Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Breakthrough therapies are breaking patients' banks. Key changes could improve access, experts say.
Single-treatment therapies are revolutionizing medicine. But insurers and patients wonder whether they can afford treatment and, if they can, whether the high costs are worthwhile.
CSL Behring’s new gene therapy for hemophilia, Hemgenix, costs $3.5 million for one treatment, but helps the body create substances that allow blood to clot. It appears to be a cure, eliminating the need for other treatments for many years at least.
Likewise, Novartis’s Kymriah mobilizes the body’s immune system to fight B-cell lymphoma, but at a cost $475,000. For patients who respond, it seems to offer years of life without the cancer progressing.
These single-treatment therapies are at the forefront of a new, bold era of medicine. Unfortunately, they also come with new, bold prices that leave insurers and patients wondering whether they can afford treatment and, if they can, whether the high costs are worthwhile.
“Most pharmaceutical leaders are there to improve and save people’s lives,” says Jeremy Levin, chairman and CEO of Ovid Therapeutics, and immediate past chairman of the Biotechnology Innovation Organization. If the therapeutics they develop are too expensive for payers to authorize, patients aren’t helped.
“The right to receive care and the right of pharmaceuticals developers to profit should never be at odds,” Levin stresses. And yet, sometimes they are.
Leigh Turner, executive director of the bioethics program, University of California, Irvine, notes this same tension between drug developers that are “seeking to maximize profits by charging as much as the market will bear for cell and gene therapy products and other medical interventions, and payers trying to control costs while also attempting to provide access to medical products with promising safety and efficacy profiles.”
Why Payers Balk
Health insurers can become skittish around extremely high prices, yet these therapies often accompany significant overall savings. For perspective, the estimated annual treatment cost for hemophilia exceeds $300,000. With Hemgenix, payers would break even after about 12 years.
But, in 12 years, will the patient still have that insurer? Therein lies the rub. U.S. payers, are used to a “pay-as-you-go” model, in which the lifetime costs of therapies typically are shared by multiple payers over many years, as patients change jobs. Single treatment therapeutics eliminate that cost-sharing ability.
"As long as formularies are based on profits to middlemen…Americans’ healthcare costs will continue to skyrocket,” says Patricia Goldsmith, the CEO of CancerCare.
“There is a phenomenally complex, bureaucratic reimbursement system that has grown, layer upon layer, during several decades,” Levin says. As medicine has innovated, payment systems haven’t kept up.
Therefore, biopharma companies begin working with insurance companies and their pharmacy benefit managers (PBMs), which act on an insurer’s behalf to decide which drugs to cover and by how much, early in the drug approval process. Their goal is to make sophisticated new drugs available while still earning a return on their investment.
New Payment Models
Pay-for-performance is one increasingly popular strategy, Turner says. “These models typically link payments to evidence generation and clinically significant outcomes.”
A biotech company called bluebird bio, for example, offers value-based pricing for Zynteglo, a $2.8 million possible cure for the rare blood disorder known as beta thalassaemia. It generally eliminates patients’ need for blood transfusions. The company is so sure it works that it will refund 80 percent of the cost of the therapy if patients need blood transfusions related to that condition within five years of being treated with Zynteglo.
In his February 2023 State of the Union speech, President Biden proposed three pilot programs to reduce drug costs. One of them, the Cell and Gene Therapy Access Model calls on the federal Centers for Medicare & Medicaid Services to establish outcomes-based agreements with manufacturers for certain cell and gene therapies.
A mortgage-style payment system is another, albeit rare, approach. Amortized payments spread the cost of treatments over decades, and let people change employers without losing their healthcare benefits.
Only about 14 percent of all drugs that enter clinical trials are approved by the FDA. Pharma companies, therefore, have an exigent need to earn a profit.
The new payment models that are being discussed aren’t solutions to high prices, says Bill Kramer, senior advisor for health policy at Purchaser Business Group on Health (PBGH), a nonprofit that seeks to lower health care costs. He points out that innovative pricing models, although well-intended, may distract from the real problem of high prices. They are attempts to “soften the blow. The best thing would be to charge a reasonable price to begin with,” he says.
Instead, he proposes making better use of research on cost and clinical effectiveness. The Institute for Clinical and Economic Review (ICER) conducts such research in the U.S., determining whether the benefits of specific drugs justify their proposed prices. ICER is an independent non-profit research institute. Its reports typically assess the degrees of improvement new therapies offer and suggest prices that would reflect that. “Publicizing that data is very important,” Kramer says. “Their results aren’t used to the extent they could and should be.” Pharmaceutical companies tend to price their therapies higher than ICER’s recommendations.
Drug Development Costs Soar
Drug developers have long pointed to the onerous costs of drug development as a reason for high prices.
A 2020 study found the average cost to bring a drug to market exceeded $1.1 billion, while other studies have estimated overall costs as high as $2.6 billion. The development timeframe is about 10 years. That’s because modern therapeutics target precise mechanisms to create better outcomes, but also have high failure rates. Only about 14 percent of all drugs that enter clinical trials are approved by the FDA. Pharma companies, therefore, have an exigent need to earn a profit.
Skewed Incentives Increase Costs
Pricing isn’t solely at the discretion of pharma companies, though. “What patients end up paying has much more to do with their PBMs than the actual price of the drug,” Patricia Goldsmith, CEO, CancerCare, says. Transparency is vital.
PBMs control patients’ access to therapies at three levels, through price negotiations, pricing tiers and pharmacy management.
When negotiating with drug manufacturers, Goldsmith says, “PBMs exchange a preferred spot on a formulary (the insurer’s or healthcare provider’s list of acceptable drugs) for cash-base rebates.” Unfortunately, 25 percent of the time, those rebates are not passed to insurers, according to the PBGH report.
Then, PBMs use pricing tiers to steer patients and physicians to certain drugs. For example, Kramer says, “Sometimes PBMs put a high-cost brand name drug in a preferred tier and a lower-cost competitor in a less preferred, higher-cost tier.” As the PBGH report elaborates, “(PBMs) are incentivized to include the highest-priced drugs…since both manufacturing rebates, as well as the administrative fees they charge…are calculated as a percentage of the drug’s price.
Finally, by steering patients to certain pharmacies, PBMs coordinate patients’ access to treatments, control patients’ out-of-pocket costs and receive management fees from the pharmacies.
Therefore, Goldsmith says, “As long as formularies are based on profits to middlemen…Americans’ healthcare costs will continue to skyrocket.”
Transparency into drug pricing will help curb costs, as will new payment strategies. What will make the most impact, however, may well be the development of a new reimbursement system designed to handle dramatic, breakthrough drugs. As Kramer says, “We need a better system to identify drugs that offer dramatic improvements in clinical care.”
In today's podcast episode, law professor Gaia Bernstein talks about the challenges of keeping control over our thoughts and actions, even when some powerful forces are pushing in the other direction.
Each afternoon, kids walk through my neighborhood, on their way back home from school, and almost all of them are walking alone, staring down at their phones. It's a troubling site. This daily parade of the zombie children just can’t bode well for the future.
That’s one reason I felt like Gaia Bernstein’s new book was talking directly to me. A law professor at Seton Hall, Gaia makes a strong argument that people are so addicted to tech at this point, we need some big, system level changes to social media platforms and other addictive technologies, instead of just blaming the individual and expecting them to fix these issues.
Gaia’s book is called Unwired: Gaining Control Over Addictive Technologies. It’s fascinating and I had a chance to talk with her about it for today’s podcast. At its heart, our conversation is really about how and whether we can maintain control over our thoughts and actions, even when some powerful forces are pushing in the other direction.
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
We discuss the idea that, in certain situations, maybe it's not reasonable to expect that we’ll be able to enjoy personal freedom and autonomy. We also talk about how to be a good parent when it sometimes seems like our kids prefer to be raised by their iPads; so-called educational video games that actually don’t have anything to do with education; the root causes of tech addictions for people of all ages; and what kinds of changes we should be supporting.
Gaia is Seton’s Hall’s Technology, Privacy and Policy Professor of Law, as well as Co-Director of the Institute for Privacy Protection, and Co-Director of the Gibbons Institute of Law Science and Technology. She’s the founding director of the Institute for Privacy Protection. She created and spearheaded the Institute’s nationally recognized Outreach Program, which educated parents and students about technology overuse and privacy.
Professor Bernstein's scholarship has been published in leading law reviews including the law reviews of Vanderbilt, Boston College, Boston University, and U.C. Davis. Her work has been selected to the Stanford-Yale Junior Faculty Forum and received extensive media coverage. Gaia joined Seton Hall's faculty in 2004. Before that, she was a fellow at the Engelberg Center of Innovation Law & Policy and at the Information Law Institute of the New York University School of Law. She holds a J.S.D. from the New York University School of Law, an LL.M. from Harvard Law School, and a J.D. from Boston University.
Gaia’s work on this topic is groundbreaking I hope you’ll listen to the conversation and then consider pre-ordering her new book. It comes out on March 28.
