Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Podcast: The future of brain health with Percy Griffin
Percy Griffin, director of scientific engagement for the Alzheimer’s Association, joins Leaps.org to discuss the present and future of the fight against dementia.
Today's guest is Percy Griffin, director of scientific engagement for the Alzheimer’s Association, a nonprofit that’s focused on speeding up research, finding better ways to detect Alzheimer’s earlier and other approaches for reducing risk. Percy has a doctorate in molecular cell biology from Washington University, he’s led important research on Alzheimer’s, and you can find the link to his full bio in the show notes, below.
Our topic for this conversation is the present and future of the fight against dementia. Billions of dollars have been spent by the National Institutes of Health and biotechs to research new treatments for Alzheimer's and other forms of dementia, but so far there's been little to show for it. Last year, Aduhelm became the first drug to be approved by the FDA for Alzheimer’s in 20 years, but it's received a raft of bad publicity, with red flags about its effectiveness, side effects and cost.
Meanwhile, 6.5 million Americans have Alzheimer's, and this number could increase to 13 million in 2050. Listen to this conversation if you’re concerned about your own brain health, that of family members getting older, or if you’re just concerned about the future of this country with experts predicting the number people over 65 will increase dramatically in the very near future.
Listen to the Episode
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
4:40 - We talk about the parts of Percy’s life that led to him to concentrate on working in this important area.
6:20 - He defines Alzheimer's and dementia, and discusses the key elements of communicating science.
10:20 - Percy explains why the Alzheimer’s Association has been supportive of Aduhelm, even as others have been critical.
17:58 - We talk about therapeutics under development, which ones to be excited about, and how they could be tailored to a person's own biology.
24:25 - Percy discusses funding and tradeoffs between investing more money into Alzheimer’s research compared to other intractable diseases like cancer, and new opportunities to accelerate progress, such as ARPA-H, President Biden’s proposed agency to speed up health breakthroughs.
27:24 - We talk about the social determinants of brain health. What are the pros/cons of continuing to spend massive sums of money to develop new drugs like Aduhelm versus refocusing on expanding policies to address social determinants - like better education, nutritious food and safe drinking water - that have enabled some groups more than others to enjoy improved cognition late in life.
34:18 - Percy describes his top lifestyle recommendations for protecting your mind.
37:33 - Is napping bad for the brain?
39:39 - Circadian rhythm and Alzheimer's.
42:34 - What tests can people take to check their brain health today, and which biomarkers are we making progress on?
47:25 - Percy highlights important programs run by the Alzheimer’s Association to support advances.
Show links:
** After this episode was recorded, the Centers for Medicare and Medicaid Services affirmed its decision from last June to limit coverage of Aduhelm. More here.
- Percy Griffin's bio: https://www.alz.org/manh/events/alztalks/upcoming-...
- The Alzheimer's Association's Part the Cloud program: https://alz.org/partthecloud/about-us.asp
- The paradox of dementia rates decreasing: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7455342/
- The argument for focusing more resources on improving institutions and social processes for brain health: https://www.statnews.com/2021/09/23/the-brain-heal...
- Recent research on napping: https://www.ocregister.com/2022/03/25/alzheimers-s...
- The Alzheimer's Association helpline: https://www.alz.org/help-support/resources/helpline
- ALZConnected, a free online community for people affected by dementia https://www.alzconnected.org/
- TrialMatch for people with dementia and healthy volunteers to find clinical trials for Alzheimer's and other dementia: https://www.alz.org/alzheimers-dementia/research_p...
Employers can create a culture of “Excellence From Anywhere” to reduce the risk of inequality among office-centric, hybrid, and fully remote employees.
COVID-19 prompted numerous companies to reconsider their approach to the future of work. Many leaders felt reluctant about maintaining hybrid and remote work options after vaccines became widely available. Yet the emergence of dangerous COVID variants such as Omicron has shown the folly of this mindset.
To mitigate the risks of new variants and other public health threats, as well as to satisfy the desires of a large majority of employees who express a strong desire in multiple surveys for a flexible hybrid or fully remote schedule, leaders are increasingly accepting that hybrid and remote options represent the future of work. No wonder that a February 2022 survey by the Federal Reserve Bank of Richmond showed that more and more firms are offering hybrid and fully-remote work options. The firms expect to have more remote workers next year and more geographically-distributed workers.
Although hybrid and remote work mitigates public health risks, it poses another set of health concerns relevant to employee wellbeing, due to the threat of proximity bias. This term refers to the negative impact on work culture from the prospect of inequality among office-centric, hybrid, and fully remote employees.
The difference in time spent in the office leads to concerns ranging from decreased career mobility for those who spend less facetime with their supervisor to resentment building up against the staff who have the most flexibility in where to work. In fact, a January 2022 survey by the company Slack of over 10,000 knowledge workers and their leaders shows that proximity bias is the top concern – expressed by 41% of executives - about hybrid and remote work.
To address this problem requires using best practices based on cognitive science for creating a culture of “Excellence From Anywhere.” This solution is based on guidance that I developed for leaders at 17 pioneering organizations for a company culture fit for the future of work.
Protect from proximity bias via the "Excellence From Anywhere" strategy
So why haven’t firms addressed the obvious problem of proximity bias? Any reasonable external observer could predict the issues arising from differences of time spent in the office.
Unfortunately, leaders often fail to see the clear threat in front of their nose. You might have heard of black swans: low-probability, high-impact threats. Well, the opposite kind of threats are called gray rhinos: obvious dangers that we fail to see because of our mental blindspots. The scientific name for these blindspots is cognitive biases, which cause leaders to resist best practices in transitioning to a hybrid-first model.
The core idea is to get all of your workforce to pull together to achieve business outcomes: the location doesn’t matter.
Leaders can address this by focusing on a shared culture of “Excellence From Anywhere.” This term refers to a flexible organizational culture that takes into account the nature of an employee's work and promotes evaluating employees based on task completion, allowing remote work whenever possible.
Addressing Resentments Due to Proximity Bias
The “Excellence From Anywhere” strategy addresses concerns about treatment of remote workers by focusing on deliverables, regardless of where you work. Doing so also involves adopting best practices for hybrid and remote collaboration and innovation.
By valuing deliverables, collaboration, and innovation through a focus on a shared work culture of “Excellence From Anywhere,” you can instill in your employees a focus on deliverables. The core idea is to get all of your workforce to pull together to achieve business outcomes: the location doesn’t matter.
This work culture addresses concerns about fairness by reframing the conversation to focus on accomplishing shared goals, rather than the method of doing so. After all, no one wants their colleagues to have to commute out of spite.
This technique appeals to the tribal aspect of our brains. We are evolutionarily adapted to living in small tribal groups of 50-150 people. Spending different amounts of time in the office splits apart the work tribe into different tribes. However, cultivating a shared focus on business outcomes helps mitigate such divisions and create a greater sense of unity, alleviating frustrations and resentments. Doing so helps improve employee emotional wellbeing and facilitates good collaboration.
Solving the facetime concerns of proximity bias
But what about facetime with the boss? To address this problem necessitates shifting from the traditional, high-stakes, large-scale quarterly or even annual performance evaluations to much more frequent weekly or biweekly, low-stakes, brief performance evaluation through one-on-one in-person or videoconference check-ins.
Supervisees agree with their supervisor on three to five weekly or biweekly performance goals. Then, 72 hours before their check-in meeting, they send a brief report, under a page, to their boss of how they did on these goals, what challenges they faced and how they overcame them, a quantitative self-evaluation, and proposed goals for next week. Twenty-four hours before the meeting, the supervisor responds in a paragraph-long response with their initial impressions of the report.
It’s hard to tell how much any employee should worry about not being able to chat by the watercooler with their boss: knowing exactly where they stand is the key concern for employees, and they can take proactive action if they see their standing suffer.
At the one-on-one, the supervisor reinforces positive aspects of performance and coaches the supervisee on how to solve challenges better, agrees or revises the goals for next time, and affirms or revises the performance evaluation. That performance evaluation gets fed into a constant performance and promotion review system, which can replace or complement a more thorough annual evaluation.
This type of brief and frequent performance evaluation meeting ensures that the employee’s work is integrated with efforts by the supervisor’s other employees, thereby ensuring more unity in achieving business outcomes. It also mitigates concerns about facetime, since all get at least some personalized attention from their team leader. But more importantly, it addresses the underlying concerns about career mobility by giving all staff a clear indication of where they stand at all times. After all, it’s hard to tell how much any employee should worry about not being able to chat by the watercooler with their boss: knowing exactly where they stand is the key concern for employees, and they can take proactive action if they see their standing suffer.
Such best practices help integrate employees into a work culture fit for the future of work while fostering good relationships with managers. Research shows supervisor-supervisee relationships are the most critical ones for employee wellbeing, engagement, and retention.
Conclusion
You don’t have to be the CEO to implement these techniques. Lower-level leaders of small rank-and-file teams can implement these shifts within their own teams, adapting their culture and performance evaluations. And if you are a staff member rather than a leader, send this article to your supervisor and other employees at your company: start a conversation about the benefits of addressing proximity bias using such research-based best practices.