The events of September 11, 2001, focused the nation’s and the world’s attention on terrorism and the threat of future terrorist acts. While the use of “weapons of mass destruction” by international terrorist organizations remains a potential threat, in our opinion this is not the major risk to food systems or to the public at large. Biological weapons of mass destruction such as anthrax or other pathogens are relatively difficult to stabilize, transport, and effectively disseminate on a large scale. Simpler, and therefore, we believe, more likely, are limited or individual attacks using common foodborne bacterial or zoonotic agents.
Zoonotics are causes of animal diseases, such as anthrax (Bacillus anthracis), plague (Yersinia pestis), and rabbit fever (Franciscella tularensis), that can be transmitted to humans. An attack employing these agents could be perpetrated by groups with limited resources. As seen with the anthrax “mail bombs,” even limited small-scale terrorist activities can rapidly saturate the emergency response and medical facilities of a community.
As all of us are aware from our experience in the food industry, the threat of tampering with food using harmless materials can be as effective as a real attack. Simply claiming that a product has been purposely contaminated is sufficient to precipitate an extensive product recall with the associated adverse publicity and economic loss.
The resultant adverse economic impact would also have devastating effects. Should we panic? No, but we should recognize the risk, keep it in perspective, and take reasonable preventive measures. This article will focus on anti-terrorist efforts applicable to farms and food processing facilities, although other types of facilities may be able to adapt and employ the strategies we describe here.
Terrorism and Terrorists
Motivation for terrorist attacks on the food industry can range from economic (financially impacting a specific commercial entity or industry segment) to political (making a “statement,” influencing the outcome of an election, or forcing a particular political outcome) to malicious mischief (the infamous “copy-catter”).
Specific attacks range from false statements or accusations to overt acts designed to destroy property, information and communication systems, crops, animals, and people. Product tampering (real or hoaxes) and vandalism have proven to be particularly “productive” in terms of perpetrator notoriety and economic damage to targets.
The agriculture/food/fiber production and processing industries are particularly vulnerable targets of bioterrorism. There seems to be no segment within these industries immune to attack. There are groups violently opposed to the development of natural resources, the “imprisonment and exploitation” of animals, and the use of meat and fur. Others target those using or developing genetically modified organisms.
Specific targets include primary producers, processors, distributors, retailers, shareholders, consumers, vendors/suppliers, and researchers. Corporations, in particular, are considered by most terrorist groups to be nonstate and/or metastate entities and therefore legitimate targets of aggression. Universities are culpable by their association with private corporations or associated corporate foundations. Government research facilities can be targeted as a political “statement” against an unpopular government policy, or for failure to take certain types of political or legislative action which would further the causes of the terrorist group.
--- PAGE BREAK ---
Developing a Plan
Preventive measures against agricultural and food terrorism must be determined on a case-by-case basis. Each company or organization should evaluate the unique situation at each of its locations and develop a sensible approach for managing risk. Critical factors in developing these preventive measures will include evaluating specific hazards, determining relative risk, and evaluating economic realities. There is a strong parallel in developing a preventive strategy for a terrorist attack and the elements of a Hazard Analysis Critical Control Point (HACCP) plan. The emphasis here, as with HACCP, is placed on preventive rather than reactive measures.
Initially, a company or organization should complete an analysis of its facilities and operations to identify significant hazards and potential exposure and evaluate the risks of an occurrence. This analysis should not be limited to just the production facility nor at peak operations, but should include the entire scope of operations including physical plant, research center, or farm or ancillary site security. Since it will probably be impossible to eliminate all hazards, a reasonable procedure must be instituted to manage them.
Therefore, the best strategy is to develop preventive or risk-control measures which would reduce or eliminate any significant risk. As part of this, you should determine points in your operation which are critical for controlling the security risks you have identified and establish a monitoring procedure for these risk-control points. Appropriate and effective documentation protocols should be established, along with protocols for verification of the effectiveness of the preventive and risk-control measures in the plan.
Here are suggested steps for developing a security plan based on HACCP principles:
1. Evaluate significant food security hazards and evaluate the likelihood of these risks.
2. Develop and institute preventive or risk control measures to reduce hazards.
3. Determine the points in you operation which are critical for managing a specific risk. These could be locations, processes, functions, or times when your operation is at greatest risk.
4. Develop monitoring procedures for each critical point. Monitoring is a systematic periodic activity to ensure that critical controls are in place and have not been breached or compromised in any way. These should be in writing. Test to see that your monitoring procedures are working and “workable” for your organization.
5. Develop a procedure similar to a corrective-action program under HACCP to fix security problems or failures that occur if a critical control has been breached or compromised. Ensure that problems are fixed. Revise your plan, including changes to the critical controls and/or monitoring procedures, to reduce the likelihood that a similar breach would happen again. Retest your risk-monitoring procedures.
6. Verify or test your security program periodically to ensure that it works. Have your program written as a confidential protocol. Revising the written protocol when your operations or any key features of it change is vital. A change in operations may introduce or remove hazards and require that your plan be revised.
--- PAGE BREAK ---
Making It Work
The key to a successful program is vigilance by management and all employees. Training is a must. A clear standard operating procedure must be developed and followed for day-to-day operations, for suspicious incidents or individuals, and for actual attacks. The problems arising from an actual attack would be similar to what may already be in a crisis management plan. If product safety is at issue, recall procedures would need to be followed. Further, individual farms, companies, or research institutions should periodically test their programs using exercises and drills.
Where do you start with safeguarding your organization, and how far do you go? There is no simple answer to this question, and cost is often the controlling factor, since it is impossible physically and financially to guard against every eventuality. A farmer might well require certifications from seed, feed, livestock, fertilizer, pesticide, and herbicide providers and periodically seek third-party verification. We recommend that a grower avoid stockpiling hazardous materials, keeping the amount on site to a minimum, and secure stores and applicator equipment. We also recommend that bin locks or other tamper-evident devices be placed on feed bins and that security of water-delivery systems be evaluated.
Growers should develop monitoring and tracking protocols for harvests until they are safely transported and stored within a warehouse. To the extent practical, access to croplands and livestock should be controlled and restricted to appropriate personnel. Surveillance equipment is also an option; the cost of such equipment has decreased markedly in recent years. Access to animals at auctions and sales barns should be restricted and direct contact with animals tightly controlled. Consideration should also be given to compartmentalizing livestock operations, improving hand washing/sanitation facilities, changing facilities, and equipment cleaning operations when animals are to be transported between two locations, and requiring foot and vehicle sanitation dips at critical access points as ways of controlling a spread of disease.
Food processors should request letters of guarantee from their suppliers and require protected transportation of ingredients. Revisit inspection programs for incoming ingredients. Also ensure, as part of your recall program, that you can track the use of any specific lot of an ingredient from receipt through production to final product and distribution.
Additional preventive measures involve ensuring the safety and security of the water supply. Even if water is from a municipal source, ensuring the integrity of this supply falls on the production facility. Consider checking your water more frequently regardless of its source.
Controls during distribution and transit are important. Preventive or risk control measures could include expanded use of tamper-proof or tamper-evident seals on containers, with enroute monitoring. The seal numbers should be communicated electronically, with the numbers and seal integrity verified upon receipt. Offloading should be conducted under controlled conditions, with periodic testing a must. The integrity of finished conproducts should be controlled during storage and distribution. Where appropriate, tamper-evident packaging at the wholesale or distributor level may be advised.
Employee and contractor screening will become increasingly important. We recommend that both criminal background and credit checks be conducted as a condition of employment and that contractors who have relatively open access to the facility, such as outside cleaning crews and pest inspectors, be held to the same standards. Ensure that employee and contractor rosters, job, and shift assignments are current. We recommend that all employees/contractors wear photo IDs while on the job. We also recommend increased surveillance of contractors on the job. En sure that you can account for all keys, and that keys are marked “do not duplicate.”
--- PAGE BREAK ---
A further recommendation is that job functions within a facility be compartmentalized. This will mean restricting access to any specific areas of the plant to only the individuals who need to be there. This could be done through the use of color-coded badges. Controlling access is particularly critical for operations processing ready-to-eat food products. Under proper good manufacturing practice procedures, no personal items such as lunches, purses, etc., should be permitted in the processing area.
Access to processing areas by visitors (including truckers and delivery people) and employees should be strictly controlled, both within the plant and between different areas of the plant. Individuals purporting to be inspectors should provide appropriate identification and be vetted by backup procedures. Such individuals should be escorted at all times within the plant.
Stricter control of parking at the facility may need to be instituted, including parking permits and vehicle registration. Enclosing the parking area, increased security, or vehicle inspection may become necessary based on prior experience or risk.
Employees should be made aware of their responsibilities to stay alert for and report suspicious activities, objects, and persons at their workplace or at home. This will include being vigilant for the presence of unidentified, unattended, or unauthorized vehicles, the presence of containers in or near the facility, and unauthorized access (even to unsecured areas) by unidentified persons or employees who have no apparent reason to be there. Also, employees should be trained to look for signs of sabotage or tampering of equipment, removal of or tampering with product or worker safety features of equipment, or signs of attempted unauthorized access to a facility or equipment.
In light of recent developments, it is prudent to have procedures in place for handling shipments to the facility, including suspicious packages and mail.
Companies are required to have emergency evacuation plans in place. But when was the last time you tested it? Management should file a copy of the company’s safety and emergency procedures with the local municipal planning department and with emergency-response agencies. However, these entities must be required to safeguard these documents and be prohibited from releasing these to any parties without your knowledge and consent. Another option is to keep a copy of the evacuation plan and plant layout in a locked and sealed container outside the facility in case access is limited in an emergency.
Research institutions should also implement similar safeguards, including controlled access to laboratories, test plots, and supporting infrastructure. Increased security of, and access to, hazardous materials is advised. This would include locked access to dangerous biological materials or chemicals. A review of handling procedures for cleaning materials, solvents, acids, bases, paints, pesticides, and water-treatment and other chemicals used within a facility should be reviewed, and access, handling, and storage procedures revisited. Access to quality control laboratories in industry should be restricted to lab personnel only. Under GMPs, dangerous materials should remain in the lab and not be brought into office or production areas.
--- PAGE BREAK ---
Quality control labs can conduct random testing as a preventive measure against contamination during the processing operation, e.g., testing different portions than are normally sampled, sampling different regions of an animal carcass in addition to those prescribed, or collecting samples at different times or different sampling locations. We also recommend that you contact local or regional food testing or forensic laboratories to learn what their capabilities are and develop a good working relationship with them.
Following the September 11 incidents, the Food and Drug Administration asked major food industry associations to advise their members to review current procedures and markedly increase vigilance. FDA and other government agencies can provide assistance in planning and responding to real or suspected terrorist incidents.
FDA and other food and public health–related agencies have established a Web site called “Countering Bioterrorism and Other Threats to the Food Supply.” The site (www.FoodSafety.gov) features links to sites in government agencies, including FDA’s Center for Food Safety and Applied Nutrition, the Centers for Disease Control and Prevention, the Environmental Protection Agency, the U.S. Dept. of Agriculture’s Food Safety and Inspection Service, and other federal, state and local government agencies.
FDA last month issued two guidance documents that identify the kinds of preventive measures that food producers, processors, transporters, retailers, importers, and filers can take to minimize the risk that food under their control will be subject to tampering or criminal or terrorist actions. The documents—”Food Producers, Processors, Transporters, and Retailers: Food Security Preventive Measures Guidance” and “Importers and Filers: Food Security Preventive Measures Guidance”—are available at www.cfsan.fda.gov/~dms/guidance.html.
If you think your company has been or might be the target of a terrorist attack, seek immediate assistance from your local law enforcement and health/hazardous-materials-handling experts (often the fire department). Additional support can be provided by the Federal Bureau of Investigation (phone 202-324-3000), the U.S. Dept. of Agriculture’s Office of Crisis Planning and Management (877-559-9872 or 202-720-5711), and your state emergency management division. In addition, FDA’s Emergency Operations Office (phone 301-443-1240) is available 24 hr/day to handle safety issues regarding FDA-regulated products.
The Threat Is Real
There is no way to present the full picture of the bioterrorist threat to food production in such a short article, let alone to address the full scope of terrorist threats including cyber, conventional, and economic terrorist acts. Suffice it to say that the threat is real, and these incidents will most likely continue. Individuals, institutions, and companies can become more cognizant of the threat and take steps to reduce the likelihood and impact of any incident. This does not mean that paranoia becomes the preeminent factor in our operations. Quite the contrary, we must keep the risk in perspective and let common sense prevail. Prior planning, training, and established procedures are essential.
The authors thank LeeAnne Jackson, Health Science Policy Advisor, Executive Operations Staff, Center for Food Safety and Applied Nutrition, Food and Drug Administration, for her contributions to this article.
by Gleyn E. Bledsoe and Barbara A. Rasco
The authors are, respectively, Adjunct Professor, Dept. of Biological Systems Engineering, and Associate Professor, Dept. of Food Science and Human Nutrition, Washington State University, Pullman, WA 99164. Send reprint requests to author Rasco.
Edited by Neil H. Mermelstein, Editor