From: Food Quality & Safety magazine, August/September 2013

Food Defense and Protection

by Ted Agres

Washington Report

Much of the focus on food safety has been on preventing unintentional or accidental contamination of products and ingredients by bacteria and other naturally occurring pathogens and agents. But specialists in government, industry, and academia are quietly exploring ways to protect the nation’s food supply against intentional contamination and adulteration from sabotage, terrorism, economic fraud, and other illegal actions.

In some ways, their task is made harder because intentional contamination can occur when insiders—company officials, disgruntled employees, or terrorists who have infiltrated the workforce—perpetrate their crimes as they go about everyday activities. “It’s very difficult to prevent an employee at a company manufacturing high-risk foods from engaging in terrorism because they have access to the facility and adding ingredients may be part of their job,” says David Acheson, director of the food and import safety practice at Leavitt Partners and a former FDA associate commissioner of foods.

The spectrum of intentional food contamination ranges from extremist groups (terrorism), to disgruntled employees (sabotage), to company officials engaged in economically motivated adulteration (counterfeiting and fraud). Examples of the latter include unapproved enhancements, such as the addition of melamine to milk to increase its apparent protein value; mislabeling, such as selling sunflower oil as olive oil; and substitution, such as using beet sugar in place of honey. A 2010 study by A.T. Kearney for the Grocery Manufacturers Association placed worldwide losses from economic adulteration and counterfeiting of food and consumer goods at $10 to $15 billion annually. One adulteration incident alone can slash a food company’s annual revenue by 2 to 15 percent, the report said.

Devastating Food Terrorism

While counterfeiting and food fraud extract their economic and health tolls on consumers, an act of widespread food terrorism could be even more devastating and weaken confidence in the nation’s overall food system. While FDA has had a long interest in food defense, the September 11, 2001 terrorist attacks “seriously ramped it up,” Acheson says. “Food defense moved from being a slow-paced, low-priority project to a high-paced, high-priority one after 9-11,” he says. During those years, the FDA explored ways to help companies understand the importance of identifying and eliminating vulnerabilities in their products and processes. But because a terrorist attack on the nation’s food supply did not materialize, interest in food defense again began to wane—at least until recently.

Things changed with the enactment of the Food Safety Modernization Act (FSMA) in 2011. Section 106 of FSMA requires the FDA to conduct a vulnerability assessment of the nation’s food system, determine the types of science-based mitigation strategies or measures to protect against intentional adulteration of high-risk food, and, in coordination with the Departments of Agriculture and Homeland Security, publish regulations and guidance to implement those strategies and measures.

“FDA will be requiring companies to pay attention to food defense and will be writing rules and regulations around that,” Acheson tells Food Quality & Safety magazine. As with most other regulations required under FSMA, the FDA has not issued those food defense rules on schedule. In fact, they are not expected until after regulations on import safety and the foreign supplier verification program, preventive controls for animal food, and third-party audit certification are published this year. This means the food defense rules may not be issued until 2014.

Assessing Vulnerability

But the FDA has not been neglecting food defense either. In April, the agency met one of the FSMA’s requirements by issuing a report assessing the vulnerability of the nation’s food system. The analysis is based on vulnerability assessments conducted jointly with USDA, FBI, and the Department of Homeland Security of more than 50 food and agriculture products and processes during 2005 to 2008. The goal was to identify processing steps of highest concern, potential mitigation strategies to reduce these vulnerabilities, and gaps in research. A key concern was to do all this without disclosing sensitive information such as vulnerabilities in specific facilities, commodities, or processes.

The methodology used is called CARVER + Shock, a relative risk-ranking tool originally developed by the military and since used by the food industry to identify vulnerabilities. Six of the attributes include:

  • Criticality: The measure of public health and economic impact,
  • Accessibility: The ability to physically access and egress from the target,
  • Recuperability: The ability of a system to recover from an attack,
  • Vulnerability: The ease of accomplishing an attack,
  • Effect: The amount of direct loss as measured by loss in production, and
  • Recognizability: The ease of identifying the target.

The seventh attribute (“shock”) was added to assess the combined health, economic, and psychological impacts of an attack within the food industry. CARVER + Shock “can determine the most vulnerable points in the infrastructure and focus resources on protecting the most susceptible points in the system,” the FDA report says.

Because CARVER + Shock is a relative risk ranking tool, there is no equivalence between a score value for a processing step in one industry to the same score value for another processing step in a different industry. With support from the Battelle Memorial Institute, the FDA reevaluated the data to determine common attributes and activities between processing steps. It found that some processing steps repeatedly rose to the top. For example, 14 of the 47 most vulnerable processing steps involved mixing, grinding, or coating as the primary function and which could result in “probable homogeneous distribution of a threat agent into the product.” Twelve of the 47 steps involved the staging, preparation, or addition of minor ingredients. Six involved receiving while five others involved storage. The rest were an assortment of other activities. “The processing steps where mixing occurs or secondary ingredients are staged, prepped, or added prove to be critical processing steps in many assessed products,” the report said.

The FDA concluded that four processing steps trigger the highest concerns, and if present in a facility, should be given priority consideration:

  • Coating, mixing, grinding, and rework activities,
  • Ingredient staging, prep, and addition activities,
  • Liquid receiving and loading activities, and
  • Liquid storage, hold, and surge tank activities.

Processing steps involving liquids carry far greater risk than handling or storage of dry ingredients, the report noted. The FDA is encouraging facilities to perform their own private, custom assessments using CARVER + Shock or another software tool to determine the risk of intentional contamination. Toward this end, in May the FDA unveiled a free software program called the Food Defense Plan Builder, a tool companies can use to privately and confidentially perform their own vulnerability assessments. “The FDA is committed to providing best practices and resources to support industry as we pursue our shared goal of protecting our food supply,” said Michael Taylor, FDA deputy commissioner for foods and veterinary medicine in a statement. “We strongly encourage companies to take full advantage of the Food Defense Plan Builder.”

Software Controversy

Acheson says the FDA will eventually require companies to perform vulnerability risk assessments and implement a food defense plan. Companies hoping to get a head start on this process may choose to use the FDA’s Food Defense Plan Builder, figuring that it has the agency’s seal of approval, says Bruce H. Becker, president of FoodQuestTQ LLC, a small software development company in Frederick, Md. But Becker and John H. Hnatio, FoodQuestTQ’s chief science officer (and president of Projectioneering LLC, another small software company), claim that the FDA stole their patented risk assessment technology and used it to develop Food Defense Plan Builder and four other software risk assessment applications, driving away potential customers.

In May, Becker and Hnatio circulated a 34-page “technical paper” outlining their dispute with the FDA. Included in it was a 10-page rebuttal from the Office of the General Counsel for the Department of Health and Human Services (HHS), FDA’s parent agency. “We have uncovered no evidence that FDA or its contractors took or used any trade secrets that you might own,” concluded Dale D. Buckley, intellectual property rights counsel for HHS. In June, Becker and Hnatio sent an email to various food companies advising them not to use any of the FDA’s free programs if they wished to avoid future liability. “We believe that if the FDA had looked at the facts fairly and did the necessary comparison between the patent and how we implemented the patent to practice, that it was very apparent that it infringed on our intellectual property,” Becker tells Food Quality & Safety magazine.

Independent of risk assessments, there are other steps that companies can take to ensure the integrity of their supply chain. “From a legal compliance and business risk management perspective, food companies may strengthen safeguards preventing economic adulteration from affecting the food and food ingredients they purchase from vendors by focusing on three key areas,” says Sarah Roller, JD, RD, MPH, who heads the food and drug legal practice at Kelley Drye & Warren in Washington, D.C.

These safeguards include: 1) Making sure that vendor qualification programs are rigorous and selection criteria favor vendors whose regulatory compliance track record and supply chain management practices demonstrate a culture of compliance; 2) Ensuring that product purchasing specifications include technical criteria that can be used to detect signs of economic adulteration; 3) Ensuring that supply agreements with qualified vendors include performance standards that require products to meet all applicable legal requirements.

These agreements should “require suppliers to submit to audits and data reporting requirements that ensure the company is equipped with the data and information it needs to verify and substantiate that the products it receives from suppliers meet legal requirements and hold suppliers accountable when missteps occur,” Roller tells Food Quality & Safety.

Agres is based in Laurel, Md. Reach him at



Current Issue

Current Issue

February/March 2015

Site Search

Site Navigation