Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
How mRNA Could Revolutionize Medicine
In November 2020, messenger RNA catapulted into the public consciousness when the first COVID-19 vaccines were authorized for emergency use. Around the same time, an equally groundbreaking yet relatively unheralded application of mRNA technology was taking place at a London hospital.
Over the past two decades, there's been increasing interest in harnessing mRNA — molecules present in all of our cells that act like digital tape recorders, copying instructions from DNA in the cell nucleus and carrying them to the protein-making structures — to create a whole new class of therapeutics.
Scientists realized that artificial mRNA, designed in the lab, could be used to instruct our cells to produce certain antibodies, turning our bodies into vaccine-making factories, or to recognize and attack tumors. More recently, researchers recognized that mRNA could also be used to make another groundbreaking technology far more accessible to more patients: gene editing. The gene-editing tool CRISPR has generated plenty of hype for its potential to cure inherited diseases. But delivering CRISPR to the body is complicated and costly.
"Most gene editing involves taking cells out of the patient, treating them and then giving them back, which is an extremely expensive process," explains Drew Weissman, professor of medicine at the University of Pennsylvania, who was involved in developing the mRNA technology behind the COVID-19 vaccines.
But last November, a Massachusetts-based biotech company called Intellia Therapeutics showed it was possible to use mRNA to make the CRISPR system inside the body, eliminating the need to extract cells out of the body and edit them in a lab. Just as mRNA can instruct our cells to produce antibodies against a viral infection, it can also teach them to produce one of the two components that make up CRISPR — a cutting protein that snips out a problem gene.
"The pandemic has really shown that not only are mRNA approaches viable, they could in certain circumstances be vastly superior to more traditional technologies."
In Intellia's London-based clinical trial, the company applied this for the first time in a patient with a rare inherited liver disease known as hereditary transthyretin amyloidosis with polyneuropathy. The disease causes a toxic protein to build up in a person's organs and is typically fatal. In a company press release, Intellia's president and CEO John Leonard swiftly declared that its mRNA-based CRISPR therapy could usher in a "new era of potential genome editing cures."
Weissman predicts that turning CRISPR into an affordable therapy will become the next major frontier for mRNA over the coming decade. His lab is currently working on an mRNA-based CRISPR treatment for sickle cell disease. More than 300,000 babies are born with sickle cell every year, mainly in lower income nations.
"There is a FDA-approved cure, but it involves taking the bone marrow out of the person, and then giving it back which is prohibitively expensive," he says. It also requires a patient to have a matched bone marrow done. "We give an intravenous injection of mRNA lipid nanoparticles that target CRISPR to the bone marrow stem cells in the patient, which is easy, and much less expensive."
Cancer Immunotherapy
Meanwhile, the overwhelming success of the COVID-19 vaccines has focused attention on other ways of using mRNA to bolster the immune system against threats ranging from other infectious diseases to cancer.
The practicality of mRNA vaccines – relatively small quantities are required to induce an antibody response – coupled with their adaptable design, mean companies like Moderna are now targeting pathogens like Zika, chikungunya and cytomegalovirus, or CMV, which previously considered commercially unviable for vaccine developers. This is because outbreaks have been relatively sporadic, and these viruses mainly affect people in low-income nations who can't afford to pay premium prices for a vaccine. But mRNA technology means that jabs could be produced on a flexible basis, when required, at relatively low cost.
Other scientists suggest that mRNA could even provide a means of developing a universal influenza vaccine, a goal that's long been the Holy Grail for vaccinologists around the world.
"The mRNA technology allows you to pick out bits of the virus that you want to induce immunity to," says Michael Mulqueen, vice president of business development at eTheRNA, a Belgium-based biotech that's developing mRNA-based vaccines for malaria and HIV, as well as various forms of cancer. "This means you can get the immune system primed to the bits of the virus that don't vary so much between strains. So you could actually have a single vaccine that protects against a whole raft of different variants of the same virus, offering more universal coverage."
Before mRNA became synonymous with vaccines, its biggest potential was for cancer treatments. BioNTech, the German biotech company that collaborated with Pfizer to develop the first authorized COVID-19 vaccine, was initially founded to utilize mRNA for personalized cancer treatments, and the company remains interested in cancers ranging from melanoma to breast cancer.
One of the major hurdles in treating cancer has been the fact that tumors can look very different from one person to the next. It's why conventional approaches, such as chemotherapy or radiation, don't work for every patient. But weaponizing mRNA against cancer primes the immune cells with the tumor's specific genetic sequence, training the patient's body to attack their own unique type of cancer.
"It means you're able to think about personalizing cancer treatments down to specific subgroups of patients," says Mulqueen. "For example, eTheRNA are developing a renal cell carcinoma treatment which will be targeted at around 20% of these patients, who have specific tumor types. We're hoping to take that to human trials next year, but the challenge is trying to identify the right patients for the treatment at an early stage."
Repairing Damaged mRNA
While hopes are high that mRNA could usher in new cancer treatments and make CRISPR more accessible, a growing number of companies are also exploring an alternative to gene editing, known as RNA editing.
In genetic disorders, the mRNA in certain cells is impaired due to a rogue gene defect, and so the body ceases to produce a particular vital protein. Instead of permanently deleting the problem gene with CRISPR, the idea behind RNA editing is to inject small pieces of synthetic mRNA to repair the existing mRNA. Scientists think this approach will allow normal protein production to resume.
Over the past few years, this approach has gathered momentum, as some researchers have recognized that it holds certain key advantages over CRISPR. Companies from Belgium to Japan are now looking at RNA editing to treat all kinds of disorders, from Huntingdon's disease, to amyotrophic lateral sclerosis, or ALS, and certain types of cancer.
"With RNA editing, you don't need to make any changes to the DNA," explains Daniel de Boer, CEO of Dutch biotech ProQR, which is looking to treat rare genetic disorders that cause blindness. "Changes to the DNA are permanent, so if something goes wrong, that may not be desirable. With RNA editing, it's a temporary change, so we dose patients with our drugs once or twice a year."
Last month, ProQR reported a landmark case study, in which a patient with a rare form of blindness called Leber congenital amaurosis, which affects the retina at the back of the eye, recovered vision after three months of treatment.
"We have seen that this RNA therapy restores vision in people that were completely blind for a year or so," says de Boer. "They were able to see again, to read again. We think there are a large number of other genetic diseases we could go after with this technology. There are thousands of different mutations that can lead to blindness, and we think this technology can target approximately 25% of them."
Ultimately, there's likely to be a role for both RNA editing and CRISPR, depending on the disease. "I think CRISPR is ideally suited for illnesses where you would like to permanently correct a genetic defect," says Joshua Rosenthal of the Marine Biology Laboratory in Chicago. "Whereas RNA editing could be used to treat things like pain, where you might want to reset a neural circuit temporarily over a shorter period of time."
Much of this research has been accelerated by the COVID-19 pandemic, which has played a major role in bringing mRNA to the forefront of people's minds as a therapeutic.
"The pandemic has really shown that not only are mRNA approaches viable, they could in certain circumstances be vastly superior to more traditional technologies," says Mulqueen. "In the future, I would not be surprised if many of the top pharma products are mRNA derived."
New Podcast: Jessica Malaty Rivera Talks Vaccine Hesitancy
"Making Sense of Science" is a monthly podcast that features interviews with leading medical and scientific experts about the latest developments and the big ethical and societal questions they raise. This episode is hosted by science and biotech journalist Emily Mullin, summer editor of the award-winning science outlet Leaps.org.