Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Scientists turn pee into power in Uganda
At the edge of a dirt road flanked by trees and green mountains outside the town of Kisoro, Uganda, sits the concrete building that houses Sesame Girls School, where girls aged 11 to 19 can live, learn and, at least for a while, safely use a toilet. In many developing regions, toileting at night is especially dangerous for children. Without electrical power for lighting, kids may fall into the deep pits of the latrines through broken or unsteady floorboards. Girls are sometimes assaulted by men who hide in the dark.
For the Sesame School girls, though, bright LED lights, connected to tiny gadgets, chased the fears away. They got to use new, clean toilets lit by the power of their own pee. Some girls even used the light provided by the latrines to study.
Urine, whether animal or human, is more than waste. It’s a cheap and abundant resource. Each day across the globe, 8.1 billion humans make 4 billion gallons of pee. Cows, pigs, deer, elephants and other animals add more. By spending money to get rid of it, we waste a renewable resource that can serve more than one purpose. Microorganisms that feed on nutrients in urine can be used in a microbial fuel cell that generates electricity – or "pee power," as the Sesame girls called it.
Plus, urine contains water, phosphorus, potassium and nitrogen, the key ingredients plants need to grow and survive. Human urine could replace about 25 percent of current nitrogen and phosphorous fertilizers worldwide and could save water for gardens and crops. The average U.S. resident flushes a toilet bowl containing only pee and paper about six to seven times a day, which adds up to about 3,500 gallons of water down per year. Plus cows in the U.S. produce 231 gallons of the stuff each year.
Pee power
A conventional fuel cell uses chemical reactions to produce energy, as electrons move from one electrode to another to power a lightbulb or phone. Ioannis Ieropoulos, a professor and chair of Environmental Engineering at the University of Southampton in England, realized the same type of reaction could be used to make a fuel from microbes in pee.
Bacterial species like Shewanella oneidensis and Pseudomonas aeruginosa can consume carbon and other nutrients in urine and pop out electrons as a result of their digestion. In a microbial fuel cell, one electrode is covered in microbes, immersed in urine and kept away from oxygen. Another electrode is in contact with oxygen. When the microbes feed on nutrients, they produce the electrons that flow through the circuit from one electrod to another to combine with oxygen on the other side. As long as the microbes have fresh pee to chomp on, electrons keep flowing. And after the microbes are done with the pee, it can be used as fertilizer.
These microbes are easily found in wastewater treatment plants, ponds, lakes, rivers or soil. Keeping them alive is the easy part, says Ieropoulos. Once the cells start producing stable power, his group sequences the microbes and keeps using them.
Like many promising technologies, scaling these devices for mass consumption won’t be easy, says Kevin Orner, a civil engineering professor at West Virginia University. But it’s moving in the right direction. Ieropoulos’s device has shrunk from the size of about three packs of cards to a large glue stick. It looks and works much like a AAA battery and produce about the same power. By itself, the device can barely power a light bulb, but when stacked together, they can do much more—just like photovoltaic cells in solar panels. His lab has produced 1760 fuel cells stacked together, and with manufacturing support, there’s no theoretical ceiling, he says.
Although pure urine produces the most power, Ieropoulos’s devices also work with the mixed liquids of the wastewater treatment plants, so they can be retrofit into urban wastewater utilities.
This image shows how the pee-powered system works. Pee feeds bacteria in the stack of fuel cells (1), which give off electrons (2) stored in parallel cylindrical cells (3). These cells are connected to a voltage regulator (4), which smooths out the electrical signal to ensure consistent power to the LED strips lighting the toilet.
Courtesy Ioannis Ieropoulos
Key to the long-term success of any urine reclamation effort, says Orner, is avoiding what he calls “parachute engineering”—when well-meaning scientists solve a problem with novel tech and then abandon it. “The way around that is to have either the need come from the community or to have an organization in a community that is committed to seeing a project operate and maintained,” he says.
Success with urine reclamation also depends on the economy. “If energy prices are low, it may not make sense to recover energy,” says Orner. “But right now, fertilizer prices worldwide are generally pretty high, so it may make sense to recover fertilizer and nutrients.” There are obstacles, too, such as few incentives for builders to incorporate urine recycling into new construction. And any hiccups like leaks or waste seepage will cost builders money and reputation. Right now, Orner says, the risks are just too high.
Despite the challenges, Ieropoulos envisions a future in which urine is passed through microbial fuel cells at wastewater treatment plants, retrofitted septic tanks, and building basements, and is then delivered to businesses to use as agricultural fertilizers. Although pure urine produces the most power, Ieropoulos’s devices also work with the mixed liquids of the wastewater treatment plants, so they can be retrofitted into urban wastewater utilities where they can make electricity from the effluent. And unlike solar cells, which are a common target of theft in some areas, nobody wants to steal a bunch of pee.
When Ieropoulos’s team returned to wrap up their pilot project 18 months later, the school’s director begged them to leave the fuel cells in place—because they made a major difference in students’ lives. “We replaced it with a substantial photovoltaic panel,” says Ieropoulos, They couldn’t leave the units forever, he explained, because of intellectual property reasons—their funders worried about theft of both the technology and the idea. But the photovoltaic replacement could be stolen, too, leaving the girls in the dark.
The story repeated itself at another school, in Nairobi, Kenya, as well as in an informal settlement in Durban, South Africa. Each time, Ieropoulos vowed to return. Though the pandemic has delayed his promise, he is resolute about continuing his work—it is a moral and legal obligation. “We've made a commitment to ourselves and to the pupils,” he says. “That's why we need to go back.”
Urine as fertilizer
Modern day industrial systems perpetuate the broken cycle of nutrients. When plants grow, they use up nutrients the soil. We eat the plans and excrete some of the nutrients we pass them into rivers and oceans. As a result, farmers must keep fertilizing the fields while our waste keeps fertilizing the waterways, where the algae, overfertilized with nitrogen, phosphorous and other nutrients grows out of control, sucking up oxygen that other marine species need to live. Few global communities remain untouched by the related challenges this broken chain create: insufficient clean water, food, and energy, and too much human and animal waste.
The Rich Earth Institute in Vermont runs a community-wide urine nutrient recovery program, which collects urine from homes and businesses, transports it for processing, and then supplies it as fertilizer to local farms.
One solution to this broken cycle is reclaiming urine and returning it back to the land. The Rich Earth Institute in Vermont is one of several organizations around the world working to divert and save urine for agricultural use. “The urine produced by an adult in one day contains enough fertilizer to grow all the wheat in one loaf of bread,” states their website.
Notably, while urine is not entirely sterile, it tends to harbor fewer pathogens than feces. That’s largely because urine has less organic matter and therefore less food for pathogens to feed on, but also because the urinary tract and the bladder have built-in antimicrobial defenses that kill many germs. In fact, the Rich Earth Institute says it’s safe to put your own urine onto crops grown for home consumption. Nonetheless, you’ll want to dilute it first because pee usually has too much nitrogen and can cause “fertilizer burn” if applied straight without dilution. Other projects to turn urine into fertilizer are in progress in Niger, South Africa, Kenya, Ethiopia, Sweden, Switzerland, The Netherlands, Australia, and France.
Eleven years ago, the Institute started a program that collects urine from homes and businesses, transports it for processing, and then supplies it as fertilizer to local farms. By 2021, the program included 180 donors producing over 12,000 gallons of urine each year. This urine is helping to fertilize hay fields at four partnering farms. Orner, the West Virginia professor, sees it as a success story. “They've shown how you can do this right--implementing it at a community level scale."
The Friday Five covers five stories in research that you may have missed this week. There are plenty of controversies and troubling ethical issues in science – and we get into many of them in our online magazine – but this news roundup focuses on scientific creativity and progress to give you a therapeutic dose of inspiration headed into the weekend.
Here are the promising studies covered in this week's Friday Five, featuring interviews with Dr. David Spiegel, associate chair of psychiatry and behavioral sciences at Stanford, and Dr. Filip Swirski, professor of medicine and cardiology at the Icahn School of Medicine at Mount Sinai.
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
Here are the promising studies covered in this week's Friday Five, featuring interviews with Dr. David Spiegel, associate chair of psychiatry and behavioral sciences at Stanford, and Dr. Filip Swirski, professor of medicine and cardiology at the Icahn School of Medicine at Mount Sinai.
- Breathing this way cuts down on anxiety*
- Could your fasting regimen make you sick?
- This type of job makes men more virile
- 3D printed hearts could save your life
- Yet another potential benefit of metformin
* This video with Dr. Andrew Huberman of Stanford shows exactly how to do the breathing practice.
This podcast originally aired on March 3, 2023.