Taking the Terror out of the Mail

Reeling from the terrorist attacks in New York and Washington, anthrax-laced letters showed up in mail sent to members of Congress and the media. (For more, see this month’s “After Action.”)
What is not widely known was the fallout from the highly publicized poisoned letter campaign. During the anthrax attacks, the frequency of suspicious powder incidents increased dramatically. According to the head of the Postal Inspection Service, over 7,000 anthrax hoaxes, threats and suspicious letters and packages—an average of almost 600 per day—were reported to his agency in the weeks following the first anthrax attack, and nearly 300 postal facilities had to be evacuated because of these incidents.
The head of the FBI’s Counterterrorism Division testified before the House Committee on Government Reform that the FBI and state and local authorities were overwhelmed by hoaxes in the wake of the anthrax incident, handling more than 2,000 in the first two weeks of October 2001, compared with about 250 a year previously. He cited both the “indeterminable” resources required to address them and “the terror they bring to the victims.”
Additionally, according to officials at the Centers for Disease Control and Prevention (CDC), large numbers of medical, public health, law enforcement and emergency response personnel throughout the country and the world dealt with numerous other hoaxes perpetrated in the weeks after the incidents. According to officials, while the frequency of incidents involving suspicious packages or powder spills has declined since 2001, they nevertheless remain a challenge to the US Postal Service (USPS) and other agencies.
Technological response
USPS has over 800,000 employees who process more than 200 billion pieces of mail per year. Its infrastructure includes its headquarters office in Washington, DC; nine area offices; approximately 350 mail processing and distribution centers; and about 38,000 post offices, stations and branches.
In 2001, USPS had guidance for responding to anthrax and other hazardous incidents, but this guidance did not address the challenges it faced.
The USPS’s current security procedures depend upon its installment of biohazard detection equipment in its 280 mail processing plants.
Almost two years ago, USPS awarded Northrop Grumman Corp.’s Security Systems LLC, part of the Baltimore-based Electronic Systems sector, a contract to develop a biohazard detection system (BDS) to detect potential biological threats at mail facilities. The $175 million contract extended from January to October 2004 and followed a development and test phase that started in May 2002.
In January, Kansas became the 83rd mail center out of 100 nationwide to get the new system. By the end of 2005, 270 postal facilities across the country are supposed to have the system. Eventually, every postal facility that handles outgoing mail will have the equipment, according to USPS officials.
Northrop Grumman worked with Smiths Detection to develop a system that would meet the Postal Service’s needs. The resulting system was chosen based on several performance tests.
The combination of key components that form the BDS were based on commercial development of military biological testing designs, rather than new technologies. A key polymerase chain reaction (PCR) technology based on programs developed with Lawrence Livermore Laboratory is used to analyze air samples taken from mail-sorting equipment. Cepheid Inc., a genetic analysis firm based in Sunnyvale, Calif., refined that process by creating a completely automatic, real-time PCR that is the core component of the BDS.
The BDS contract was a major coup for Kurt Petersen, who co-founded Cepheid with the help of a Department of Defense contract aimed at developing rapid, accurate and portable systems for detecting dangerous biological organisms.
Cepheid uses technology based on a miniaturized thermal cycler developed at Lawrence Livermore that performs a technique for replicating DNA—the PCR. PCR is accurate, but getting results can take a day or two because the process requires a skilled technician who must prepare and analyze the sample in a lab. Cepheid’s SmartCycler, launched in 2000, cuts that time to 30 minutes, and the GeneXpert automates the process.
The sample collection component of BDS was developed from a commercial particle collector, the SpinCon, provided by Midwest Research Institute, which had long experience developing air sampling equipment.
Northop Grumman developed all the controls for the system to create a completely automatic process for screening the mail.
The systems can detect trace levels of DNA from biological agents, such as anthrax, while letters and packages are processed, according to Northrop Grumman.
Jim Nagy, an occupational health specialist with the Postal Service, said the 2001 attack taught two lessons about anthrax: “It’s hard to kill, but it’s also highly treatable if we catch it in time. And this machine makes sure we catch it in time.”
Postal officials acknowledged, however, that BDS is not perfect. It only detects anthrax, though there are plans to upgrade it to detect other potentially lethal pathogens. Indeed, the BDS, as now configured, would not have detected the ricin that turned up in a Senate office building in February 2004.
Paul Smith, public affairs manager for the Postal Service’s Eastern region, said at the time, “Right now, we’re set up for anthrax. The system can be configured to stop other [biological] agents; it would require a software adjustment.”
Additionally, BDS may not detect anthrax mailed in packages that don’t go through the “pinch rollers” that squeeze air from letters during cancellation.
Still, if a letter or package contains anthrax, officials are confident that some spores will be pulled off as the mail passes under a hood on its way into the cancellation machine.
Northrop Grumman consequently sought protection from liability if a deadly substance makes its way into the mail stream.
Pursuant to the Safety Act, part of the Homeland Security Act of 2002, last summer the Department of Homeland Security designated and certified BDS as an anti-terror technology. The Safety Act limits the liability of sellers of qualified anti-terrorism technologies if a terrorist attack occurs and the sellers’ products or services fail through no fault of their own. As a result, Northrop Grumman is protected from some liability if a terror attack takes place while its technology is in use.
Other solutions
Meanwhile, USPS is tackling security in other ways. In June 2003, USPS selected Lockheed Martin, based in Bethesda, Md., to build and test prototype containment systems for curbside, walk-up and lobby letter mailboxes. The goal is to develop a standard containment system for mail collection that will minimize a postal carrier’s exposure to potentially hazardous or contaminated items when retrieving mail from public collection stations.
“This effort is one of several supporting the US Postal Service’s Emergency Preparedness Plan to make the collection, distribution and delivery of mail to our homes and offices safer,” said Michele Evans, director of Mail Automation Systems for Lockheed Martin Distribution Technologies.
In May 2003, a test program using explosive detection canines to screen mail began to be examined to see if it could be expanded as a result of the efforts of the Transportation Security Administration (TSA), airlines and USPS to get mail weighing 16 ounces or more back on aircraft.  
Currently, TSA-certified canine teams are screening mail at 11 airports as part of a national test project.  After 9/11, all mail 16 ounces or more was barred from cargo holds of commercial aircraft due to the potential threat to airline security.
“TSA is working hard to get mail back on planes in a way that is safe and helpful to the USPS and the airlines,” Adm. James M. Loy said as he was leaving his post as head of TSA to take up new duties as deputy secretary of homeland security. “The TSA canine teams are helping to raise the security bar, making it tougher for terrorists to succeed by ensuring the safety of mail transported on commercial aircraft.”
“The dogs’ mobility and ability to search large volumes of items quickly and high level of accuracy in detecting explosives are indeed extremely important assets as we further develop screening policies for air cargo,” said David Kontny, director of the TSA National Explosives Detection Canine Team Program, which is part of TSA’s Aviation Operation’s Law Enforcement Division.
The canine teams get 11 weeks of intensive training at TSA’s Explosives Detection Canine Handler Course at Lackland Air Force Base in San Antonio, Texas. They must be certified each year—a stringent three to four-day process that includes searches of aircraft luggage terminals, cargo and vehicles.
Since 9/11, the number of canine teams available for airport duty has doubled to more than 300 at more than 60 airports. Plans call for expanding the program to 420 teams at 82 airports by the end of 2005, according to TSA.
The human dimension
As for other security issues facing USPS, Congress’ watchdog arm, the Government Accountability Office (GAO) reported in November to the House Committee on Government Reform and Senate Committee on Governmental Affairs that “available information showed that implementation of security measures had increased since 2001 at some core facilities,” but “security problems still existed at some facilities.” (US Postal Service: Physical Security Measures Have Increased at Some Core Facilities, but Security Problems Continue, http://www.gao.gov/new.items/d0548.pdf.)
Incomplete and inaccurate USPS data precluded GAO “from making an overall assessment of the implementation of security measures at all 373 core facilities,” the GAO auditors complained. They found that “USPS security data for core facilitieshad a number of problems, including miscoded facilities, duplicate responses and incomplete information. Complete and accurate comparison data were available for only 119 of 373 core facilities. These data showed that some additional security measures were implemented at each of the 119 core facilities between fiscal years 2001 and the most recent year security survey data were available—either fiscal year 2003 or 2004.” For example, they noted, 15 core facilities had installed electronic access control systems since 2001.
In addition, GAO analysis of Inspection Service reports and visits to 13 core facilities identified security problems. During its 2004 reviews, the Inspection Service found a variety of problems at core facilities, including incomplete annual security surveys, unaccounted facility and vehicle keys, unlocked doors and gates or deactivated alarms, unattended and unlocked vehicles, unsecured registered mail and stamp inventory and employees not wearing required ID badges.
“During our visits to 13 core facilities we observed some similar security problems,” GAO’s report stated. “At two locations, entry gates were left opened and unguarded, and we were able to enter restricted areas unescorted at three other facilities.”
According to USPS officials, a number of plans and processes to improve physical security are being developed. The Inspection Service is responsible for leading several of these efforts. For example, through a formal review and follow-up process, the Inspection Service is working with local and headquarters management officials to improve facility security. In an effort to address security concerns, the Inspection Service has filled almost all of 47 new physical security specialist positions.
In addition, at the end of fiscal year 2004, the Inspection Service completed training for 500 to 600 security control officers, including those at the 373 core facilities. USPS officials told GAO that an Emergency Preparedness group has been created to develop and implement measures to protect critical infrastructure, in collaboration with the Inspection Service.
“Although some management positions have been filled for this group, the unit is not yet fully operational,” GAO said. “According to USPS officials, efforts are also under way to update and improve the Facility Security Database. For example, officials are in the process of refining a facility risk assessment, correcting data problems with the Facility Security Database, and integrating the two into a single physical security evaluation and tracking tool.”
GAO recommended that the postmaster general develop a plan with objectives, time frames and needed resources for correcting problems with the Facility Security Database. USPS concurred with GAO’s recommendation. USPS officials also acknowledged that there is no integrated system for tracking the status of physical security efforts.
“On the basis of our examination of the limited data available, we believe that the Facility Security Database has the potential to be an effective management tool for identifying, tracking and correcting security issues,” GAO concluded, noting, however, that “its current problems, such as incomplete and duplicative data, prevent USPS management from using the database to assess the implementation of required security requirements and determining progress in correcting deficiencies. USPS is taking steps to address deficiencies in the Facility Security Database. However, USPS currently lacks an overall plan that would help ensure that these deficiencies will be addressed.”
USPS executives have told GAO that all the deficiencies the congressional investigator found are being addressed.
Meanwhile, critics are mostly concerned that USPS remains unable to sniff out letters and packages that might be used to launch a bioterror attack with pathogens the Postal Service’s new multi-million-dollar machines are unable to detect. At the very least, they say, the software should be upgraded to screen for a wide variety of pathogens, not just anthrax, which itself might slip through USPS’s defensives by being put into a bulky package, as GAO learned.
More than three years after Postal Service vulnerabilities were exploited to launch a bioterror attack on America, albeit limited in scope, the government has effectively welded those weaknesses shut—at least as far as anthrax in letters is concerned. As for detecting anthrax shipped in packages—that remains problematic.
And then there’s the matter of pathogens being delivered via typical household-size correspondence. The service’s new biodetection machines aren’t configured to detect them. It’s unclear when they will be. Counterterror authorities say the devices should be configured to detect the entire spectrum of germs that terrorists could foreseeably obtain.
Elsewhere, counterterror authorities are concerned about the physical security of post offices, especially ones in small and rural cities and towns. They are worried that well-trained terrorists could make off with postal vehicles and uniforms. According to some of these experts, intelligence indicates Al Qaeda has discussed the use of USPS vehicles and uniforms to carry out suicide bombings.
Nevertheless, the Postal Service’s post-9/11 security remedies are better than having done nothing at all, observers say. There’s a widespread consensus that America will never be 100 percent secure, but by taking whatever measures are possible, the vulnerability gap can be closed, if only incrementally. HST

(Visited 155 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply