Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen
From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Sexually Transmitted Infections are on the rise. This drug could stop them.
Cases of gonorrhea, chlamydia and syphilis soared last year, but researchers are finding that a drug known as doxy seems to reduce the number of infections.
Sexually transmitted infections (STIs) are surging across the U.S. to 2.5 million cases in 2021 according to preliminary data from the CDC. A new prevention and treatment strategy now in clinical trials may provide a way to get a handle on them.
It's easy to overlook the soaring rates of gonorrhea, chlamydia, and syphilis because most of those infections have few or no symptoms and can be identified only through testing. But left untreated, they can lead to serious damage to nerves and tissue, resulting in infertility, blindness, and dementia. Infants developing in utero are particularly vulnerable.
Covid-19 played havoc with regular medical treatment and preventive care for many health problems, including STIs. After formal lockdowns ended, many people gradually became more socially engaged, with increases in sexual activity, and may have prioritized these activities over getting back in touch with their doctors.
A second blow to controlling STIs is that family planning clinics are closing left and right because of the Dobbs decision and legislation in many states that curtailed access to an abortion. Discussion has focused on abortion, but those same clinics also play a vital role in the diagnosis and treatment of STIs.
Routine public health is the neglected stepchild of medicine. It is called upon in times of crisis but as that crisis resolves, funding dries up. Labs have atrophied and personnel have been redirected to Covid, “so access to routine screening for STIs has been decimated,” says Jennifer Mahn, director of sexual and clinical health with the National Coalition of STD Directors.
A preview of what we likely are facing comes from Iowa. In 2017, the state legislature restricted funding to family health clinics in four counties, which closed their doors. A year later the statewide rate of gonorrhea skyrocketed from 83 to 153.7 cases per 100,000 people. “Iowa counties with clinic closures had a significantly larger increase,” according to a study published in JAMA. That scenario likely is playing out in countless other regions where access to sexual health care is shrinking; it will be many months before we have the data to know for sure.
A decades-old antibiotic finds a new purpose
Using drugs to protect against HIV, either as post exposure prophylaxis (PEP) or pre-exposure prophylaxis (PrEP), has proven to be quite successful. Researchers wondered if the same approach might be applied to other STIs. They focused on doxycycline, or doxy for short. One of the most commonly prescribed antibiotics in the U.S., it’s a member of the tetracycline family that has been on the market since 1967. It is so safe that it’s used to treat acne.
Two small studies using doxy suggested that it could work to prevent STIs. A handful of clinical trials by different researchers and funding sources set out to generate the additional evidence needed to prove their hypothesis and change the standard of care.
Senior researcher Victor Omollo, with the Kenya Medical Research Institute, noted, “These are prevention interventions that women can control on their own without having to seek or get consent from another person,” as is the case with condom use.
The first with results is the DoxyPEP study, conducted at two sexual health clinics in San Francisco and Seattle. It drew from a mix of transgender women and men who have sex with men, who had at least one diagnosed STI over the last year. The researchers divided the participants into two groups: one with people who were already HIV-positive and engaged in care, while the other group consisted of people who were on PrEP to prevent infection with HIV. For the active part of the study, a subset of the participants received doxy, and the rest of the participants did not.
The researchers intentionally chose to do the study in a population at the highest risk of having STIs, who were very health oriented, and “who were getting screened every three months or so as part of their PrEP program or their HIV care program,” says Connie Celum, a senior researcher at the University of Washington on the study.
Each member of the active group was given a supply of doxy and asked to take two pills within 72 hours of having sex where a condom was not used. The study was supposed to run for two years but, in May, it stopped halfway through, when a safety monitoring board looked at the data and recommended that it would be unethical to continue depriving the control group of the drug’s benefits.
Celum presented these preliminary results from the DoxyPEP study in July at the International AIDS Conference in Montreal. “We saw about a 56 percent reduction in gonorrhea, about 80 percent reduction in chlamydia and syphilis, so very significant reductions, and this is on a per quarter basis,” she told a later webinar.
In Kenya, another study is following a group of cisgender women who are taking the same two-pill regimen to prevent HIV, and the data from this research should become available in 2023. Senior researcher Victor Omollo, with the Kenya Medical Research Institute, noted that “these are prevention interventions that women can control on their own without having to seek or get consent from another person,” as is the case with condom use, another effective prevention tool.
Antibiotic resistance
Antibiotic resistance is a potentially big concern. About 25 percent of gonorrhea strains circulating in the U.S. are resistant to the tetracycline class of drugs, including doxy; rates are higher elsewhere. But resistance often is a matter of degree and can be overcome with a larger or longer dose of the drug, or perhaps with a switch to another drug or a two-drug combination.
Research has shown that an established bacterial infection is more difficult to treat because it is part of a biofilm, which can leave only a small portion or perhaps none of the cell surface exposed to a drug. But a new infection, even one where the bacteria is resistant to a drug, might still be vulnerable to that drug if it's used before the bacterial biofilm can be established. Preliminary data suggests that may be the case with doxyPEP and drug resistant gonorrhea; some but not all new drug resistant infections might be thwarted if they’re treated early enough.
“There are some tradeoffs” to these interventions, Celum says, and people may disagree on the cost of increased resistance balanced against the benefits of treating the STIs and reducing their spread within the community.
Resistance does not seem to be an issue yet for chlamydia and syphilis even though doxy has been a recommended treatment for decades, but a remaining question is whether broader use of doxy will directly worsen antibiotic resistance in gonorrhea, or promote it in other STIs. And how will it affect the gut microbiome?
In addition, Celum notes that we need to understand whether doxy will generate mutations in other bacteria that might contribute to drug resistance for gonorrhea, chlamydia or syphilis. The studies underway aim to provide data to answer these questions.
“There are some tradeoffs” to these interventions, Celum says, and people may disagree on the cost of increased resistance balanced against the benefits of treating the STIs and reducing their spread within the community. That might affect doctors' willingness to prescribe the drug.
Turning research into action
The CDC makes policy recommendations for prevention services such as taking doxy, requiring some and leaving others optional. Celum says the CDC will be reviewing information from her trial at a meeting in December, but probably will wait until that study is published before making recommendations, likely in 2023. The San Francisco Department of Public Health issued its own guidance on October 20th and anecdotally, some doctors around the country are beginning to issue prescriptions for doxy to select patients.
About half of new STIs occur in young people ages 15 to 24, a group that is least likely to regularly see a doctor. And sexual health remains a great taboo for many people who don't want such information on their health record for prying parents, employers or neighbors to find out.
“People will go out of their way and travel extensive distances just to avoid that,” says Mahn, the National Coalition director. “People identify locations where they feel safe, where they feel welcome, where they don't feel judged,” Mahn explains, such as community and family planning clinics. They understand those issues and have fees that vary depending on a person’s ability to pay.
Given that these clinics already are understaffed and underfunded, they will be hard pressed to expand services covering the labor intensive testing and monitoring of a doxyPEP regimen. Sexual health clinics don't even have a separate line item in the federal budget for health. That is something the National Association of STI Directors is pushing for in D.C.
DoxyPEP isn't a panacea, and it isn't for everyone. “We really want to try to reach that population who is most likely going to have an STI in the next year,” says Celum, “Because that's where you are going to have the biggest impact.”
The Friday Five: The plain solution to holiday stress?
In this week's Friday Five, research on how to improve your working memory, the plain old solution to stress, rise of the robot surgeon, tomato brain power, the gut connection to health after strokes - and more.
The Friday Five covers five stories in research that you may have missed this week. There are plenty of controversies and troubling ethical issues in science – and we get into many of them in our online magazine – but this news roundup focuses on scientific creativity and progress to give you a therapeutic dose of inspiration headed into the weekend.
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
Here are the promising studies covered in this week's Friday Five:
- How to improve your working memory
- A plain old solution to stress
- Progress on a deadly cancer for first time since 1995*
- Rise of the robot surgeon
- Tomato brain power
And in an honorable mention this week, new research on the gut connection to better brain health after strokes.
* The methodology for this study has come under scrutiny here.