The ‘overabundance of caution’ used by national defence and security agencies can border on the ridiculous. US government paranoia over terrorism led to the generally despised — and questionably effective — airport rituals of prohibiting bottles that contain more than 100 millilitres of most liquids and subjecting all passengers to radiation in a virtual strip search. Public panic led to similarly overblown US responses to the 2014 Ebola outbreak, including the forced quarantine of people who were never exposed to the virus and had no chance of causing an epidemic (see page 502).

How, then, was the US Department of Defense (DOD) able this year to send live anthrax spores across at least seven international borders and to at least 183 labs without the authorities noticing? If there is anywhere that paranoid officials should want to monitor when it comes to anthrax, it is the DOD. After all, the DOD works with more anthrax than any other institution, and the only known bioterror attack using anthrax spores as a weapon originated at a DOD lab.

Oversight systems seem to have been watching everything except the most likely source of a threat.

When this year’s failure came to light, the DOD immediately began a 30-day investigation of itself. Its 38-page conclusion, released to the public last week, blamed no one in particular. The military determined that the radiation procedure being used at the lab — Dugway Proving Ground in Utah — to kill the spores was ineffective. It emphasizes that no one was harmed, and that there is no proven method to kill the notoriously resilient spores. Both these things are true.

What is still unclear, however, is why the procedure was not better tested. The US Centers for Disease Control and Prevention (CDC) does not have particular standards for inactivation protocols. But if it did, Dugway’s protocol surely would not meet them: the lab had never optimized the procedure, and the base’s own records showed that the process failed once in every five attempts. Furthermore, neither the sending nor the receiving labs had done enough to verify that the samples were dead. Dugway, for instance, tested only 5% of each sample for viability, which would not have detected a low concentration of live spores. In a twist of irony, DOD scientist Bruce Ivins, who was allegedly responsible for the 2001 anthrax attacks, had suggested that half of a sample should be screened to rule out viability.

It should not be left up to the media to discover serious accidents at agencies.

Dugway has been in hot water before. An investigation by the news outlet USA Today found that the CDC had reprimanded the facility eight years ago for using a different experimental protocol to inactivate anthrax spores and then shipping them even when tests showed that they were still alive. According to USA Today, Dugway was let off with a warning, and the incident was not included in the DOD’s annual report to Congress.

Academic labs could be justifiably rankled at the amount of money and time they have to spend complying with regulations on less dangerous pathogens and harmless amounts of radiation. A university that flouts CDC regulations would probably be subject to harsh penalties. But US law allows government labs to maintain secrecy around their procedures and the results of investigations into their biosafety mishaps, of which there seem to be many.

That could soon change. On 28 July, both the DOD and the CDC were hauled before a congressional committee that is demanding answers and a new probe into the latest incident. The committee has also called for the agencies to produce a list of the labs that are authorized to work with anthrax and other bioterror agents, and for details of biosafety violations. Earlier this month, the CDC announced that it is beginning a 90-day review of its biosafety procedures for federal research labs that work with dangerous pathogens.

It should not be left up to the media to discover serious accidents at the agencies charged with protecting people from bioterrorism. To be clear, the research they perform on anthrax and other pathogens is essential for biosecurity. Incompetent oversight combined with a culture of secrecy could threaten that work. And, given the overabundance of caution applied elsewhere, there should be some spare to deploy at the government labs at which it is most needed.