Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Is Carbon Dioxide the New Black? Yes, If These Fabric-Designing Scientists Have Their Way
The entrepreneurs Tawfiq Nasr Allah (left, standing) and Benoit Illy (right, sitting down) at Fairbrics' lab in Clichy, France.
Each year the world releases around 33 billion tons of carbon dioxide into the atmosphere. What if we could use this waste carbon dioxide to make shirts, dresses and hats? It sounds unbelievable. But two innovators are trying to tackle climate change in this truly unique way.
Chemist Tawfiq Nasr Allah set up Fairbrics with material scientist Benoît Illy in 2019. They're using waste carbon dioxide from industrial fumes as a raw material to create polyester, identical to the everyday polyester we use now. They want to take a new and very different approach to make the fashion industry more sustainable.
The Dark Side of Fast Fashion
The fashion industry is responsible for around 4% of global emissions. In a 2015 report, the MIT Materials Systems Laboratory predicted that the global impact of polyester fabric will grow from around 880 billion kg of CO2 in 2015 to 1.5 trillion kg of CO2 by 2030.
Professor Greg Peters, an expert in environmental science and sustainability, highlights the wide-ranging difficulties caused by the production of polyester. "Because it is made from petrochemical crude oil there is no real limit on how much polyester can be produced...You have to consider the ecological damage (oil spills, fracking etc.) caused by the oil and gas industry."
Many big-name brands have pledged to become carbon neutral by 2050. But nothing has really changed in the way polyester is produced.
Some companies are recycling plastic bottles into polyester. The plastic is melted into ultra-fine strands and then spun to create polyester. However, only a limited number of bottles are available. New materials must be added because of the amount of plastic degradation that takes place. Ultimately, recycling accounts for only a small percentage of the total amount of polyester produced.
Nasr Allah and Illy hope they can offer the solution the fashion industry is looking for. They are not just reducing the carbon emissions that are conventionally produced by making polyester. Their process actually goes much further. It's carbon negative and works by using up emissions from other industries.
"In a sense we imitate what nature does so well: plants capture CO2 and turn it into natural fibers using sunlight, we capture CO2 and turn it into synthetic fibers using electricity."
Experts in the field see a lot of promise. Dr Phil de Luna is an expert in carbon valorization -- the process of converting carbon dioxide into high-value chemicals. He leads a $57-million research program developing the technology to decarbonize Canada.
"I think the approach is great," he says. "Being able to take CO2 and then convert it into polymers or polyester is an excellent way to think about utilizing waste emissions and replacing fossil fuel-based materials. That is overall a net negative as compared to making polyester from fossil fuels."
From Harmful Waste to Useful Raw Material
It all started with Nasr Allah's academic research, primarily at the French Alternative Energies and Atomic Energy Commission (CEA). He spent almost 5 years investigating CO2 valorization. In essence, this involves breaking the bonds between the carbon and oxygen atoms in CO2 to create bonds with other elements.
Recycling carbon dioxide in this way requires extremely high temperatures and pressures. Catalysts are needed to break the strong bonds between the atoms. However, these are toxic, volatile and quickly lose their effectiveness over time. So, directly converting carbon dioxide into the raw material for making polyester fibers is very difficult.
Nasr Allah developed a process involving multiple simpler stages. His innovative approach involves converting carbon dioxide to intermediate chemicals. These chemicals can then be transformed into the raw material which is used in the production of polyester. After many experiments, Nasr Allah developed new processes and new catalysts that worked more effectively.
"We use a catalyst to transform CO2 into the chemicals that are used for polyester manufacturing," Illy says. "In a sense we imitate what nature does so well: plants capture CO2 and turn it into natural fibers using sunlight, we capture CO2 and turn it into synthetic fibers using electricity."
The Challenges Ahead
Nasr Allah met material scientist Illy through Entrepreneur First, a programme which pairs individuals looking to form technical start-ups. Together they set up Fairbrics and worked on converting Nasr Allah's lab findings into commercial applications and industrial success.
"The main challenge we faced was to scale up the process," Illy reveals. "[It had to be] consistent and safe to be carried out by a trained technician, not a specialist PhD as was the case in the beginning."
They recruited a team of scientists to help them develop a more effective and robust manufacturing process. Together, the team gained a more detailed theoretical understanding about what was happening at each stage of the chemical reactions. Eventually, they were able to fine tune the process and produce consistent batches of polyester.
They're making significant progress. They've produced their first samples and signed their first commercial contract to make polyester, which will then be both fabricated into clothes and sold by partner companies.
Currently, one of the largest challenges is financial. "We need to raise a fair amount to buy the equipment we need to produce at a large scale," Illy explains.
How to Power the Process?
At the moment, their main scientific focus is getting the process working reliably so they can begin commercialization. In order to remain sustainable and economically viable once they start producing polyester on a large scale, they need to consider the amount of energy they use for carbon valorization and the emissions they produce.
The more they optimize the way their catalyst works, the easier it will be to transform the CO2. The whole process can then become more cost effective and energy efficient.
De Luna explains: "My concern is...whether their process will be economical at scale. The problem is the energy cost to take carbon dioxide and transform it into these other products and that's where the science and innovation has to happen. [Whether they can scale up economically] depends on the performance of their catalyst."
They don't just need to think about the amount of energy they use to produce polyester; they also have to consider where this energy comes from.
"They need access to cheap renewable energy," De Luna says, "...so they're not using or emitting CO2 to do the conversion." If the energy they use to transform CO2 into polyester actually ends up producing more CO2, this will end up cancelling out their positive environmental impact.
Based in France, they're well located to address this issue. France has a clean electricity system, with only about 10% of their electric power coming from fossil fuels due to their reliance on nuclear energy and renewables.
Where Do They Get the Carbon Dioxide?
As they scale up, they also need to be able to access a source of CO2. They intend to obtain this from the steel industry, the cement industry, and hydrogen production.
The technology to purify and capture waste carbon dioxide from these industries is available on a large scale. However, there are only around 20 commercial operations in the world. The high cost of carbon capture means that development continues to be slow. There are a growing number of startups capturing carbon dioxide straight from the air, but this is even more costly.
One major problem is that storing captured carbon dioxide is expensive. "There are somewhat limited options for permanently storing captured CO2, so innovations like this are important,'' says T. Reed Miller, a researcher at the Yale University Center for Industrial Ecology.
Illy says: "The challenge is now to decrease the cost [of carbon capture]. By using CO2 as a raw material, we can try to increase the number of industries that capture CO2. Our goal is to turn CO2 from a waste into a valuable product."
Beyond Fashion
For Nasr Allah and Illy, fashion is just the beginning. There are many markets they can potentially break into. Next, they hope to use the polyester they've created in the packaging industry. Today, a lot of polyester is consumed to make bottles and jars. Illy believes that eventually they can produce many different chemicals from CO2. These chemicals could then be used to make paints, adhesives, and even plastics.
The Fairbrics scientists are providing a vital alternative to fossil fuels and showcasing the real potential of carbon dioxide to become a worthy resource instead of a harmful polluter.
Illy believes they can make a real difference through innovation: "We can have a significant impact in reducing climate change."
Vaccine passports, if required by businesses and universities, may give people a false sense of security, one expert cautions.
Vaccines are one of the greatest public health accomplishments of all time. For centuries, public health has relied on vaccinations to prevent and control disease outbreaks for a plethora of infectious scourges, with our crowning achievement being the successful eradication of smallpox.
The purpose of vaccine documentation is to provide proof of an individual's protection from either becoming infected or transmitting a vaccine-preventable disease. Vouching for these protections requires a firm knowledge about the epidemiology of the disease, as well as scientific knowledge concerning the efficacy of the vaccine. The vaccines we currently require be documented have met these tests; the vaccine for COVID-19 has not yet been proven to do so.
Let's acknowledge that the term "vaccine passport" is a poor choice of words. Passports are a legal travel document created by nations and governed by law for identification of the bearer to control entry and exit from nation states. They often serve as legal forms of identification and as a record of international travel. They are generally very sophisticated documents that have been created in a secure manner and may include a range of electronic and, in some cases, biometric measures such as fingerprints to ensure the holder is indeed who they say they are. Vaccine passports are medical documents used to document the vaccination status of an individual. They do not undergo the same level of administrative scrutiny and cannot be used to verify that the presenter is indeed the vaccinated individual. Some companies do have electronic methods to address concerns about verification; however, most people currently have paper records that can be easily falsified.
"Vaccine passports" as currently proposed risk giving people a false sense of security.
Successful disease control from vaccination programs relies on the ability to vaccinate at a level that prevents large-scale disease spread and the ability to rapidly identify the presence of disease outbreaks. It requires reliable, safe, and effective vaccines that are easily delivered in clinical and nonclinical settings. Keeping vaccination information as a part of the medical record, and even having a separate specialized vaccine record for personal use, is a time-honored tradition.
Keeping a vaccination record provides a method to keep track of the many shots one receives and serves as a visual reminder to help ensure the appropriate vaccine shot schedule is maintained for vaccines requiring multiple doses. The vaccine record, when combined with vaccine safety monitoring systems, serves as a mechanism to track adverse events to monitor and ensure the safety of vaccines as a consumer product. The record also serves as the official record of vaccination when required for administrative or legally prescribed purposes.
"Vaccine passports" as currently proposed risk giving people a false sense of security. In the case of the COVID-19 vaccines currently approved for use, many of the essential questions remain unanswered. While we do know the current three vaccines are highly protective against severe disease and death, and there is some evidence that these vaccinations do reduce infections and virus transmission of SARS-CoV-2, we do not yet know the full degree to which this occurs.
For example, we know there have been some cases of people that have been infected in close proximity to getting their full vaccination and rare cases of breakthrough reinfections. A breakthrough infection in a restaurant is a challenge for contact tracing, but an outbreak from a movie theater exposure or a baseball game could spark a major outbreak at our current level of vaccination. Current CDC guidance recommends continued mask wearing in order to address these concerns.
We also do not yet know how long the protections will last and if or when a booster or revaccination is required. In effect, it is too soon to know. Should an annual booster shot be required, then a vaccine passport would require annual updating, a process more frequent than renewal of a driver's license.
We also know that the current SARS-CoV-2 virus is mutating briskly. While the current approved vaccines have remained effective overall, there is evidence of some degree of degradation in vaccine effectiveness against some of the circulating strains. We also have sparse data on many of the other emerging strains of concern because we have not had the surveillance capacity in the U.S. to gain an adequate sense of how the virus is changing to fully align vaccine effectiveness with viral capabilities.
The risk of people misusing these "passports" is troubling. The potential for using these documents for hiring, firing or job limitation is a serious concern. Unvaccinated workers are at risk of this form of discrimination even from well-meaning employers or supervisors. Health insurers are prohibited by the Affordable Care Act from discriminating based on preexisting conditions, but they could probably charge a higher premium for unvaccinated individuals. There also is a risk of stigmatizing individuals who are not vaccinated or have left their vaccine documentation at home. Another concern: the opportunity to discriminate based on race, gender, sexual orientation, or religion, using one's vaccination status as an excuse.
These "passports" are being discussed as a "ticket verification" for entry to many activities, including dining at restaurants, flying domestically and/or internationally, going to movie theaters and sporting events, etc. These are all activities we already are doing at reduced levels and for which wearing a mask, hand hygiene and physical distancing are effective disease control practices. COVID-19 vaccines are indeed the measure that will make the ability to totally reopen our society complete, but we are not there yet. Documentation of one's COVID-19 vaccine status may be useful in selected situations in the future. That remains to be seen.
Finally, inadequate vaccine supply and disparities in vaccine delivery have created enormous challenges in providing equal access to vaccination. Also, the amount of misinformation, disinformation, and lingering vaccine hesitancy continue to limit the speed at which we will reach the level of vaccination of the population that would make this documentation meaningful. The requirement for "vaccine passports" is already alienating people who are opposed to vaccinations for a variety of reasons, paradoxically risking reduced vaccine uptake. This politicization of the vaccination effort is of concern. There are indeed people who, due to medical contraindications or legal exemptions, will not be vaccinated, and we do not yet have a national framework on how to address this.
Vaccine passports are not the solution for reopening our society — a robust vaccination program is. The requirement to document one's vaccination status for COVID-19 may one day have its place. For now, it is an idea whose time has not yet come.
Editor's Note: This op/ed is part of a "Big Question" series on the ethics of vaccine passports. Read the flip side argument here.