Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Stacey Khoury felt more fatigued and out of breath than she was used to from just walking up the steps to her job in retail jewelry sales in Nashville, Tennessee. By the time she got home, she was more exhausted than usual, too.
"I just thought I was working too hard and needed more exercise," recalls the native Nashvillian about those days in December 2010. "All of the usual excuses you make when you're not feeling 100%."
As a professional gemologist, being hospitalized during peak holiday sales season wasn't particularly convenient. There was no way around it though when her primary care physician advised Khoury to see a blood disorder oncologist because of her disturbing blood count numbers. As part of a routine medical exam, a complete blood count screens for a variety of diseases and conditions that affect blood cells, such as anemia, infection, inflammation, bleeding disorders and cancer.
"If approved, it will allow more patients to potentially receive a transplant than would have gotten one before."
While she was in the hospital, a bone marrow biopsy revealed that Khoury had acute myeloid leukemia, or AML, a high-risk blood cancer. After Khoury completed an intense first round of chemotherapy, her oncologist recommended a bone marrow transplant. The potentially curative treatment for blood-cancer patients requires them to first receive a high dose of chemotherapy. Next, an infusion of stem cells from a healthy donor's bone marrow helps form new blood cells to fight off the cancer long-term.
Each year, approximately 8,000 patients in the U.S. with AML and other blood cancers receive a bone marrow transplant from a donor, according to the Center for International Blood and Marrow Transplant Research. But Khoury wasn't so lucky. She ended up being among the estimated 40% of patients eligible for bone marrow transplants who don't receive one, usually because there's no matched donor available.
Khoury's oncologist told her about another option. She could enter a clinical trial for an investigational cell therapy called omidubicel, which is being developed by Israeli biotech company Gamida Cell. The company's cell therapy, which is still experimental, could up a new avenue of treatment for cancer patients who can't get a bone marrow transplant.
Omidubicel consists of stem cells from cord blood that have been expanded using Gamida's technology to ensure there are enough cells for a therapeutic dose. The company's technology allows the immature cord blood cells to multiply quickly in the lab. Like a bone marrow transplant, the goal of the therapy is to make sure the donor cells make their way to the bone marrow and begin producing healthy new cells — a process called engraftment.
"If approved, it will allow more patients to potentially receive a transplant than would have gotten one before, so there's something very novel and exciting about that," says Ronit Simantov, Gamida Cell's chief medical officer.
Khoury and her husband Rick packed up their car and headed to the closest trial site, the Duke University School of Medicine, roughly 500 miles away. There they met with Mitchell Horowitz, a stem cell transplant specialist at Duke and principal investigator for Gamida's omidubicel study in the U.S.
He told Khoury she was a perfect candidate for the trial, and she enrolled immediately. "When you have one of two decisions, and it's either do this or you're probably not going to be around, it was a pretty easy decision to make, and I am truly thankful for that," she says.
Khoury's treatment started at the end of March 2011, and she was home by July 4 that year. She say the therapy "worked the way the doctors wanted it to work." Khoury's blood counts were rising quicker than the people who had bone marrow matches, and she was discharged from Duke earlier than other patients were.
By expanding the number of cord blood cells — which are typically too few to treat an adult — omidubicel allows doctors to use cord blood for patients who require a transplant but don't have a donor match for bone marrow.
Patients receiving omidubicel first get a blood test to determine their human leukocyte antigen, or HLA, type. This protein is found on most cells in the body and is an important regulator of the immune system. HLA typing is used to match patients to bone marrow and cord blood donors, but cord blood doesn't require as close of a match.
Like bone marrow transplants, one potential complication of omidubicel is graft-versus-host disease, when the donated bone marrow or stem cells register the recipient's body as foreign and attack the body. Depending on the severity of the response, according to the Mayo Clinic, treatment includes medication to suppress the immune system, such as steroids. In clinical trials, the occurrence of graft-versus-host disease with omidubicel was comparable with traditional bone marrow transplants.
"Transplant doctors are working on improving that," Simantov says. "A number of new therapies that specifically address graft-versus-host disease will be making some headway in the coming months and years."
Gamida released the results of the Phase 3 study in February and continues to follow Khoury and the other study patients for their long-term outcomes. The large randomized trial evaluated the safety and efficacy of omidubicel compared to standard umbilical cord blood transplants in patients with blood cancer who didn't have a suitable bone marrow donor. Around 120 patients aged 12 to 65 across the U.S., Europe and Asia were included in the trial. The study found that omidubicel resulted in faster recovery, fewer bacterial and viral infections and fewer days in the hospital.
The company plans to seek FDA approval this year. Simantov anticipates the therapy will receive FDA approval by 2022.
"Opening up cord blood transplants is very important, especially for people of diverse ethnic backgrounds," says oncologist Gary Schiller, principal investigator at the David Geffen School of Medicine at UCLA for Gamida Cell's mid- and late-stage trials. "This expansion technology makes a big difference because it makes cord blood an available option for those who do not have another donor source."
As for Khoury, who proudly celebrated the anniversary of her first transplant in April—she remains cancer free and continues to work full-time as a gemologist. When she has a little free time, she enjoys gardening, sewing, or maybe traveling to national parks like Yellowstone or the Grand Canyon with her husband Rick.
Paralyzed By Polio, This British Tea Broker Changed the Course Of Medical History Forever
Robin Cavendish in his special wheelchair with his son Jonathan in the 1960s.
In December 1958, on a vacation with his wife in Kenya, a 28-year-old British tea broker named Robin Cavendish became suddenly ill. Neither he nor his wife Diana knew it at the time, but Robin's illness would change the course of medical history forever.
Robin was rushed to a nearby hospital in Kenya where the medical staff delivered the crushing news: Robin had contracted polio, and the paralysis creeping up his body was almost certainly permanent. The doctors placed Robin on a ventilator through a tracheotomy in his neck, as the paralysis from his polio infection had rendered him unable to breathe on his own – and going off the average life expectancy at the time, they gave him only three months to live. Robin and Diana (who was pregnant at the time with their first child, Jonathan) flew back to England so he could be admitted to a hospital. They mentally prepared to wait out Robin's final days.
But Robin did something unexpected when he returned to the UK – just one of many things that would astonish doctors over the next several years: He survived. Diana gave birth to Jonathan in February 1959 and continued to visit Robin regularly in the hospital with the baby. Despite doctors warning that he would soon succumb to his illness, Robin kept living.
After a year in the hospital, Diana suggested something radical: She wanted Robin to leave the hospital and live at home in South Oxfordshire for as long as he possibly could, with her as his nurse. At the time, this suggestion was unheard of. People like Robin who depended on machinery to keep them breathing had only ever lived inside hospital walls, as the prevailing belief was that the machinery needed to keep them alive was too complicated for laypeople to operate. But Diana and Robin were up for the challenges – and the risks. Because his ventilator ran on electricity, if the house were to unexpectedly lose power, Diana would either need to restore power quickly or hand-pump air into his lungs to keep him alive.
Robin's wheelchair was not only the first of its kind; it became the model for the respiratory wheelchairs that people still use today.
In an interview as an adult, Jonathan Cavendish reflected on his parents' decision to live outside the hospital on a ventilator: "My father's mantra was quality of life," he explained. "He could have stayed in the hospital, but he didn't think that was as good of a life as he could manage. He would rather be two minutes away from death and living a full life."
After a few years of living at home, however, Robin became tired of being confined to his bed. He longed to sit outside, to visit friends, to travel – but had no way of doing so without his ventilator. So together with his friend Teddy Hall, a professor and engineer at Oxford University, the two collaborated in 1962 to create an entirely new invention: a battery-operated wheelchair prototype with a ventilator built in. With this, Robin could now venture outside the house – and soon the Cavendish family became famous for taking vacations. It was something that, by all accounts, had never been done before by someone who was ventilator-dependent. Robin and Hall also designed a van so that the wheelchair could be plugged in and powered during travel. Jonathan Cavendish later recalled a particular family vacation that nearly ended in disaster when the van broke down outside of Barcelona, Spain:
"My poor old uncle [plugged] my father's chair into the wrong socket," Cavendish later recalled, causing the electricity to short. "There was fire and smoke, and both the van and the chair ground to a halt." Johnathan, who was eight or nine at the time, his mother, and his uncle took turns hand-pumping Robin's ventilator by the roadside for the next thirty-six hours, waiting for Professor Hall to arrive in town and repair the van. Rather than being panicked, the Cavendishes managed to turn the vigil into a party. Townspeople came to greet them, bringing food and music, and a local priest even stopped by to give his blessing.
Robin had become a pioneer, showing the world that a person with severe disabilities could still have mobility, access, and a fuller quality of life than anyone had imagined. His mission, along with Hall's, then became gifting this independence to others like himself. Robin and Hall raised money – first from the Ernest Kleinwort Charitable Trust, and then from the British Department of Health – to fund more ventilator chairs, which were then manufactured by Hall's company, Littlemore Scientific Engineering, and given to fellow patients who wanted to live full lives at home. Robin and Hall used themselves as guinea pigs, testing out different models of the chairs and collaborating with scientists to create other devices for those with disabilities. One invention, called the Possum, allowed paraplegics to control things like the telephone and television set with just a nod of the head. Robin's wheelchair was not only the first of its kind; it became the model for the respiratory wheelchairs that people still use today.
Robin went on to enjoy a long and happy life with his family at their house in South Oxfordshire, surrounded by friends who would later attest to his "down-to-earth" personality, his sense of humor, and his "irresistible" charm. When he died peacefully at his home in 1994 at age 64, he was considered the world's oldest-living person who used a ventilator outside the hospital – breaking yet another barrier for what medical science thought was possible.