Examining attacks from the target’s point of view
ALBUQUERQUE, N.M. — Like Johnny Appleseed of yore, the Food and Drug Administration is scattering food-defense programs across the US so that the country’s million or so food processors can better secure their food against possible contamination by terrorists.
A team from Sandia National Laboratories led the effort to computerize the FDA program so that it will be distributed as widely as possible.
Sandia is a National Nuclear Security Administration laboratory.
The downloadable program, called “CARVER + Shock,” provides a series of interactive questions. Food-processing employees can learn it in a few hours. The program helps companies of any size determine vulnerabilities along their food-processing chain. It also warns of the attractiveness of each production step to an invader.
“People who used the beta version [the initial test] said it was easy to use and fun,” says FDA assistant commissioner for food protection David Acheson. “You build flow charts by dragging icons onto the screen.”
The point is to enable the large number of companies that may be unskilled in risk assessments to make evaluations on their own.
Attacking the jugular
CARVER was originally developed by the US military to evaluate targets to determine which would be most attractive to an adversary. Its current use, computerized under the supervision of Sandia researchers, applies this method to food production from the target’s point of view.
“In warfare, the military must attack the jugular of its opponent,” said principal investigator Phil Pohl. “Here, we ask the same tough questions, but to identify the food supply jugular and protect it.”
Specifically, the CARVER questions follow its acronym to ask how critical, accessible, recognizable, and vulnerable each part of any food process is, as well as the physical effect of an unwanted intervention and how long it would take to recover from it.
“Shock” rates the degree to which a specific attack on the food chain would raise public apprehension.
“An attack on a baby food plant would produce more emotional shock than one on a frozen pizza plant,” says Sandia researcher Susan Carson, who worked on software that helped develop the questions needed for a one-size-fits-all program. “We factor that in.”
The move from limited to widespread possible use
The conversion from questions-asked-in-person to questions-asked-by-computer began with Carson and Pohl shadowing FDA staff at meetings with industry personnel and writing down the questions asked.
Former Sandian Regina Hunter and son Madison Link, through their Albuquerque-based company Ducks in a Row, also took part in some interviews and then, with Phil and Susan, put together the design interface.
As Hunter colorfully puts it, “How do you reproduce the process of a bunch of guys gassing around the table and put it into a series of questions that needs to be asked by computer?”
(Earlier work led by Hunter on a Sandia code called RAMPART, which asked risk-based questions about natural disasters, gave her experience in developing icons and testing for program bugs always present in any complex software.)
Robert Browitt of Albuquerque-based Architrave Software, who also attended some interviews, put the questions into code. “Sandians have brilliant ideas and I implement them into a usable professional product,” he says.
Access by terrorists?
But could CARVER’s questions — “more than a hundred, less than 200,” says Susan — be useful to terrorist groups in determining where to attack?
“The software [by itself] is not a checklist,” says Sandia manager Jeff Danneels whose background is in risk and security assessments. “It won’t tell you where vulnerabilities in a process are. The companies who use it will have to control access to their results. But the only way many stay in business — particularly for the largest — has always been to keep their products proprietary and secret. They’ll have to do the same here.”
The food-defense project began in longhand, in effect, in response to the federal Bioterrorism Act of 2002, which said the industry should be prepared to defend against any contingency that might arise.
In partial response, the FDA increased its work with the food industry to determine any overlooked vulnerabilities. The joint meetings were time- and labor-intensive; it could take key employees of a given plant several days to discuss food production with an eye to determining the site’s most vulnerable points.
Thus, working person-to-person, the agency was able to reach only a limited number of those in the food industry.
“The computerized tool will allow many more industries and states to get a better idea of where their vulnerabilities lie in food processing and manufacturing,” says Acheson.
“This is the best thing to come out of Washington in a long time,” says David Fish, plant manager of Breedlove Dehydrated Foods, a large nonprofit food processor in Lubbock, Texas. “We’re all aware of vulnerabilities in our food chain, even if it’s unintentional, like the [harmful E. coli on spinach] that killed several people and sickened hundreds.”
“This is the only quantifiable tool I know of for the food industry,” says Frank Busta, director of the National Center for Food Protection and Defense, a federally funded consortium of six universities headquartered at the University of Minnesota. “I don’t know if it’s the be-all-to-end-all. There’ll be evaluations of the system as we move forward — what’s incidental, what’s extremely important — to refine it into a better and better instrument. But the Sandia project to computerize [the questions] should ease its use a lot. This is the first computerized step.”
FDA employees Don Kautter and Amy Barringer contributed to the work, as did Cory Bryant, Sarah Davis, and Fred Shank of the Institute of Food Technologists.
Acheson says the FDA is working up a marketing plan to increase awareness of the program, which is now available on the FDA’s website at www.cfsan.fda.gov/~dms/vltcarv.html.