The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.
While physical security around select agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. The authors propose that information security guidelines for select agent research be updated and that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities.
Get full access to this article
View all access options for this article.
References
1.
Additional Requirements for Facilities Transferring or Receiving Select Agents. 42 CFR 72, 1997.
US Government Accountability Office. High-Containment Laboratories: National Strategy for Oversight Is Needed. GAO-09-574. Washington, DC: GAO; 2009. http://www.gao.gov/new.items/d09574.pdf. Accessed April7, 2015.
5.
Committee on Laboratory Security and Personnel Reliability Assurance Systems for Laboratories Conducting Research on Biological Select Agents and Toxins. Responsible Research with Biological Select Agents and Toxins.Washington, DC: National Academies Press; 2009.
6.
US Government Accountability Office. Overlap and Duplication: Federal Inspections of Entities Registered with the Select Agent Program. GAO-13-154. Washington, DC: GAO; 2013. http://www.gao.gov/assets/660/651730.pdf. Accessed April7, 2015.
7.
US Government Accountability Office. Testimony before the Subcommittee on Oversight and Investigations, Committee on Energy and Commerce, House of Representatives. High-Containment Biosafety Laboratories: Preliminary Observations on the Oversight of the Proliferation of BSL-3 and BSL-4 Laboratories in the United States. Statement of Keith Rhodes, Chief Technologist, Center for Technology and Engineering, Applied Research and Methods. GAO-08-108T. Washington, DC: GAO; 2007. http://www.gao.gov/assets/120/117997.pdf. Accessed April7, 2015.
8.
World at Risk: The Report of the Commission on the Prevention of WMD Proliferation and Terrorism. New York: Vintage Books; 2008. http://www.absa.org/leg/WorldAtRisk.pdf. Accessed April7, 2015.
Ad Hoc Committee on the Safe Shipment and Handling of Etiologic Agents, Center for Disease Control. Classification of Etiologic Agents on the Basis of Hazard. 4th ed. Center for Disease Control, Office of Biosafety; 1974.
11.
National Cancer Institute. Safety Standards for Research Involving Oncogenic Viruses.Washington, DC: US Department of Health, Education and Welfare; Public Health Service; National Institutes of Health; 1974.
12.
National Institutes of Health. NIH Guidelines for Research Involving Recombinant DNA Molecules. 2013.
Possession, Use, and Transfer of Select Agent and Toxins. 7 CFR 3.331, 2013.
17.
Possession, Use, and Transfer of Select Agents and Toxins, Subchapter E – Viruses, Serums, Toxins, and Analogous Products; Organisms and Vectors. 9 CFR 1.121, 2013.
18.
Select Agents and Toxins Subchapter F – Quarantine, Inspection, Licensing. 42 CFR 1.73, 2013.
Committee on Research Standards and Practices to Prevent the Destructive Application of Biotechnology, National Research Council. Biotechnology Research in an Age of Terrorism.Washington, DC: National Academies Press; 2004.
23.
National Science Advisory Board for Biosecurity. Enhancing Personnel Reliability among Individuals with Access to Select Agents.Washington, DC: NSABB; 2009.
24.
HerfstS, SchrauwenEJ, LinsterM, et al.Airborne transmission of influenza A/H5N1 virus between ferrets. Science, 2012; 336(6088):1534-1541.
25.
ImaiM, WatanabeT, HattaM, et al.Experimental adaptation of an influenza H5 HA confers respiratory droplet transmission to a reassortant H5 HA/H1N1 virus in ferrets. Nature, 2012; 486(7403):420-428.
United States government policy for institutional oversight of life sciences dual use research of concern. Fed Regist, 2013; 78:12369-12372. https://federalregister.gov/a/2013-04127. Accessed April7,2015.
28.
MalakoffD, EnserinkM. Dual use research. New U.S. rules increase oversight of H5N1 studies, other risky science. Science, 2013; 339(6123):1025.
US Government Accountability Office. Biosafety Laboratories: Perimeter Security Assessment of the Nation's Five BSL-4 Laboratories.Washington, DC: GAO; 2008.
32.
Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics. Report of the Defense Science Board Task Force on Department of Defense Biological Safety and Security Program.Washington, DC: Defense Science Board; 2009.
National Science Advisory Board for Biosecurity. Addressing Biosecurity Concerns Related to the Synthesis of Select Agents.Washington, DC: NSABB; 2006.
41.
RichardsSL, PompeiVC, AndersonA. BSL-3 laboratory practices in the United States: comparison of select agent and non–select agent facilities. Biosecur Bioterror, 2014; 12(1):1-7
42.
US Department of Health and Human Services; Office of Inspector General. Summary Report on Universities' Compliance with Select Agent Regulations.Washington, DC: DHHS; 2006. https://oig.hhs.gov/oas/reports/region4/40502006.pdf. Accessed April 7, 2015.
43.
US Department of Health and Human Services; Office of Inspector General. Summary Report on Select Agent Security at Universities. Washington, DC: DHHS; 2004. https://oig.hhs.gov/oas/reports/region4/40402000.pdf. Accessed April7, 2015.
44.
HerleyC.So long, and no thanks for the externalities: the rational rejection of security advice by users. Proceedings of the 2009 New Security Paradigms workshop; Oxford, United Kingdom. http://www.nspw.org/proceedings/2009. Accessed April7, 2015.
45.
US Department of Health and Human Services; Office of Inspector General. Summary Report on State, Local, Private, and Commercial Laboratories Compliance with Select Agent Regulations. Washington, DC: DHHS; 2008. http://oig.hhs.gov/oas/reports/region4/40601033.pdf Accessed April7, 2015.
46.
US Department of Agriculture. Audit Report: Animal and Plant Health Inspection Service Evaluation of the Implementation of the Select Agent or Toxin Regulations Phase II. Washington, DC: USDA; 2006. http://www.usda.gov/oig/webdocs/33601-3-AT.pdf. Accessed April7, 2015.
SwansonM, GuttmanB.Generally Accepted Principles and Practices for Securing Information Technology Systems. Gaithersburg, MD: National Institute of Standards and Technology; 1996. http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf. Accessed April7, 2015.
RossR, KatzkeS, TothP, eds. The new FISMA standards and guidelines changing the dynamic of information security for the federal government. Military Communications Conference, 2005 MILCOM 2005 IEEE; October 17-20, 2005. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1605789&tag=1. Accessed April7, 2015.
71.
BlackPE, ScarfoneK, SouppayaM. Cyber security metrics and measures. In: VoellerJG, ed. Wiley Handbook of Science and Technology for Homeland Security: New York: John Wiley & Sons; 2008.
Supplementary Material
Please find the following supplemental material available below.
For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.
For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.
