Armed Conflict Cybersecurity & Tech

Department of Defense Report Finds Laboratory Safety and Security Deficiencies

Matt Gluck
Thursday, August 6, 2020, 10:58 AM

A 2016 Department of Defense report identified several deficiencies in biosafety and biosecurity policies and procedures in Defense Department laboratories. A recent follow-up report found that some problems persist.

National Guard soldiers review safety procedures after conducting an inspection of a simulated anthrax laboratory. (Source: Sgt. Betty Boyce, Oregon Military Department of Public Affairs,; CC BY 2.0,

Published by The Lawfare Institute
in Cooperation With

The coronavirus pandemic has illustrated the devastating public health and political consequences pathogens can cause. As of August 6, the novel coronavirus has killed 708,469 people, pushed public health systems around the world beyond their limits, and caused catastrophic and lasting damage to the global economy.

As scientists and national security practitioners rightly focus on pandemic response and preparation, one other means of pathogen transmission often goes overlooked: sloppiness at biology research labs.

Laboratory safety and security may not appear to be a pressing national security concern. But recent safety lapses at Department of Defense and Centers for Disease Control and Prevention (CDC) laboratories have seriously endangered biological researchers in the U.S. and abroad. In 2015, for example, a Defense Department research facility sent live anthrax to nearly 200 labs across the United States and around the world, exposing researchers to a deadly pathogen.

A recent Defense Department Office of Inspector General report found that the department has not fixed several safety and security issues that leave its labs vulnerable to repeating dangerous incidents akin to the 2015 anthrax mishap.


By their nature, many research laboratories must handle fatal pathogens. Labs need to use pathogens in research to understand biological threats and to develop diagnostics and medical countermeasures to respond to them.

But without adequate precautions and oversight, the study of infectious diseases itself has the potential to cause significant harm. The United States has experienced its share of problematic incidents in its biological agent research over the past 20 years.

Following the attacks on Sept. 11, 2001, two U.S. senators and multiple news organizations received anthrax-laced letters, resulting in five deaths and several infections. The FBI concluded that Bruce Ivins, a scientist at the U.S. Army Medical Research Institute of Infectious Diseases (USAMRIID), intentionally sent the deadly letters. However, Ivins and his lawyers have denied his role in the attack, and government reports have cast doubt on the credibility of the FBI’s investigation. In 2014, employees at a CDC laboratory in Atlanta, Georgia, inadvertently distributed deadly pathogens to other CDC laboratories, exposing up to 84 workers to live anthrax. That same year, vials of variola, the virus that causes smallpox, were found at a former Food and Drug Administration lab on the National Institutes of Health campus in Bethesda, Maryland.

Most recently, a Defense Department biodefense facility in 2015 sent live samples of the bacterium that causes anthrax to Defense Department facilities around the country. The Dugway laboratory was involved in a program that was developing a biological test to identify pathogen-related threats to the United States. As part of this program, the lab was supposed to send inactivated anthrax samples to participating laboratories. However, the Dugway facility failed to irradiate the samples before sending them to the other labs, allowing the anthrax samples to retain some of their harmful bacteria and exposing government researchers to the potentially fatal components of this pathogen.

The Defense Department found that the Dugway facility had sent live anthrax samples to 194 laboratories in every U.S. state and nine other countries. A Defense Department review determined that department personnel did not violate any protocols in their shipment of live anthrax from the Dugway facility. However, the review identified deficiencies in the protocols relating to the production of inactive samples.

Although none of these lab incidents resulted in any infections, these and other biosafety and biosecurity lapses have prompted the federal government to bolster oversight and establish safety measures relating to biological select agents and toxins (BSAT) research.

After the 2001 anthrax attacks, Congress passed the USA Patriot Act and the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, both of which require the Department of Health and Human Services (HHS) and the Department of Agriculture (USDA) to publish regulatory measures governing the management and transfer of select biological and chemical agents. And in 2009 and 2010, Presidents Bush and Obama issued Executive Orders 13486 and 13456, respectively, establishing a working group to evaluate biosecurity policies concerning select agents. The orders also instructed HHS and the USDA to divide select agents used by the government into tiers based on the severity of potential harm caused by their misuse.

In 2015, after the Dugway facility shipped out live anthrax, the Defense Department reviewed its safety precautions relative to its generation and use of live anthrax. And in 2016, the Department of Defense Office of Inspector General conducted an assessment of the department’s biological safety and security policies and practices with respect to the use of select agents in labs run by or affiliated with the department. The 2016 investigation began before the Dugway anthrax incident came to light, but that incident informed the 2016 report nonetheless.

The inspector general’s office found that Defense Department BSAT laboratories had “significant deficiencies and vulnerabilities that were not corrected by [Defense Department] management,” and as a result, “the health and safety of the public was put at risk of inadequate protection from exposure to biological pathogens.”

The inspector general’s office cited two primary objectives in undertaking its 2016 biosafety evaluation.

The first goal was to evaluate the implementation of biosafety and biosecurity policies and directives in the Defense Department BSAT-registered laboratories. Second, the inspector general’s office set out to assess the oversight and compliance with government policies and reports at Defense Department labs. The 2016 report found four primary deficiencies and made 13 specific recommendations to improve biosafety and biosecurity in Defense Department BSAT research.

The overarching problem identified by the inspector general’s office was the absence of a single coordinating entity, what it referred to as an “executive agent.” The report explains that an executive agent could effectively direct the management and oversight of Defense Department laboratories conducting BSAT research and ensure the labs’ compliance with governmental policies and regulations. More specifically, the inspector general’s office determined that the laboratories lacked adequate internal and external peer review entities and that deficient coordination among oversight bodies yielded inspections that were inconsistent in their frequency and evaluation standards. Lastly, the report found that inspections of Defense Department BSAT labs did not assess site-specific vulnerabilities.

2020 Department of Defense Report

The objective of the 2020 evaluation was to assess whether the Defense Department implemented the Office of Inspector General’s 2016 recommendations in its five BSAT-registered laboratories.

The inspector general’s office found that the Defense Department laboratories, under the leadership of the secretary of the Army as the executive agent, completely remedied two of the four primary findings and nine of the 13 specific recommendations from the 2016 report.

The department undertook numerous reforms in response to the 2016 report. The deputy secretary of defense named the secretary of the Army the executive agent for the Defense Department BSAT Biosafety and Biosecurity Program, which the inspector general’s office noted improved coordination both within the Defense Department and among other government agencies. Additionally, the Defense Department implemented an external peer review entity to evaluate the biosafety protocols and processes in its select agent labs. The department also established guidance to ensure that inspections considered site-specific factors in addition to general safety policies.

However, the inspector general’s office determined that the Defense Department did not completely correct two of the problematic areas: deficiencies in peer review structures, and compliance with relevant policies and regulations. Specifically, the report determined that the Defense Department failed to fully comply with four recommendations from the 2016 report.

The report makes three new recommendations based on those shortcomings.

First, the inspector general’s office determined that while the BSAT Biorisk Program Office (BBPO) established an external technical and scientific peer review body, it did not establish an internal peer review entity. The 2016 report had contended that technical and scientific internal and external peer review bodies could have played a role in preventing the Defense Department’s 2015 inadvertent shipment of live anthrax. And that report recommended that Defense establish internal and external peer review bodies. Defense Department management agreed with that recommendation and detailed plans to establish these review bodies in Defense Department Directive 5101.20E.

The directive required the “[e]stablish[ment of] a government-only scientific peer review panel to conduct an initial technical review, and subsequent periodic reviews, of biosafety protocols and procedures and biosecurity policies and procedures across DoD laboratories that handle BSAT.” Further, the order required the inclusion of both Defense Department and non-Defense representation on the review bodies “whenever possible.”

The 2020 report notes that while the peer review system examining the Defense Department laboratories contains individuals inside and outside of the department, the reviewing entity itself “exists outside of the laboratories and does not meet the purpose of or need for an internal committee within each individual laboratory.” Why is this a problem? The report explains that external reviews provide only a broader, department-level assessment, while internal peer reviews would protect against biosafety and biosecurity risks within the laboratories.

Second, the inspector general’s office found that Defense Department BSAT laboratories lacked effective and standardized oversight, including the failure to record more than 100 deficiencies identified during inspections. This inconsistent and ineffectual supervision failed to adhere to Directive 5101.20E—which orders standardized oversight.

The report states that while the Army inspector general conducted substantive oversight of Defense Department laboratories, the BSAT Biorisk Program Office failed to fulfill its role as an oversight body under the direction of the executive agent responsible official. Several individuals affiliated with the Defense Department’s BSAT Biosafety and Biosecurity Program told the inspector general’s office that the BBPO’s role as an oversight entity was not clear. Some claimed that they knew the BBPO was formerly an oversight body but that, in practice, it fulfilled more of an advisory role. One BBPO official acknowledged that certain laboratories understood the BBPO to be a regulatory agency rather than an oversight entity. Further, the report found that BBPO officials failed to record a significant number of lab inspection results in its database: Of the 226 deficiencies in BSAT laboratories identified by the Army inspector general and the CDC, the BBPO’s database included only 125.

The report asserts that this defective oversight structure meant that the Defense Department’s BSAT Biosafety and Biosecurity Program couldn’t foster standardization among the several laboratories, as directed by Executive Order 13456. Per the inspector general’s office, this lack of coordination does not allow for the “consistent and timely identification of and resolution of BSAT security and compliance issues” or the “information sharing among departments and agencies regarding ongoing oversight and inspection activities,” as outlined in that executive order.

Finally, the report found that the Army inspector general did not implement appropriate training for inspectors of BSAT-registered laboratories, resulting in inadequate expertise among the inspectors. Although Defense Department Directive 5101.20E and Army Directive 2016-24 both require the establishment of inspection programs, neither mandates training for BSAT laboratory inspectors and subject matter experts that supplement the inspection teams. So, inspectors evaluating Defense Department BSAT research practices did not receive BSAT-specific training. As a result, multiple inspectors conducted assessments that were not in accordance with Defense Department BSAT policies. Some inspectors cited “best practices” instead of Defense Department criteria in their identification of deficiencies in the laboratories. This subjective evaluation method yielded inconsistent inspections, as inspectors cited different best practices. It also caused laboratories to expend resources making unnecessary changes to remedy practices that may not have violated department criteria.

What’s Next?

Government officials largely agreed with the three recommendations made in the 2020 report and pledged to implement changes to rectify the deficiencies. To address the first recommendation, the acting assistant secretary of defense agreed to establish a requirement for Defense Department laboratories to institute technical and scientific internal peer review entities to assess biosafety and biosecurity policies and procedures.

With respect to the second recommendation, the surgeon general of the Army has developed a plan to ensure standardized oversight of Defense Department BSAT-registered laboratories and the tracking of all results from inspections. The executive agent responsible official and a BBPO official have begun meeting with the BSAT laboratories and will issue formal statements by Aug. 31, specifying their oversight role. BBPO has also established and implemented a new Staff Assistance Visit Program to improve oversight at BSAT laboratories.

Finally, the Department of the Army inspector general agreed to institute BSAT biosafety and biosecurity training requirements for technical inspectors and subject matter experts. The training will include an explanation of the BSAT program and a review of relevant Defense Department and BSAT regulations.

The Defense Department Office of Inspector General determined that the recommendations concerning the establishment of an internal peer review entity and the standardization of oversight from the 2020 report have been “resolved” (there are established plans for corrective action, but the plans have not yet been implemented) and that the recommendation regarding inspector training has been “closed” (corrective actions have been taken). The report requested updates within 90 days from those agencies implementing changes so that the inspector general’s office can review whether the recommendation should be closed.

Matt Gluck is a research fellow at Lawfare. He holds a BA in government from Dartmouth College.

Subscribe to Lawfare