At the federal level, the Strategic Partnership Program Agroterrorism (SPPA) has brought together the U.S. Department of Agriculture (USDA), the FDA, the FBI, and the Department of Homeland Security (DHS), plus state and industry officials. They are jointly assessing high-risk points in the food chain and disseminating that information to industry and government officials.
SPPA uses the CARVER + Shock risk-assessment method, which views a target from the perspective of an attacker seeking to inflict maximum harm. Devised by the U.S. Department of Defense, the method breaks a target into segments and considers, per the acronym, its criticality, accessibility, recuperability, vulnerability, effect of loss, and recognizability, to assess the “shock” effect of an attack.
As of early this year, the group had conducted more than 20 product-specific assessments of items deemed vulnerable to terrorist or criminal attack, with a total of 50 assessments planned: 25 will be of products regulated by the USDA, which handles meat, poultry, and dairy products, and 25 will be of packaged food products regulated by the FDA. Results are being made available exclusively to industry and government officials in the field.
There are general attributes that make a product an attractive target and, therefore, a top candidate for an SPPA vulnerability assessment. The attributes are that the product comes in large production volumes, contains numerous ingredients, and can preserve pathogens or foster their growth, explains Kennedy. Another key attribute: the product is rapidly distributed and consumed, especially by a high-risk group such as children, the sick, or the elderly.
Kennedy says SPPA is “turning out to be very effective in identifying specific sections of the food supply chain we’re vulnerable in, identifying those vulnerabilities, and determining what we do next.”
The SPPA program stems from a presidential directive requiring improved public-private collaboration in all sectors of homeland defense. Through trade associations like The American Meat Institute (AMI), The National Pork Producers Council, and the United Egg Producers, as well as through food manufacturers like Kraft and ADM, investigators have identified manufacturing, processing, and shipping sites to evaluate.
Jeffrey Muller, chief of the WMD (Weapons of Mass Destruction) Countermeasures Unit in the FBI’s WMD Directorate, says his agency would reap many benefits from the SPPA process in the event of an investigation. That’s true for all agencies in the partnership; they have developed new contacts both in industry and with government officials at the state level. Through those contacts, these agencies have become familiar with the food manufacturing processes. “To have an idea how the products are made and how the process works is incredibly valuable,” Muller says.
Muller and Donald Kautter, a general research scientist at the FDA, say officials plan to develop a standard, off-the-shelf CARVER + Shock survey that manufacturers can use to assess their own products and processes in conjunction with the SPPA team. That will help the team reach much more of the sector, Kautter says.
Both Muller and Skip Steward, AMI’s vice president for scientific and regulatory affairs, see value in SPPA educating companies about how to protect their own products through basic steps, such as running background checks on employees and restricting access to areas housing ingredients and mixing hoppers.
Separately, in October 2006, DHS launched its Food Agriculture Sector Joint Committee on Research to bring together industry leaders and regulators, both to consider policy and to study potential impacts of attacks. The panel is chaired by Richard Ryan, head of ADM’s Asset Protection Division and a member of ASIS International’s Agriculture and Food Security Council, and includes representatives from states, the USDA, and the FDA.
“Our task is to collate and coordinate food defense research, and we’re seeking input from other food security interests to find out what they need,” Ryan says.
The committee will work with DHS to avoid unintended adverse consequences of security policies, and report to the agency on issues like the impact of attacks that could halt traffic on critical shipping arteries.
In Search of Solutions
In academia, DHS’s national centers of excellence in food security are conducting a broad benchmarking and assessment survey, with the goal of establishing industrywide best practices for food supply- chain security.
The survey-based research, conducted jointly by faculty at the University of Minnesota, Michigan State University, and the Georgia Institute of Technology, has identified key competencies in general supply chain security, including basic physical security and process management.
Researchers are interviewing industry executives and surveying firms throughout the supply chain, says David Closs of Michigan State, the team’s lead researcher. They are focusing on five issues: process strategy, definition of metrics, relationship management with supply-chain partners, service-provider management, and public-interface management.
The research approaches supplychain management from the premise that food producers, shippers, and retailers must consider the security of all their business partners as much as their own. It’s a daunting proposition when a typical food product’s chain can resemble a family tree of 10 different supply steps from farm to processing to storage to shipping and through wholesale to retail.
Metrics. Companies should develop metrics to quantify the strength of security in each segment of a product’s supply chain, and set minimum standards for vendors, says Irvin S. Varkonyi, head of instruction for the Association for Operations Management and an adjunct professor at George Mason University in Fairfax, Virginia. The current research would provide a foundation for those metrics.
Possible supply-chain metrics, Varkonyi says, could include “touches,” or the number of times a product is handled during a step in the supply chain, the number of times vehicles and their locks are inspected annually, and relevant employees’ level of security training. It might also be advisable to set a threshold number for security incidents considered acceptable among supply-chain partners. A contract could stipulate that vendors falling below the benchmark would be terminated.
“What you can’t measure, you can’t control, and these are things you can control, as opposed to saying, ‘I think they’re trying hard.’” Varkonyi says. “It may not be simple, but it lets every stakeholder know where they stand.”
“What we find is that the manufacturers are very concerned about this,” Closs says. By contrast, retailers seem still to focus more on theft, not on securing the supply chain. They don’t see their reputations to be as closely tied to the issue of a contaminated product as the manufacturers do, he says.
Other protocols. Other efforts are focused on how to prevent the distribution of contaminated products by beefing up safety protocols throughout the system, says Kathy Means, a spokeswoman for the Produce Marketing Association (PMA). This year the PMA plans to issue a set of production guidelines and metrics that firms throughout the supply chain can use to ensure safety in production and handling. Means says that some areas covered by producer guidelines would likely include soil standards, prior and adjacent land uses, and worker health and hygiene.
Detection. Experts say the greatest challenge in food security lies in the area of detection—detecting contamination in suspect products, and in the event of an outbreak, connecting the dots between disparate cases to determine as early as possible when there is a common factor that has caused a large number of people to become ill from eating a contaminated item.
Andrew I. Bern, M.D., a Florida practitioner and fellow of the American College of Emergency Physicians, says that improved and expanded IT infrastructure—already a top priority of the healthcare industry—holds the greatest promise for accelerating outbreak detection or “syndromic surveillance.”
It is also important that vigilance for food-borne disease outbreaks among primary and emergency care providers has increased, along with awareness of terrorist threats, Bern says. Toward that end, the U.S. Centers for Disease Control and Prevention maintains a list of 52 nationally reportable diagnoses—among them food-borne diseases like botulism and the potentially fatal 0157:H7 strain of E. coli—and provides educational programs for physicians on how rare diseases pre-sent in victims.
But diagnosis of individual cases—especially the first one in an outbreak—can come down to a single doctor’s attentiveness, as was the case in the 2001 anthrax attacks.
Bern notes that the difficulty of making the right diagnosis early on is increased by the “protean” nature of diseases like SARS or Avian flu, which may pass for traditional strains. Another problem is that all 50 states follow different processes for investigating reports of public health problems.
A specialized information technology network that is programmed to spot symptom and exposure patterns across the population and to automatically alert public health officials is the answer, Bern says. He points to the types of networks provided by EMSystem, a company in Milwaukee, Wisconsin, as a potential model. The firm provides Web-based patient and resource tracking systems to the healthcare, first-response, and public-health sectors.
“That way you have systemwide hook-in, rather than doctors getting their information from CNN and MSNBC,” Bern says.
A team of public-health researchers affiliated with the National Center for Food Production and Defense at the University of Minnesota, meanwhile, is conducting a three-year, quantitative analysis of the nation’s public-health response system in an effort to determine where additional investment will cut the most time in detection of, and response to, an outbreak.
The results of the research—which is scheduled to continue for one more year—are expected to focus on mundane but significant logistical details, like how much time patient samples spend in transit from hospitals to diagnostic labs or the lag time between a diagnosis and the involvement of a state epidemiologist. The findings may also address the issue of states’ disparate reporting and investigation procedures, says Don Schaffner of Rutgers University in New Brunswick, New Jersey, who is the team leader.
While academics and industry officials agree that full-scale preventive food testing within the supply chain is not feasible, emerging technologies hold the promise of faster screening of individual suspect samples. For example, testing for the presence of E. coli currently takes roughly 24 hours, requiring growth of cultures and introduction of antibodies to determine the presence of the bacteria. Researchers at Purdue University in West Lafayette, Indiana, have used an adaptation of traditional spectrometry, called desorption electrospray ionization (DESI), to detect E. coli’s bacterial “fingerprint” in less than one minute.
As yet, however, the technology has only been proven on pure E. coli samples, as opposed to food product, says Purdue researcher R. Graham Cooks.
DESI simplifies mass spectrometry by eliminating the need for a vacuum chamber in which to test an ionized sample substance; that reduces test time. Researchers also hope to cut device size enough to allow use of the technology outside the lab. Full-size DESI devices commercialized by Prosolia, Inc. of Indianapolis, currently for research applications, cost roughly $34,000 each.
Leversense of Newtown Square, Pennsylvania, is developing a hand-held detector incorporating technology developed by Raj Mutharasan at Drexel University in Philadelphia, holding the promise of instantaneous testing.
Mutharasan places E. coli antibodies on a sliver of glass one millimeter wide, which is then vibrated at a certain frequency. The sliver is then exposed to the test material. If E. coli bacteria interact with the antibodies, a sensor detects a minute variation in the vibration.
While the system is prone to false positives, Mutharasan addresses that with multiple tests. The system’s cost is comparable to traditional culture tests, but it could save 24 hours in turnaround time, allowing authorities to rule out uncontaminated materials expeditiously.
Animal ID. Another important component in supply-chain safety is the ability to track back to the origins of a product when a problem surfaces. That’s easy enough with packaged goods. It’s a different story with meat products.
To address that weakness in the system, the USDA has been working on a voluntary animal ID program, dubbed the National Animal Identification System (NAIS), which it plans to launch this year. In doing so, the U.S. will join the ranks of countries that already have such programs, including Australia and Canada, although their programs are now mandatory (see sidebar, page 70).
Unlike the foreign programs, which employ a single, national database, NAIS must tie together a growing system of both private and state-based public animal tracking databases. NAIS’s Animal Trace Processing System (ATPS) or “metadata” system will serve as both a hub and portal for data access and tracking.
Addressing security concerns, the USDA pledges a firewall-protected portal accessible only to properly credentialed agency employees, plus access audits. Animal health officials—state or federal—will not be able to access ATPS for animal data unless a “trigger” event occurs and administrators open the system to relevant personnel, says Neil Hammerschmidt, an NAIS program coordinator.
The USDA began developing NAIS in 2005 with a drive for voluntary registration of the roughly 1.4 million sites, or “premises,” in the U.S. livestock production industry. Last year the USDA began issuing animal identification numbers to participants’ cattle. These are unique numbers that would prevent confusion or redundancy among databases domestically and internationally. Approximately 25 percent of premises were registered as of early this year, and the ATPS portal was expected to be operational online by mid-March.
Unlike foreign animal ID programs, NAIS will require only the existing standard visual identification—typically an ear tag. It will not require that ranchers also use RFID tags.
The USDA states the goal of being able to complete a full trace-back for a sick animal within 48 hours, and further seeks full producer participation in its animal ID program by 2009.
The participation question divides cattle producers—who advocate a voluntary system—and meat processors, who support mandatory tracking. Mark Dopp, senior vice president and general counsel for the American Meat Institute, which represents processors, says he saw the government back away from the initial goal of mandatory participation, a move he says was “market driven,” alluding to ranchers’ concerns over cost and privacy.
Joe Schuele, a spokesman for the National Cattleman’s Beef Association, says ranchers’ concerns over cost pale next to those about privacy of proprietary inventory or transaction data. Ranchers worry that data could be used to manipulate prices if they fell into competitors’ hands.
“The livestock industry is extremely competitive, and cattle producers do not want to give out access to this information,” says Schuele, whose group supports voluntary, privately run databases. Meanwhile, USDA is beefing up risk-based inspections in processing plants, beginning this month.
Somewhere there may be a terrorist who hungers to make a mark by contaminating food supplies. More likely, it is simply the vagaries of nature in the form of diseases, such as E. coli outbreaks, that we most need to guard against. Whatever the threat, food sector professionals have a lot on their plates. But as these multiple efforts show, they also have the appetite to take on the challenge.