CDC Bioterror Labs Cited for Security Flaws

February 26, 2013

Laboratories at the Centers for Disease Control and Prevention have been repeatedly cited in private government audits for failing to properly secure bioterror agents.

"These weaknesses could have compromised [CDC's] ability to safeguard select agents from accidental or intentional loss and to ensure the safety of individuals," according to a 2010 report by the Department of Health and Human Services' inspector general and reported in USA Today.

The IG probed federal lab security after a scientist at an Army lab was implicated in the anthrax attacks in 2001, says USA Today. The IG also noted problems with CDC lab security in reports from 2009 and 2008, it said.

According to the USA Today report, CDC officials said nobody was endangered because their labs have redundant layers of safety and security to protect employees and the public. When issues arise, they are fixed immediately, said Joseph Henderson, director of the CDC's Office of Safety, Security and Asset Management. "We always take it seriously," he said. "We strive for perfection."

The issues cited in the IG's audits include:

Failing to ensure the physical security of bioterror agents or restrict access to approved individuals. The 2009 report cites coding on electronic cards that allowed overly broad access to approved workers, allowing them wide access to all bioterror research areas, rather than just the specific areas or specimen freezers for their projects. Most of the details in the 2010 report were redacted.
Failing to ensure that those working with and around potential bioterror agents have received required training. The 2010 report says auditors couldn't verify that 10 of 30 employees sampled had the required training. The 2009 report says the labs "did not provide biosafety and security training to 88 of 168 approved individuals" before they were given access to work areas for bioterror agents.
Not ensuring that only approved individuals accepted packages containing potential bioterror agents arriving from other outside labs. The 2010 audit identified six unapproved people — five from a delivery contractor and one security guard — who received and signed for the packages. The 2008 report, which focused on security of arriving packages, also identified issues.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

CDC Bioterror Labs Cited for Security Flaws

Related Articles

Related Products

Report Abusive Comment