingsbury.

 STATEMENT OF DR. NANCY KINGSBURY, MANAGING DIRECTOR, APPLIED 
 RESEARCH AND METHODS, UNITED STATES GOVERNMENT ACCOUNTABILITY 
                     OFFICE, WASHINGTON, DC

    Dr. Kingsbury. OK. I'll try to be brief, if I can get my 
microphone on.
    We're very pleased to be here to discuss the report that we 
issued yesterday on the need for a national strategy for high-
containment laboratories in the United States. High-containment 
laboratories have proliferated in recent years. In 2007, we 
reported on several issues associated with the proliferation of 
these labs in the United States, and some of the risk posed by 
bio-safety incidents that occurred in the past.
    The FBI's allegation in August of 2008 that a DOD scientist 
was the sole perpetrator of the 2001 anthrax attacks raised 
additional concerns about the possibility of insider misuse of 
high-containment laboratory facilities, material, and 
technology.
    Highly publicized laboratory errors and controversies about 
where high-containment labs should be located have raised 
questions about whether the governing framework, oversight, and 
standards for bio-safety and bio-security are adequate.
    We have three findings to report. First, since 2001, the 
number of BSL-III and BSL-IV labs in the United States has 
increased, and this expansion has taken place across Federal, 
State, academic, and private sectors. By increase, we have some 
data in our report that would suggest it's more than doubled in 
terms of the numbers.
    Information about the number, location, activities, and 
ownership is available for high-containment labs that are 
registered with CDC's or USDA's select agent programs, but not 
for those outside those outside those programs. The expansion 
that began after the anthrax attacks in 2001 lacked a clear, 
coordinated national strategy.
    Decisions to fund the construction of high-containment labs 
were made by multiple Federal agencies in multiple budget 
cycles. Federal and State agencies, academia, and the private 
sector considered their own individual requirements, but an 
assessment of national needs was lacking. Even now after more 
than 7 years, we were unable to find any projections based on a 
government-initiated strategic evaluation of current and future 
capacity requirements linked to national public health goals, 
or for that matter, weapons of mass destruction goals. Such 
information is needed to ensure that the U.S. will have 
facilities in the right place with the right research 
capabilities.
    Second, no executive or legislative mandate directs any 
Federal agency to track the expansion of all high-containment 
laboratories. Accordingly, no Federal agency knows how many 
such labs exist in the United States, and no single agency is 
responsible for determining, or able to determine, the 
aggregate risks associated with the expansion of these labs. 
Consequently, no Federal agency can determine whether high-
containment lab capacity is now less than, meets, or exceeds 
the national need.
    Finally, four highly publicized bio-safety incidents in 
high-containment laboratories, as well as evidence from 
scientific literature, demonstrate that, while laboratory 
accidents are rare, they do occur, primarily due to human error 
or system failure. One of the incidents we reviewed involved 
the allegations that Dr. Bruce Ivins of DOD was the source of 
the 2001 anthrax attack.
    These allegations highlighted two lessons: first, an ill-
intentioned insider could pose a risk by removing dangerous 
material from a high-containment laboratory; and second, it is 
impossible to have 100 percent effective inventory control of 
biological material with currently available technologies.
    At Ft. Detrick, ineffective procedures for the control of 
inventories and the unrestricted use of lab facilities 
allegedly allowed Dr. Ivins the opportunity to pursue his own 
ends. As the number of high-containment labs increases, there 
will inevitably be an increase in the pool of scientists with 
expertise and, thus, the corresponding risk from insiders is 
likely to increase.
    Taken as a whole, the incidents we reviewed demonstrated 
failures of systems and procedures meant to maintain bio-safety 
in high-containment labs. They revealed the failure to comply 
with regulatory requirements, safety measures that were not 
commensurate with the level of risk to public health posed by 
lab workers and the pathogens in those labs, and the failure to 
fund ongoing facility maintenance and monitoring the 
operational effectiveness of lab physical infrastructure.
    In conclusion, I want to stress that oversight plays a 
critical role in improving bio-safety and ensuring that high-
containment labs comply with regulations. However, some aspects 
of the current oversight programs provided by CDC and USDA are 
dependent upon entities monitoring themselves and reporting 
incidents to Federal regulators.
    Furthermore, personal reliability programs have been 
established since 2001 to counter insider risks, but their 
cost-effectiveness and programmatic impact has not been 
evaluated. We would note that the incident at Ft. Detrick is 
the only known incident of insider behavior.
    If an agency were tasked or a mechanism were established 
with the purpose of overseeing the expansion of high-
containment labs, it could develop a strategic plan to ensure 
that the number and capabilities of potentially dangerous high-
containment labs are no greater or less than necessary, it 
could balance the risks and benefits of expanding such labs, 
and it could determine the type of oversight needed.
    To address these issues, we recommended that the National 
Security Advisor, in consultation with the Secretaries of 
Health and Human Services, Agriculture, Defense, and Homeland 
Security, along with the National Intelligence Council and 
other executive departments as appropriate, identify a single 
entity charged with periodic strategic evaluation of high-
containment labs that will determine the number, location, and 
mission of the laboratories needed to effectively meet national 
goals to counter bio-threats, the existing laboratory capacity 
within the United States, the aggregate risks associated with 
the laboratories' expansion, and the type of oversight needed.
    It would also develop, in consultation with the scientific 
community, national standards for the design, construction, 
commissioning, and operation of high-containment laboratories, 
specifically and importantly including provisions for long-term 
maintenance.
    We also recommend that the Secretaries of HHS and 
Agriculture develop a clear definition of exposure to select 
agents. The voluntary reports that come back from labs 
obviously demonstrate that there is some confusion about that 
issue. They can also develop a mechanism for sharing lessons 
learned from reported laboratory accidents so that best 
practices for other operators of high-containment laboratories 
can be identified.
    Recognizing that biological agent inventories cannot be 
completely controlled at present, we also recommended that the 
Secretaries of HHS and Agriculture review existing inventory 
control systems and invest in, and develop, appropriate 
technologies to minimize the potential for the insider misuse 
of biologic agents.
    Finally, should the Secretaries consider implementing a 
more stringent personnel reliability program for high-
containment laboratory employees to deal with insider risk, we 
recommend that they evaluate and document the cost-
effectiveness and programmatic impact of such a program. In an 
earlier hearing today, a representative of the American Society 
for Microbiologists emphasized quite a bit the need to balance 
the security factors and the ability for researchers to do 
their work.
    Mr. Chairman, that's my prepared statement and I'll be 
happy to answer your questions.
    [The prepared statement of Dr. Kingsbury appears as a 
submission for the record.]
    Senator Cardin. That's very helpful. Thank you very much.
    Mr. Greenberger.

 STATEMENT OF MICHAEL GREENBERGER, DIRECTOR, CENTER FOR HEALTH 
   AND HOMELAND SECURITY, UNIVERSITY OF MARYLAND, BALTIMORE 
                         BALTIMORE, MD

    Mr. Greenberger. Thank you, Chairman Cardin. And I want to 
congratulate you and the Subcommittee for holding this hearing 
today. If we've learned any lesson from our National security 
perspective, and maybe even from our financial perspective, is 
that when you don't pay attention to issues we tend to get 
banged in the side of the head. You can go all the way back to 
the Great Depression and Pearl Harbor or you can look at the 9/
11 attacks or the anthrax attacks.
    I know the Senate's docket is very, very busy, and I know 
that, for example, Ranking Member Kyl is understandably 
preoccupied with health reform, and you've got global warming, 
reform of the Financial Regulatory System, and a host of 
international relations issues, Afghanistan probably being at 
the top. But I think your Subcommittee's wisdom in looking at 
an issue that can come back to bite us big-time is to be 
congratulated.
    I have had the fortune, as the Director of the Center for 
Health and Homeland Security at the University of Maryland, of 
working with medical researchers at the School of Medicine and 
their collaborative, the Mid-Atlantic Regional Center of 
Excellence, which deals with bio-defense and emerging 
infectious diseases issues.
    Let me say in the first instance, the money that is being 
spent by the Federal Government for this research is money that 
is well spent. We only have to look at the fact that we are 
going to have an H1N1 vaccine in October. When things go well 
we don't tend to congratulate people. The fact that that 
vaccine is available, given scientific and commercial problems 
in the vaccine industry, is nothing more than a minor miracle 
and shows what scientific research can do to be of assistance 
to the United States.
    However, the anthrax episode at Ft. Detrick demonstrates 
that, imbedded within all of that good work can be very 
dangerous activity. It is a high irony that the anthrax episode 
of 2001 was the principal motivator for all of this research, 
and then we found out a year ago that the researchers may have 
been the problem of the anthrax incident itself.
    Now, let me say, I have studied the Ft. Detrick situation. 
I'm not at all convinced that Dr. Ivins is necessarily the 
perpetrator, and I think it was unfortunate that, after his 
suicide, blame was heaped upon him. But I am convinced, based 
on the DNA evidence that was done, that the source of the 
anthrax emanated from a flask at Ft. Detrick. Somebody got 
access to that information.
    And while Senator Graham makes the excellent point that we 
have to worry about outsiders doing damage to us, this provokes 
the classic Pogo commentary that ``We have found the enemy and 
he is us''. It was an insider, one of our researchers, that 
perpetrated maybe the third serious terrorist attack on the 
United States that got access to that flask.
    I think we have, in our testimony to you today, made six 
recommendations. I think there is a consensus here: you must 
have somebody in charge of this situation. I would take some--I 
would quibble somewhat with the DOD's testimony today. I think 
having an interagency task force do this is a big mistake. I 
think putting it in the National Security Council is a big 
mistake.
    If there were a spill, or the stealth of, say, Ebola 
bacteria from a laboratory, somebody in Congress would right 
away want to know, what has happened? I think what we've 
learned today is, we wouldn't know which of the 15 different 
agencies in the Federal Government to call up here, and we all 
know the difficulty of getting the National Security Advisor up 
here. No blame to the National Security Advisor, but he has a 
lot of things on his plate. There must be somebody in the 
Federal Government that assumes overall responsibility.
    The BSL labs, unlike any professional institution, are not 
required to be accredited. Right now, my own law school is 
worried about an accreditation process that is going to happen 
over a year from now. That is forcing our school, medical 
schools, all kinds of institutions who have to be accredited to 
do the most thorough self-evaluation to meet that 
accreditation.
    The single regulator must set up an accrediting process. 
We've heard that there's 1-year inspections, some inspections, 
what have you. But the four big episodes that are identified as 
the cause of our concern, starting with anthrax and some of the 
other universities, were people reporting to a regulator a 
problem, not the fact that the inspectors found the problem. 
You have to have a system that goes through an accreditation 
process.
    Also, what has been said today, we agree with: mishaps at 
the laboratories are not promptly and fully reported to the 
Federal Government, and even worse, the experience from those 
mishaps is not sent out to the other laboratories as a 
``lessons learned'' modality. It's a very incomplete process 
and it's a very slow process, and again, a single overseer 
could fix that problem.
    The final thing that's been talked about today that I think 
is very important, you have military laboratories on one 
extreme and university laboratories on another extreme. It is 
impossible--and I was pleased to see the Department of Defense 
advocate--to apply military precision and security to a 
university laboratory, not just because you don't have the 
resources, but most medical researchers at universities would 
say that there is an element of the openness of those labs that 
would be defeated by a super-security process.
    I think many people have testified, some of the committees 
that have issued reports today have testified, that you can 
reach the security goals here without developing a full 
military security apparatus, and not using some of the 
techniques like psychological testing of researchers and other 
things that would only hinder being able to bring the best 
researchers to the table.
    I've cited the University of Maryland, Baltimore. They 
supervise 1,500 laboratories, some of them are BSL 
laboratories. They use guidelines that have been developed by 
CDC and NIH. They are very serious about the work they do. 
Those guidelines can be applied institution to institution to 
assure safety and security. There has never been a leak or 
stolen materials from the BSL. That's the next-highest secure 
laboratory at the University of Maryland. Through a single 
regulator, accreditation, the use of the best practices within 
university industries, we can have the best of both worlds: 
good science and good security.
    Thank you.
    [The prepared statement of Mr. Greenberger appears as a 
submission for the record.]
    Senator Cardin. Well, thank you very much. In fact, thank 
all three of you. It's a pretty direct presentation of the risk 
factors that we confront. Senator Graham, I think it's very 
sobering, your predictions that your Commission came up with, 
the vulnerability of the United States to weapons of mass 
destruction, and most likely the biological being the more 
likely vulnerability. It puts additional attention on the 
subject that we have here today, which is the security of our 
containment labs.
    You all are raising the same point. You're saying we need 
to have a coordinated strategy. That is one of the points that, 
Senator Graham, you pointed out that is missing, an overall 
strategy. It's difficult for us to look at who is responsible 
on biological containment labs' security when there's 15 
agencies involved and they each have different 
responsibilities.
    Quite frankly, some of these labs are dealing with a lot of 
agents that are not a particular interest, or they're important 
to keep control over them, don't get me wrong, but they're not 
going to fall into the category that you are concerned about, 
Senator, about being used as a weapon of mass destruction.
    That's why I thought one of the recommendations I believe 
that your Commission has made that I found very helpful is to 
have tiers of interest in regards to the agents, the pathogens 
that are of the most concern, tier one, would be categorized in 
that way so it would get the special attention. Then you could 
do what Mr. Greenberger is suggesting as far as being able to 
trace those types of agents.
    At the same time, I am concerned with the point that Dr. 
Kingsbury raised about, how do you do this in a climate that 
allows the type of collaboration among our universities and 
private entities and international partners that are going to 
be important for the type of academic work necessary to prepare 
us, as you pointed out, so that we are prepared to deal with 
the risks that are out there.
    So let me start off with that recommendation on the tiering 
of the pathogens. The previous panel seemed also to support 
that type of concept. You indicate you might be able to limit 
to eight--at least that's what I thought I saw in the 
Commission's report. Is that a reasonable number that you think 
would end up in tier one? And what is your criteria for tier 
one?
    Senator Graham. Mr. Chairman, the criteria for inclusion in 
tier one are those pathogens that are the most deadly and the 
most readily weaponized. The scientific community that we 
consulted with felt that that might be as few as eight 
pathogens. There are now, I think, over 80 that are on the 
special agent list, so it would be a very focused group of 
pathogens which could have the highest level of security.
    We also propose that there be two other tiers, a tier two 
which would be those pathogens that have great potential, but 
are not at this point as amenable to weaponization as those 
that would be in tier one. They would get the second level of 
review. Then tier three would be everything else, including 
some items that are of lesser potential threat, but maybe more 
ubiquitously distributed around the world.
    Senator Cardin. And I want to point out, I think we need 
protection on all of the pathogens because it could be 
extremely dangerous for those who are handling it. It may well 
not be suitable as a weapon of mass destruction, but it is an 
agent that requires special attention. We should know where 
they are, how they're being used, and there should be certain 
standardized protections.
    Senator Graham. Yes. I think there is a difference between 
the regulatory pattern for safety, which might be more common 
across those three tiers. As an example, there was a story 
yesterday or today about a scientist at the University of 
Chicago who has died, and there is the possibility that he died 
because he was handling an agent which is generally thought of 
to be relatively mild in terms of its potential. We'll learn 
more about the full circumstances of this gentleman's death.
    But safety is one concern for which there's probably not 
the need or desirability for such high levels of 
stratification, but the security level, we want to be able to 
put our maximum attention on those pathogens that have the 
greatest potential to be converted into weapons.
    Senator Cardin. Dr. Kingsbury, you raised the issue of the 
freedom, academic freedom and the ability to work with your 
colleagues around the world. How do you balance that?
    Dr. Kingsbury. Well, I think it's just a factor that needs 
to be taken into account. With respect to the tiering question, 
while I have a fair amount of sympathy for the importance of 
the security of those highly vulnerable pathogens, I'm not sure 
we know enough about the mix of pathogens in different 
laboratories to have a view yet of whether that kind of 
strategy would actually work. If you're working with anthrax or 
whatever else is on that list of eight, but you're also working 
on something else that's more benign or not likely to--or there 
are treatments for it, and so they're inventing new treatments, 
it's not sure how that relationship would work and I'd just be 
interested in knowing more about it.
    Senator Cardin. I also think we need to know, of all the 
people who registered, how many would have had to have 
registered for tier one if we had a different registration 
system.
    Dr. Kingsbury. Yes.
    Senator Cardin. I don't know if we know that or not, 
because we----
    Dr. Kingsbury. We don't, I don't think. Do we? No. OK. We 
don't.
    Senator Cardin. One of the issues here is budget and 
workload as to----
    Dr. Kingsbury. Oh, sure. Sure. Absolutely. Several months 
ago--a couple of months ago--we issued a report looking at the 
question of the building of the national agro and bio-defense 
facility that the Department of Homeland Security is proposing, 
and there we limited our whole analysis to the issue of foot-
and-mouth disease and whether the Department of Homeland 
Security had adequately demonstrated that foot-and-mouth 
disease, which does not affect humans--OK, so I don't think it 
would be a very good weapon, except economically--whether or 
not the ability to control escape of that pathogen from a lab 
that is built in the middle of the most prolific cow country in 
the country, and we reported, frankly, that we didn't think DHS 
had demonstrated that. It doesn't mean it can't be done, 
perhaps. I have my own concerns about that. But they haven't 
demonstrated it yet, and it's clear they're going to go ahead 
with the decision.
    But we thought focusing on that, because it is economically 
so significant and because the virus is so infectious--it's the 
single most infectious virus on the planet. If it starts 
getting into cattle herds, the cost associated with both the 
trade impact of that event and the cost of cleaning it up is 
really important to think about. There may be special 
circumstances around some of these other select agents that 
might need the same kind of analysis.
    Senator Cardin. Mr. Greenberger, you don't believe the best 
solution is the interagency approach. Do you have a specific 
recommendation as to how the line of responsibility should work 
in this area?
    Mr. Greenberger. Well, I think the two principal agencies 
that have had regulatory responsibility--in other words, DHS 
came before you today and said, effectively, they're 
supervising researchers. They're overseeing their researchers 
in the 42 labs. But the people who have had over-arching 
responsibility are CDC and the Department of Agriculture for 
plants and animals. I think in all candor, you'd have to say 
the record here is that CDC is the superior record. There have 
been problems with the Department of Agriculture. It's own 
Inspector General has identified it.
    This reminds me very much of the Hurricane Katrina problem 
when, after the clean-up of Hurricane Katrina, there was this 
big debate whether the Department of Homeland Security was in 
charge as the then-national response plan indicated, or whether 
HHS, because of the public health factors in the clean-up, 
should be in charge.
    In December 2006, Congress passed the Pandemic and All 
Hazards Preparedness Act, took the responsibility away from DHS 
and gave it to HHS, and created a separate Assistant Secretary 
within HHS to oversee catastrophic public health experiences. 
Now, one thing I would say about that: oversight is very 
important. It took 13 months to get a Director of that agency. 
But I think that that kind of episode--I think this is a public 
health situation. I think you should look to HHS as the 
overriding regulator here. They should be in charge.
    Whether CDC, who's now overloaded with H1N1 problems, has 
enough resources to do this, I don't know, but I would start 
with them. They should be established--they should be the 
single agency setting up standards, both safety standards, 
security standards for all these laboratories, having the 
entire inventory, being responsible for having evidence of 
mishaps, and setting up an accreditation process. And by the 
way, the accreditation process doesn't necessarily have to be 
completely public. You can get the best universities who have 
proven laboratory experience here to be the accrediting 
committees, and change them from time to time.
    As I said, your worry about the tension between security 
and openness, I think, is being met in the vast majority of 
universities who have laboratory issues today. They are 
following NIH/CDC guidelines, they are deadly serious about a 
deadly issue, they have training programs, and they hold their 
researchers accountable. As the National Science Advisory Board 
on Biologics report says, we have to get that culture in the 
good institutions imbedded throughout. The single regulator 
should be the one who does that. It can be done without 
converting universities into military operations.
    Senator Cardin. I think we all agree with that.
    I think, Senator Graham, your report sort of points to 
Department of Homeland Security as the key agency.
    Senator Graham. Our recommendation in this area, Mr. 
Chairman, is on page 29 of our report. It says, ``The 
Department of Health and Human Services, in coordination with 
the Department of Homeland Security, should lead an interagency 
effort to tighten government oversight of high-containment 
laboratories. So our recommendation was that it be interagency 
in nature with the Department of Health and Human Services in 
the lead.
    In addition to the factors that Professor Greenberger has 
just outlined, I would add another: that is, urgency. It would 
be our hope that the Congress would act in sufficient time that 
the administration could show some actual results of your 
actions in terms of standards for high-containment laboratories 
before that 2011 conference.
    We think the United States needs to be in the strongest 
position of leadership before that conference in order to be 
able to have the influence that we think is critical in order 
to strengthen the global network against the proliferation of 
biological material. We must lead by example.
    Senator Cardin. So there is some agreement here between the 
two, HHS. How about the GAO?
    Dr. Kingsbury. Well, if I could add two things. One is, as 
a part of our work on the report that we issued yesterday, we 
did talk to all of the agencies who have an interest in this 
oversight question. All of them told us they didn't feel they 
had the authority to take a leadership role. That's why we 
think there is some action that needs to be taken here. It's 
the lack of authority to direct another agency how to spend its 
appropriations that is the sort of weakness in----
    Senator Cardin. That's our responsibility.
    Dr. Kingsbury. That's your responsibility.
    Senator Cardin. I understand that. That's our 
responsibility to clarify. I'm trying to get the best advice, 
if there is consensus in Congress to give a lead agency, who 
that lead agency should be. It seems like Senator----
    Dr. Kingsbury. Well, for exactly the reasons that Dr. 
Greenberger said, HHS is at least a leading candidate here. I 
would put it at the HHS level, not the CDC level, because of 
NIH and the other places in HHS where these laboratories go.
    Senator Cardin. So let me just get back to Senator Graham, 
then, on what your thought is, using the interagency. But you 
still want the responsibility to be with HHS, if I understand 
correctly?
    Senator Graham. Yes.
    Dr. Kingsbury. If I could offer up one other example. We 
are aware that the United Kingdom has completely centralized 
oversight of these laboratories in an organization called the 
Health and Safety Executive. There were two different--like we 
have with CDC and APHIS, there were two different organizations 
with somewhat different approaches and standards and so forth 
dealing with the animal and plant side, and with the human 
side, and they made a decision, after the outbreak of foot-and-
mouth disease in Pirbright, to centralize all of it in the 
Health and Safety Executive and operate by the same standards.
    Senator Cardin. Senator, as I understood, you're suggesting 
that this type of action would be very helpful for the United 
States to complete prior to going to the review conference?
    Senator Graham. Yes. And I think that the Department of 
HHS, because of the reasons that have been stated, is the one 
most likely to be able to show some quick results of being 
assigned this leadership role.
    Senator Cardin. Let me ask one last question generally of 
whoever wants to respond to it. That is whether it is useful 
for us to pursue a more sophisticated way of doing background 
checks on those who have access to the most dangerous 
pathogens. Mr. Greenberger, you raise a very valid point, that 
the attack on our country, the third most serious, was from 
within and that the person who--at least, one of the--the 
person who has been labeled responsible had certain issues that 
could have been discovered through a background or a review of 
his current situation.
    Is it feasible and the right use of resources to try to 
develop a more sophisticated way to license those who have 
access to the most dangerous pathogens, or are we in an area 
that to do more than is currently being done is probably not 
realistic to expect?
    Mr. Greenberger. If I can take a crack at that. I think 
that the National Science Advisory Board on Biology, which has 
one of the big reports on this, if you read their message 
between the lines, is that the present system for non-military 
facilities, mostly university facilities, has to be fine-tuned. 
Some of it is too stringent. Even as the Department of Defense 
testified today, there are too many foreign nationals that are 
excluded only because they're foreign nationals and not because 
they're a threat to the country, and that's hurting our 
scientific effort.
    Some of the--for example, the Dr. Ivins thing might suggest 
that some of the things the military uses as a screening 
device, which are psychological profiling, might be 
appropriate. I agree with the National Science Advisory 
Committee that that is a mistake. I think, anecdotally, many of 
us have had the experience of people being disqualified from 
national security clearances for unknown reasons for failure of 
the psychological profiling, and I don't think there's a lot of 
confidence in it.
    The National Science Advisory Board, for example, expressly 
says that should not be used for the university system. On the 
other hand, if you have a single regulator establishing 
standards, it certainly would be appropriate to have them 
report on somebody who's been experiencing in the real world 
some kind of psychological difficulty. Now, that's a very 
sensitive issue. It raises all sorts of privacy points.
    But here you have to balance the Nation's security in a Dr. 
Ivins-like situation against privacy concerns. It's a delicate 
balance. But a single regulator, with the advice of an 
interagency consultation and the best private minds, I think, 
can draw up regulations that assure privacy but do the 
reporting so that those kinds of issues do dwell up to the top.
    Right now, in fact, all the building blocks are there. 
They're spread among 15 different agencies. Nobody--even the 
tiering issue, I think, is--I agree that that is a good 
response and it could easily be done, but nobody has been 
assigned the responsibility of doing it. I think all these 
things can be accomplished. You've got to find somebody to take 
charge, given them general guidelines.
    Senator Cardin. Your point is, you would, as part of this 
overall structural change, give HHS the authority to revise or 
change the current structure that's in place where the 
Department of Justice is doing these background checks for 
those that are dealing with agents.
    Mr. Greenberger. Yes. And I think that you can set the 
goals. The general goal is assuring security without 
undercutting private research. You've got the best--the 
National Science Advisory Board has already laid out parameters 
where this fine-tuning can take place.
    Senator Cardin. Do better in some cases, but in some cases 
we're over-restricted.
    Mr. Greenberger. I agree.
    Senator Cardin. Senator Graham.
    Senator Graham. I would agree with Professor Greenberger's 
assessment. I would also say that, of the various ways in which 
the materials for a biological weapon of mass destruction might 
fall into evil hands, such as being produced outside the 
country and brought into the country, or someone driving a 
truck through a fence at a secured facility, or a person on the 
inside turning and becoming a rogue scientist, I think that 
third option is the most likely option. It happens to be the 
only option which has actually been utilized in recent history.
    So I think it's a very important question. I would 
associate myself with the sophisticated recommendation that the 
Professor has made as to how to go about balancing all of those 
interests.
    Senator Cardin. Doctor.
    Dr. Kingsbury. I think we would agree that if you're going 
to do a personnel security program with uniform requirements 
across the whole community, some kind of collaborative way of 
doing it is certainly absolutely needed. But it's not going to 
come cheap. As you well know, the government is facing 
considerable budgetary pressure these days. I would not want to 
think about that personnel security program in complete 
isolation.
    I think there is not a lot of evidence about its being 
successful in what it sets out to do. The case at Ft. Detrick 
is the only known case of an insider doing the sorts of things 
that he did. Yet, there are, what, 1,600 of these laboratories 
around the country. So whether you want to get into the 
business of doing that without, as we recommend in our report, 
looking at what the costs are going to be, looking at what the 
benefits are going to be and evaluating it--we are aware, for 
example, of a case at the University of Texas at Austin where 
they are trying to hire a couple of very high-end scientists 
from Brazil, and they're having to wait 18 months. They haven't 
been cleared to come into the country even, let alone to work 
at the laboratory. So all those issues need to be worked 
through with the scientific community.
    Senator Cardin. I don't think we're going to be able to 
resolve the problems of people getting visas to come to America 
at this hearing.
    Dr. Kingsbury. Probably not.
    Senator Cardin. But I think you raise a very valid point on 
cost. My point is this. I think what Professor Greenberger is 
saying is that we might be able to get savings by doing this 
more efficiently than we we're doing it today and that, if we 
have a tier approach, there may well be a less costly way to 
deal with the majority of people that are dealing with 
pathogens at our labs or the type of lab they're dealing with, 
the type of work that they're dealing with, that there should 
be more sophistication in the way that we go about doing it.
    I expect, if HHS had the authority, they could then have 
more impact on DOJ, if that's the agency that's actually going 
to be doing the reviews for the process, and they may be able 
to avoid some of the time delays that we have. At least, I 
would hope that would be part of the game plan that would be 
developed.
    But I must tell you, someone who is dealing with anthrax 
and the potential danger that that can cause, the potential 
risk factor of a weapon of mass destruction, it seems to me 
that we have a responsibility to the public that someone who 
could have access to remove anthrax from a lab, that that 
person is scrutinized at a much higher level, including their 
psychological make-up, so that we do protect the public from 
that type of attack that we had here in the U.S. Senate and in 
our country.
    With that, let me thank all three of you for adding to this 
discussion. As I said at the beginning, there are other 
committees that are interested in this subject, and we do 
expect that the Congress is going to want to continue this 
effort. I thank all three of you for your contribution.
    Senator Graham, the work of your Commission, which was, as 
you pointed out, set up by Congress, is a valued part of our 
process. There's been a lot of discussion about it among your 
former colleagues, so we appreciate your continued contribution 
to this very important debate, and we look forward to this 
continued dialog with all three of you as we try to get this 
right for the sake of our National security and the safety of 
Americans.
    With that, the Subcommittee will keep the record open for 1 
week for questions that members of the Committee might wish to 
pose. With that, the Subcommittee will stand adjourned.
    [Whereupon, at 4:32 p.m. the Committee was adjourned.]
    [Submissions for the record follow.]
    [GRAPHIC] [TIFF OMITTED] 55644.001
    
    [GRAPHIC] [TIFF OMITTED] 55644.002
    
    [GRAPHIC] [TIFF OMITTED] 55644.003
    
    [GRAPHIC] [TIFF OMITTED] 55644.004
    
    [GRAPHIC] [TIFF OMITTED] 55644.005
    
    [GRAPHIC] [TIFF OMITTED] 55644.006
    
    [GRAPHIC] [TIFF OMITTED] 55644.007
    
    [GRAPHIC] [TIFF OMITTED] 55644.008
    
    [GRAPHIC] [TIFF OMITTED] 55644.009
    
    [GRAPHIC] [TIFF OMITTED] 55644.010
    
    [GRAPHIC] [TIFF OMITTED] 55644.011
    
    [GRAPHIC] [TIFF OMITTED] 55644.012
    
    [GRAPHIC] [TIFF OMITTED] 55644.013
    
    [GRAPHIC] [TIFF OMITTED] 55644.014
    
    [GRAPHIC] [TIFF OMITTED] 55644.015
    
    [GRAPHIC] [TIFF OMITTED] 55644.016
    
    [GRAPHIC] [TIFF OMITTED] 55644.017
    
    [GRAPHIC] [TIFF OMITTED] 55644.018
    
    [GRAPHIC] [TIFF OMITTED] 55644.019
    
    [GRAPHIC] [TIFF OMITTED] 55644.020
    
    [GRAPHIC] [TIFF OMITTED] 55644.021
    
    [GRAPHIC] [TIFF OMITTED] 55644.022
    
    [GRAPHIC] [TIFF OMITTED] 55644.023
    
    [GRAPHIC] [TIFF OMITTED] 55644.024
    
    [GRAPHIC] [TIFF OMITTED] 55644.025
    
    [GRAPHIC] [TIFF OMITTED] 55644.026
    
    [GRAPHIC] [TIFF OMITTED] 55644.027
    
    [GRAPHIC] [TIFF OMITTED] 55644.028
    
    [GRAPHIC] [TIFF OMITTED] 55644.029
    
    [GRAPHIC] [TIFF OMITTED] 55644.030
    
    [GRAPHIC] [TIFF OMITTED] 55644.031
    
    [GRAPHIC] [TIFF OMITTED] 55644.032
    
    [GRAPHIC] [TIFF OMITTED] 55644.033
    
    [GRAPHIC] [TIFF OMITTED] 55644.034
    
    [GRAPHIC] [TIFF OMITTED] 55644.035
    
    [GRAPHIC] [TIFF OMITTED] 55644.036
    
    [GRAPHIC] [TIFF OMITTED] 55644.037
    
    [GRAPHIC] [TIFF OMITTED] 55644.038
    
    [GRAPHIC] [TIFF OMITTED] 55644.039
    
    [GRAPHIC] [TIFF OMITTED] 55644.040
    
    [GRAPHIC] [TIFF OMITTED] 55644.041
    
    [GRAPHIC] [TIFF OMITTED] 55644.042
    
    [GRAPHIC] [TIFF OMITTED] 55644.043
    
    [GRAPHIC] [TIFF OMITTED] 55644.044
    
    [GRAPHIC] [TIFF OMITTED] 55644.045
    
    [GRAPHIC] [TIFF OMITTED] 55644.046
    
    [GRAPHIC] [TIFF OMITTED] 55644.047
    
    [GRAPHIC] [TIFF OMITTED] 55644.048
    
    [GRAPHIC] [TIFF OMITTED] 55644.049
    
    [GRAPHIC] [TIFF OMITTED] 55644.050
    
    [GRAPHIC] [TIFF OMITTED] 55644.051
    
    [GRAPHIC] [TIFF OMITTED] 55644.052
    
    [GRAPHIC] [TIFF OMITTED] 55644.053
    
    [GRAPHIC] [TIFF OMITTED] 55644.054
    
    [GRAPHIC] [TIFF OMITTED] 55644.055
    
    [GRAPHIC] [TIFF OMITTED] 55644.056
    
    [GRAPHIC] [TIFF OMITTED] 55644.057
    
    [GRAPHIC] [TIFF OMITTED] 55644.058
    
    [GRAPHIC] [TIFF OMITTED] 55644.059
    
    [GRAPHIC] [TIFF OMITTED] 55644.060
    
    [GRAPHIC] [TIFF OMITTED] 55644.061
    
    [GRAPHIC] [TIFF OMITTED] 55644.062
    
    [GRAPHIC] [TIFF OMITTED] 55644.063
    
    [GRAPHIC] [TIFF OMITTED] 55644.064
    
    [GRAPHIC] [TIFF OMITTED] 55644.065
    
    [GRAPHIC] [TIFF OMITTED] 55644.066