Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
In late March, just as the COVID-19 pandemic was ramping up in the United States, David Fajgenbaum, a physician-scientist at the University of Pennsylvania, devised a 10-day challenge for his lab: they would sift through 1,000 recently published scientific papers documenting cases of the deadly virus from around the world, pluck out the names of any drugs used in an attempt to cure patients, and track the treatments and their outcomes in a database.
Before late 2019, no one had ever had to treat this exact disease before, which meant all treatments would be trial and error. Fajgenbaum, a pioneering researcher in the field of drug repurposing—which prioritizes finding novel uses for existing drugs, rather than arduously and expensively developing new ones for each new disease—knew that physicians around the world would be embarking on an experimental journey, the scale of which would be unprecedented. His intention was to briefly document the early days of this potentially illuminating free-for-all, as a sidebar to his primary field of research on a group of lymph node disorders called Castleman disease. But now, 11 months and 29,000 scientific papers later, he and his team of 22 are still going strong.
On a Personal Mission<p>In the science and medical world, Fajgenbaum lives a dual existence: he is both researcher and subject, physician and patient. In July 2010, when he was a healthy and physically fit 25-year-old finishing medical school, he began living through what would become a recurring, unprovoked, and overzealous immune response that repeatedly almost killed him.</p><p>His lymph nodes were inflamed; his liver, kidneys, and bone marrow were faltering; and he was dead tired all the time. At first his doctors mistook his mysterious illness for lymphoma, but his inflamed lymph nodes were merely a red herring. A month after his initial hospitalization, pathologists at Mayo Clinic finally diagnosed him with idiopathic multicentric Castleman disease—a particularly ruthless form of a class of lymph node disorders that doesn't just attack one part of the body, but many, and has no known cause. It's a rare diagnosis within an already rare set of disorders. Only about 1,500 Americans a year receive the same diagnosis. </p><p>Without many options for treatment, Fajgenbaum underwent recurring rounds of chemotherapy. Each time, the treatment would offer temporary respite from Castleman symptoms, but bring the full spate of chemotherapy side effects. And it wasn't a sustainable treatment for the long haul. Regularly dousing a person's cells in unmitigated toxicity was about as elegant a solution to Fajgenbaum's disease as bulldozing a house in response to a toaster fire. The fire might go out (though not necessarily), but the house would be destroyed.</p><p>A swirl of exasperation and doggedness finally propelled Fajgenbaum to take on a crucial question himself: Among all of the already FDA-approved drugs on the market, was there something out there, labeled for another use, that could beat back Castleman disease and that he could tolerate long-term? After months of research, he discovered the answer: sirolimus, a drug normally prescribed to patients receiving a kidney transplant, could be used to suppress his overactive immune system with few known side effects to boot.</p><p>Fajgenbaum became hellbent on devoting his practice and research to making similar breakthroughs for others. He founded the Castleman Disease Collaborative Network, to coordinate the research of others studying this bewildering disease, and directs a laboratory consumed with studying cytokine storms—out-of-control immune responses characterized by the body's release of cytokines, proteins that the immune system secretes and uses to communicate with and direct other cells. </p><p>In the spring of 2020, when cytokine storms emerged as a hallmark of the most severe and deadly cases of COVID-19, Fajgenbaum's ears perked up. Although SARS-CoV-2 itself was novel, Fajgenbaum already had almost a decade of experience battling the most severe biological forces it brought. Only this time, he thought, it might actually be easier to pinpoint a treatment—unlike Castleman disease, which has no known cause, at least here a virus was clearly the instigator. </p>
Thinking Beyond COVID<p>The week of March 13, when the World Health Organization declared COVID-19 a pandemic, Fajgenbaum found himself hoping that someone would make the same connection and apply the research to COVID. "Then like a minute later I was like, 'Why am I hoping that someone, somewhere, either follows our footsteps, or has a similar background to us? Maybe we just need to do it," he says. And the CORONA Project was born—first as a 10-day exercise, and later as the robust, interactive tool it now is. </p><p>All of the 400 treatments in the CORONA database are examples of repurposed drugs, or off-label uses: physicians are prescribing drugs to treat COVID that have been approved for a different disease. There are no bonafide COVID treatments, only inferences. The goal for people like Fajgenbaum and Stone is to identify potential treatments for further study and eventual official approval, so that physicians can treat the disease with a playbook in hand. When it works, drug repurposing opens up a way to move quickly: A range of treatments could be available to patients within just a few years of a totally new virus entering our reality compared with the 12 - 19 years new drug development takes.</p><p>"Companies for many decades have explored the use of their products for not just a single indication but often for many indications," says Stone. "'Supplemental approvals' are all essentially examples of drug repurposing, we just didn't call it that. The challenge, I think, is to explore those opportunities more comprehensively and systematically to really try to understand the full breadth of potential activity of any drug or molecule."</p>
The left column shows the path of a repurposed drug, and on the right is the path of a newly discovered and developed drug.
Cures Within Reach
A Confounding Virus<p>The FDA declined to comment on what drugs it was fast-tracking for trials, but Fajgenbaum says that based on the CORONA Project's data, which includes data from smaller trials that have already taken place, he feels there are three drugs that seem the most clearly and broadly promising for large-scale studies. Among them are <a href="https://www.thelancet.com/journals/lanres/article/PIIS2213-2600(20)30503-8/fulltext" target="_blank" rel="noopener noreferrer"><u>dexamethasone</u></a>, which is a steroid with anti-inflammatory effects, and <a href="https://www.fda.gov/news-events/press-announcements/coronavirus-covid-19-update-fda-authorizes-drug-combination-treatment-covid-19" target="_blank" rel="noopener noreferrer"><u>baricitinib</u></a>, a rheumatoid arthritis drug, both of which have enabled the sickest COVID-19 patients to bounce back by suppressing their immune systems. The third most clearly promising drug is <a href="https://www.nih.gov/news-events/news-releases/full-dose-blood-thinners-decreased-need-life-support-improved-outcome-hospitalized-covid-19-patients" target="_blank" rel="noopener noreferrer"><u>heparin</u></a>, a blood thinner, which a recent trial showed to be most helpful when administered at a full dose, more so than at a small, preventative dose. (On the flipside, Fajgenbaum says "it's a little sad" that in the database you can see hydroxychloroquine is still the most-prescribed drug being tried as a COVID treatment around the world, despite over the summer being <a href="https://www.nejm.org/doi/full/10.1056/NEJMoa2021801" target="_blank" rel="noopener noreferrer"><u>debunked</u></a> widely as an effective treatment, and continuously since then.)</p><p>One of the confounding attributes of SARS-CoV-2 is its ability to cause such a huge spectrum of outcomes. It's unlikely a silver bullet treatment will emerge under that reality, so the database also helps surface drugs that seem most promising for a specific population. <a href="https://jamanetwork.com/journals/jama/fullarticle/2773108" target="_blank" rel="noopener noreferrer"><u>Fluvoxamine</u></a>, a selective serotonin reuptake inhibitor used to treat obsessive compulsive disorder, showed promise in the recovery of outpatients—those who were sick, but not severely enough to be hospitalized. <a href="https://jamanetwork.com/journals/jamainternalmedicine/fullarticle/2772185" target="_blank" rel="noopener noreferrer"><u>Tocilizumab</u></a>, which was actually developed for Castleman disease, the disease Fajgenbaum is managing, was initially written off as a COVID treatment because it failed to benefit large portions of hospitalized patients, but now seems to be effective if used on intensive care unit patients within 24 hours of admission—these are some of the sickest patients with the highest risk of dying. </p><p>Other than fluvoxamine, most of the drugs labeled as promising do skew toward targeting hospitalized patients, more than outpatients. One reason, Fajgenbaum says, is that "if you're in a hospital it's very easy to give you a drug and to track you, and there are very objective measurements as to whether you die, you progress to a ventilator, etc." Tracking outpatients is far more difficult, especially when folks have been routinely asked to stay home, quarantine, and free up hospital resources if they're experiencing only mild symptoms. </p><p>But the other reason for the skew is because COVID is very unlike most other diseases in terms of the human immune response the virus triggers. For example, if oncology treatments show some benefit to people with the highest risk of dying, then they usually work extremely well if administered in the earlier stages of a cancer diagnosis. Across many diseases, this dialing backward is a standard approach to identifying promising treatments. With COVID, all of that reasoning has proven moot. </p><p>As we've seen over the last year, COVID cases often start as asymptomatic, and remain that way for days, indicating the body is mounting an incredibly weak immune response initially. Then, between days five and 14, as if trying to make up for lost time, the immune system overcompensates by launching a major inflammatory response, which in the sickest patient can lead to the type of cytokine storms that helped Fajgenbaum realize his years of Castleman research might be useful during this public health crisis. Because of this phased response, you can't apply the same treatment logic to all cases.</p><p>"In COVID, drugs that work late tend to not work if given early, and drugs that work early tend to not work if given late," says Fajgenbaum. "Generally this … is not a commonplace thing for a virus." </p>
Thursday, March 11th, 2021 at 12:30pm - 1:45pm EST
On the one-year anniversary of the global declaration of the pandemic, this virtual event will convene leading scientific and medical experts to discuss the most pressing questions around the COVID-19 vaccines. Planned topics include the effect of the new circulating variants on the vaccines, what we know so far about transmission dynamics post-vaccination, how individuals can behave post-vaccination, the myths of "good" and "bad" vaccines as more alternatives come on board, and more. A public Q&A will follow the expert discussion.
SPEAKERS:<img lazy-loadable="true" data-runner-src="https://leaps.org/media-library/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yNTY3Mzc4NS9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTY0NjYwNjU4NX0.Tdrh5pze5P4XxgiJK3J4JFrsrijfabIzNJz-AATghDE/image.jpg?width=534&coordinates=365%2C3%2C299%2C559&height=462" id="87554" class="rm-shortcode" data-rm-shortcode-id="b6c7311be7aec25807f9af19b683bf1d" data-rm-shortcode-name="rebelmouse-image" data-width="534" data-height="462" />
Dr. Paul Offit speaking at Communicating Vaccine Science.commons.wikimedia.org<p><strong><a href="https://www.research.chop.edu/people/paul-a-offit" target="_blank" rel="noopener noreferrer">Dr. Paul Offit, M.D.</a>, is the director of the Vaccine Education Center and an attending physician in infectious diseases at the Children's Hospital of Philadelphia. He is a co-inventor of the rotavirus vaccine for infants, and he has lent his expertise to the advisory committees that review data on new vaccines for the CDC and FDA.</strong></p>
Dr. Monica Gandhi
UCSF Health<p><a href="https://profiles.ucsf.edu/monica.gandhi"></a><strong><a href="https://profiles.ucsf.edu/monica.gandhi" target="_blank">Dr. Monica Gandhi, M.D., MPH,</a> is Professor of Medicine and Associate Division Chief (Clinical Operations/ Education) of the Division of HIV, Infectious Diseases, and Global Medicine at UCSF/ San Francisco General Hospital.</strong></p>
Dr. Onyema Ogbuagu, MBBCh, FACP, FIDSA
Yale Medicine<p><strong><a href="https://medicine.yale.edu/profile/onyema_ogbuagu/" target="_blank" rel="noopener noreferrer">Dr. Onyema Ogbuagu, MBBCh</a>, is an infectious disease physician at Yale Medicine who treats COVID-19 patients and leads Yale's clinical studies around COVID-19. He ran Yale's trial of the Pfizer/BioNTech vaccine.</strong></p>
Dr. Eric Topol
Dr. Topol's Twitter<p><strong><a href="https://www.scripps.edu/faculty/topol/" target="_blank" rel="noopener noreferrer">Dr. Eric Topol, M.D.</a>, is a cardiologist, scientist, professor of molecular medicine, and the director and founder of Scripps Research Translational Institute. He has led clinical trials in over 40 countries with over 200,000 patients and pioneered the development of many routinely used medications.</strong></p>