Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Questions remain about new drug for hot flashes
In May, a new drug, Fezolinetant, was approved by the FDA to treat hot flashes associated with menopause.
Vascomotor symptoms (VMS) is the medical term for hot flashes associated with menopause. You are going to hear a lot more about it because a company has a new drug to sell. Here is what you need to know.
Menopause marks the end of a woman’s reproductive capacity. Normal hormonal production associated with that monthly cycle becomes erratic and finally ceases. For some women the transition can be relatively brief with only modest symptoms, while for others the body's “thermostat” in the brain is disrupted and they experience hot flashes and other symptoms that can disrupt daily activity. Lifestyle modification and drugs such as hormone therapy can provide some relief, but women at risk for cancer are advised not to use them and other women choose not to do so.
Fezolinetant, sold by Astellas Pharma Inc. under the product name Veozah™, was approved by the Food and Drug Administration (FDA) on May 12 to treat hot flashes associated with menopause. It is the first in a new class of drugs called neurokinin 3 receptor antagonists, which block specific neurons in the brain “thermostat” that trigger VMS. It does not appear to affect other symptoms of menopause. As with many drugs targeting a brain cell receptor, it must be taken continuously for a few days to build up a good therapeutic response, rather than working as a rescue product such as an asthma inhaler to immediately treat that condition.
Hot flashes vary greatly and naturally get better or resolve completely with time. That contributes to a placebo effect and makes it more difficult to judge the outcome of any intervention. Early this year, a meta analysis of 17 studies of drug trials for hot flashes found an unusually large placebo response in those types of studies; the placebo groups had an average of 5.44 fewer hot flashes and a 36 percent reduction in their severity.
In studies of fezolinetant, the drug recently approved by the FDA, the placebo benefit was strong and persistent. The drug group bested the placebo response to a statistically significant degree but, “If people have gone from 11 hot flashes a day to eight or seven in the placebo group and down to a couple fewer ones in the drug groups, how meaningful is that? Having six hot flashes a day is still pretty unpleasant,” says Diana Zuckerman, president of the National Center for Health Research (NCHR), a health oriented think tank.
“Is a reduction compared to placebo of 2-3 hot flashes per day, in a population of women experiencing 10-11 moderate to severe hot flashes daily, enough relief to be clinically meaningful?” Andrea LaCroix asked a commentary published in Nature Medicine. She is an epidemiologist at the University of California San Diego and a leader of the MsFlash network that has conducted a handful of NIH-funded studies on menopause.
Questions Remain
LaCroix and others have raised questions about how Astellas, the company that makes the new drug, handled missing data from patients who dropped out of the clinical trials. “The lack of detailed information about important parameters such as adherence and missing data raises concerns that the reported benefits of fezolinetant very likely overestimate those that will be observed in clinical practice," LaCroix wrote.
In response to this concern, Anna Criddle, director of global portfolio communications at Astellas, wrote in an email to Leaps.org: “…a full analysis of data, including adherence data and any impact of missing data, was submitted for assessment by [the FDA].”
The company ran the studies at more than 300 sites around the world. Curiously, none appear to have been at academic medical centers, which are known for higher quality research. Zuckerman says, "When somebody is paid to do a study, if they want to get paid to do another study by the same company, they will try to make sure that the results are the results that the company wants.”
Criddle said that Astellas picked the sites “that would allow us to reach a diverse population of women, including race and ethnicity.”
A trial of a lower dose of the drug was conducted in Asia. In March 2022, Astellas issued a press release saying it had failed to prove effectiveness. No further data has been released. Astellas still plans to submit the data, according to Criddle. Results from clinical trials funded by the U.S. goverment must be reported on clinicaltrials.gov within one year of the study's completion - a deadline that, in this case, has expired.
The measurement scale for hot flashes used in the studies, mild-moderate-severe, also came in for criticism. “It is really not good scale, there probably isn’t a broad enough range of things going on or descriptors,” says David Rind. He is chief medical officer of the Institute for Clinical and Economic Review (ICER), a nonprofit authority on new drugs. It conducted a thorough review and analysis of fezolinestant using then existing data gathered from conference abstracts, posters and presentations and included a public stakeholder meeting in December. A 252-page report was published in January, finding “considerable uncertainty about the comparative net health benefits of fezolinetant” versus hormone therapy.
Questions surrounding some of these issues might have been answered if the FDA had chosen to hold a public advisory committee meeting on fezolinetant, which it regularly does for first in class medicines. But the agency decided such a meeting was unnecessary.
Cost
There was little surprise when Astellas announced a list price for fezolinetant of $550 a month ($6000 annually) and a program of patient assistance to ease out of pocket expenses. The company had already incurred large expenses.
In 2017 Astellas purchased the company that originally developed fezolinetant for $534 million plus several hundred million in potential royalties. The drug company ran a "disease awareness” ad, Heat on the Street, hat aired during the Super Bowl in February, where 30 second ads cost about $7 million. Industry analysts have projected sales to be $1.9 billion by 2028.
ICER’s pre-approval evaluation said fezolinetant might "be considered cost-effective if priced around $2,000 annually. ... [It]will depend upon its price and whether it is considered an alternative to MHT [menopause hormone treatment] for all women or whether it will primarily be used by women who cannot or will not take MHT."
Criddle wrote that Astellas set the price based on the novelty of the science, the quality of evidence for the drug and its uniqueness compared to the rest of the market. She noted that an individual’s payment will depend on how much their insurance company decides to cover. “[W]e expect insurance coverage to increase over the course of the year and to achieve widespread coverage in the U.S. over time.”
Leaps.org wrote to and followed up with nine of the largest health insurers/providers asking basic questions about their coverage of fezolinetant. Only two responded. Jennifer Martin, the deputy chief consultant for pharmacy benefits management at the Department of Veterans Affairs, said the agency “covers all drugs from the date that they are launched.” Decisions on whether it will be included in the drug formulary and what if any copays might be required are under review.
“[Fezolinetant] will go through our standard P&T Committee [patient and treatment] review process in the next few months, including a review of available efficacy data, safety data, clinical practice guidelines, and comparison with other agents used for vasomotor symptoms of menopause," said Phil Blando, executive director of corporate communications for CVS Health.
Other insurers likely are going through a similar process to decide issues such as limiting coverage to women who are advised not to use hormones, how much copay will be required, and whether women will be required to first try other options or obtain approvals before getting a prescription.
Rind wants to see a few years of use before he prescribes fezolinetant broadly, and believes most doctors share his view. Nor will they be eager to fill out the additional paperwork required for women to participate in the Astellas patient assistance program, he added.
Safety
Astellas is marketing its drug by pointing out risks of hormone therapy, such as a recent paper in The BMJ, which noted that women who took hormones for even a short period of time had a 24 percent increased risk of dementia. While the percentage was scary, the combined number of women both on and off hormones who developed dementia was small. And it is unclear whether hormones are causing dementia or if more severe hot flashes are a marker for higher risk of developing dementia. This information is emerging only after 80 years of hundreds of millions of women using hormones.
In contrast, the label for fezolinetant prohibits “concomitant use with CYP1A2 inhibitors” and requires testing for liver and kidney function prior to initiating the drug and every three months thereafter. There is no human or animal data on use in a geriatric population, defined as 65 or older, a group that is likely to use the drug. Only a few thousand women have ever taken fezolinetant and most have used it for just a few months.
Options
A woman seeking relief from symptoms of menopause would like to see how fezolintant compares with other available treatment options. But Astellas did not conduct such a study and Andrea LaCroix says it is unlikely that anyone ever will.
ICER has come the closest, with a side-by-side analysis of evidence-based treatments and found that fezolinetant performed quite similarly and modestly as the others in providing relief from hot flashes. Some treatments also help with other symptoms of menopause, which fezolinetant does not.
There are many coping strategies that women can adopt to deal with hot flashes; one of the most common is dressing in layers (such as a sleeveless blouse with a sweater) that can be added or subtracted as conditions require. Avoiding caffeine, hot liquids, and spicy foods is another common strategy. “I stopped drinking hot caffeinated drinks…for several years, and you get out of the habit of drinking them,” says Zuckerman.
LaCroix curates those options at My Meno Plan, which includes a search function where you can enter your symptoms and identify which treatments might work best for you. It also links to published research papers. She says the goal is to empower women with information to make informed decisions about menopause.
A company in England has made a test that picks out the compounds from breath that reveal if people have liver disease.
Every year, around two million people worldwide die of liver disease. While some people inherit the disease, it’s most commonly caused by hepatitis, obesity and alcoholism. These underlying conditions kill liver cells, causing scar tissue to form until eventually the liver cannot function properly. Since 1979, deaths due to liver disease have increased by 400 percent.
The sooner the disease is detected, the more effective treatment can be. But once symptoms appear, the liver is already damaged. Around 50 percent of cases are diagnosed only after the disease has reached the final stages, when treatment is largely ineffective.
To address this problem, Owlstone Medical, a biotech company in England, has developed a breath test that can detect liver disease earlier than conventional approaches. Human breath contains volatile organic compounds (VOCs) that change in the first stages of liver disease. Owlstone’s breath test can reliably collect, store and detect VOCs, while picking out the specific compounds that reveal liver disease.
“There’s a need to screen more broadly for people with early-stage liver disease,” says Owlstone’s CEO Billy Boyle. “Equally important is having a test that's non-invasive, cost effective and can be deployed in a primary care setting.”
The standard tool for detection is a biopsy. It is invasive and expensive, making it impractical to use for people who aren't yet symptomatic. Meanwhile, blood tests are less invasive, but they can be inaccurate and can’t discriminate between different stages of the disease.
In the past, breath tests have not been widely used because of the difficulties of reliably collecting and storing breath. But Owlstone’s technology could help change that.
The team is testing patients in the early stages of advanced liver disease, or cirrhosis, to identify and detect these biomarkers. In an initial study, Owlstone’s breathalyzer was able to pick out patients who had early cirrhosis with 83 percent sensitivity.
Boyle’s work is personally motivated. His wife died of colorectal cancer after she was diagnosed with a progressed form of the disease. “That was a big impetus for me to see if this technology could work in early detection,” he says. “As a company, Owlstone is interested in early detection across a range of diseases because we think that's a way to save lives and a way to save costs.”
How it works
In the past, breath tests have not been widely used because of the difficulties of reliably collecting and storing breath. But Owlstone’s technology could help change that.
Study participants breathe into a mouthpiece attached to a breath sampler developed by Owlstone. It has cartridges are designed and optimized to collect gases. The sampler specifically targets VOCs, extracting them from atmospheric gases in breath, to ensure that even low levels of these compounds are captured.
The sampler can store compounds stably before they are assessed through a method called mass spectrometry, in which compounds are converted into charged atoms, before electromagnetic fields filter and identify even the tiniest amounts of charged atoms according to their weight and charge.
The top four compounds in our breath
In an initial study, Owlstone captured VOCs in breath to see which ones could help them tell the difference between people with and without liver disease. They tested the breath of 46 patients with liver disease - most of them in the earlier stages of cirrhosis - and 42 healthy people. Using this data, they were able to create a diagnostic model. Individually, compounds like 2-Pentanone and limonene performed well as markers for liver disease. Owlstone achieved even better performance by examining the levels of the top four compounds together, distinguishing between liver disease cases and controls with 95 percent accuracy.
“It was a good proof of principle since it looks like there are breath biomarkers that can discriminate between diseases,” Boyle says. “That was a bit of a stepping stone for us to say, taking those identified, let’s try and dose with specific concentrations of probes. It's part of building the evidence and steering the clinical trials to get to liver disease sensitivity.”
Sabine Szunerits, a professor of chemistry in Institute of Electronics at the University of Lille, sees the potential of Owlstone’s technology.
“Breath analysis is showing real promise as a clinical diagnostic tool,” says Szunerits, who has no ties with the company. “Owlstone Medical’s technology is extremely effective in collecting small volatile organic biomarkers in the breath. In combination with pattern recognition it can give an answer on liver disease severity. I see it as a very promising way to give patients novel chances to be cured.”
Improving the breath sampling process
Challenges remain. With more than one thousand VOCs found in the breath, it can be difficult to identify markers for liver disease that are consistent across many patients.
Julian Gardner is a professor of electrical engineering at Warwick University who researches electronic sensing devices. “Everyone’s breath has different levels of VOCs and different ones according to gender, diet, age etc,” Gardner says. “It is indeed very challenging to selectively detect the biomarkers in the breath for liver disease.”
So Owlstone is putting chemicals in the body that they know interact differently with patients with liver disease, and then using the breath sampler to measure these specific VOCs. The chemicals they administer are called Exogenous Volatile Organic Compound) probes, or EVOCs.
Most recently, they used limonene as an EVOC probe, testing 29 patients with early cirrhosis and 29 controls. They gave the limonene to subjects at specific doses to measure how its concentrations change in breath. The aim was to try and see what was happening in their livers.
“They are proposing to use drugs to enhance the signal as they are concerned about the sensitivity and selectivity of their method,” Gardner says. “The approach of EVOC probes is probably necessary as you can then eliminate the person-to-person variation that will be considerable in the soup of VOCs in our breath.”
Through these probes, Owlstone could identify patients with liver disease with 83 percent sensitivity. By targeting what they knew was a disease mechanism, they were able to amplify the signal. The company is starting a larger clinical trial, and the plan is to eventually use a panel of EVOC probes to make sure they can see diverging VOCs more clearly.
“I think the approach of using probes to amplify the VOC signal will ultimately increase the specificity of any VOC breath tests, and improve their practical usability,” says Roger Yazbek, who leads the South Australian Breath Analysis Research (SABAR) laboratory in Flinders University. “Whilst the findings are interesting, it still is only a small cohort of patients in one location.”
The future of breath diagnosis
Owlstone wants to partner with pharmaceutical companies looking to learn if their drugs have an effect on liver disease. They’ve also developed a microchip, a miniaturized version of mass spectrometry instruments, that can be used with the breathalyzer. It is less sensitive but will enable faster detection.
Boyle says the company's mission is for their tests to save 100,000 lives. "There are lots of risks and lots of challenges. I think there's an opportunity to really establish breath as a new diagnostic class.”