Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
When David M. Kurtz was doing his clinical fellowship at Stanford University Medical Center in 2009, specializing in lymphoma treatments, he found himself grappling with a question no one could answer. A typical regimen for these blood cancers prescribed six cycles of chemotherapy, but no one knew why. "The number seemed to be drawn out of a hat," Kurtz says. Some patients felt much better after just two doses, but had to endure the toxic effects of the entire course. For some elderly patients, the side effects of chemo are so harsh, they alone can kill. Others appeared to be cancer-free on the CT scans after the requisite six but then succumbed to it months later.
"Anecdotally, one patient decided to stop therapy after one dose because he felt it was so toxic that he opted for hospice instead," says Kurtz, now an oncologist at the center. "Five years down the road, he was alive and well. For him, just one dose was enough." Others would return for their one-year check up and find that their tumors grew back. Kurtz felt that while CT scans and MRIs were powerful tools, they weren't perfect ones. They couldn't tell him if there were any cancer cells left, stealthily waiting to germinate again. The scans only showed the tumor once it was back.
Blood cancers claim about 68,000 people a year, with a new diagnosis made about every three minutes, according to the Leukemia Research Foundation. For patients with B-cell lymphoma, which Kurtz focuses on, the survival chances are better than for some others. About 60 percent are cured, but the remaining 40 percent will relapse—possibly because they will have a negative CT scan, but still harbor malignant cells. "You can't see this on imaging," says Michael Green, who also treats blood cancers at University of Texas MD Anderson Medical Center.
The new blood test is sensitive enough to spot one cancerous perpetrator amongst one million other DNA molecules.
Kurtz wanted a better diagnostic tool, so he started working on a blood test that could capture the circulating tumor DNA or ctDNA. For that, he needed to identify the specific mutations typical for B-cell lymphomas. Working together with another fellow PhD student Jake Chabon, Kurtz finally zeroed-in on the tumor's genetic "appearance" in 2017—a pair of specific mutations sitting in close proximity to each other—a rare and telling sign. The human genome contains about 3 billion base pairs of nucleotides—molecules that compose genes—and in case of the B-cell lymphoma cells these two mutations were only a few base pairs apart. "That was the moment when the light bulb went on," Kurtz says.
The duo formed a company named Foresight Diagnostics, focusing on taking the blood test to the clinic. But knowing the tumor's mutational signature was only half the process. The other was fishing the tumor's DNA out of patients' bloodstream that contains millions of other DNA molecules, explains Chabon, now Foresight's CEO. It would be like looking for an escaped criminal in a large crowd. Kurtz and Chabon solved the problem by taking the tumor's "mug shot" first. Doctors would take the biopsy pre-treatment and sequence the tumor, as if taking the criminal's photo. After treatments, they would match the "mug shot" to all DNA molecules derived from the patient's blood sample to see if any molecular criminals managed to escape the chemo.
Foresight isn't the only company working on blood-based tumor detection tests, which are dubbed liquid biopsies—other companies such as Natera or ArcherDx developed their own. But in a recent study, the Foresight team showed that their method is significantly more sensitive in "fishing out" the cancer molecules than existing tests. Chabon says that this test can detect circulating tumor DNA in concentrations that are nearly 100 times lower than other methods. Put another way, it's sensitive enough to spot one cancerous perpetrator amongst one million other DNA molecules.
"It increases the sensitivity of detection and really catches most patients who are going to progress," says Green, the University of Texas oncologist who wasn't involved in the study, but is familiar with the method. It would also allow monitoring patients during treatment and making better-informed decisions about which therapy regimens would be most effective. "It's a minimally invasive test," Green says, and "it gives you a very high confidence about what's going on."
Having shown that the test works well, Kurtz and Chabon are planning a new trial in which oncologists would rely on their method to decide when to stop or continue chemo. They also aim to extend their test to detect other malignancies such as lung, breast or colorectal cancers. The latest genome sequencing technologies have sequenced and catalogued over 2,500 different tumor types, says Chabon, which gives the team the opportunity to create more molecular "mug shots."
The team hopes that that their blood cancer test will become available to patients within about five years, making doctors' job easier, and not only at the biological level. "When I tell patients, "good news, your cancer is in remission', they ask me, 'does it mean I'm cured?'" Kurtz says. "Right now I can't answer this question because I don't know—but I would like to." His company's test, he hopes, will enable him to reply with certainty. He'd very much like to have the power of that foresight.
The white two-seater car that rolls down the street in the Sorrento Valley of San Diego looks like a futuristic batmobile, with its long aerodynamic tail and curved underbelly. Called 'Sol' (Spanish for "sun"), it runs solely on solar and could be the future of green cars. Its maker, the California startup Aptera, has announced the production of Sol, the world's first mass-produced solar vehicle, by the end of this year. Aptera co-founder Chris Anthony points to the sky as he says, "On this sunny California day, there is ample fuel. You never need to charge the car."
If you live in a sunny state like California or Florida, you might never need to plug in the streamlined Sol because the solar panels recharge while driving and parked. Its 60-mile range is more than the average commuter needs. For cloudy weather, battery packs can be recharged electronically for a range of up to 1,000 miles. The ultra-aerodynamic shape made of lightweight materials such as carbon, Kevlar, and hemp makes the Sol four times more energy-efficient than a Tesla, according to Aptera. "The material is seven times stronger than steel and even survives hail or an angry ex-girlfriend," Anthony promises.
Co-founder Steve Fambro opens the Sol's white doors that fly upwards like wings and I get inside for a test drive. Two dozen square solar panels, each the size of a large square coaster, on the roof, front, and tail power the car. The white interior is spartan; monitors have replaced mirrors and the dashboard. An engineer sits in the driver's seat, hits the pedal, and the low-drag two-seater zooms from 0 to 60 in 3.5 seconds.
It feels like sitting in a race car because the two-seater is so low to the ground but the car is built to go no faster than 100 or 110 mph. The finished car will weigh less than 1,800 pounds, about half of the smallest Tesla. The average car, by comparison, weighs more than double that. "We've built it primarily for energy efficiency," Steve Fambro says, explaining why the Sol has only three wheels. It's technically an "auto-cycle," a hybrid between a motorcycle and a car, but Aptera's designers are also working to design a four-seater.
There has never been a lack of grand visions for the future of the automobile, but until these solar cars actually hit the streets, nobody knows how the promises will hold up.
Transportation is currently the biggest source of greenhouse gases. Developing an efficient solar car that does not burden the grid has been the dream of innovators for decades. Every other year, dozens of innovators race their self-built solar cars 2,000 miles through the Australian desert.
More effective solar panels are finally making the dream mass-compatible, but just like other innovative car ideas, Aptera's vision has been plagued with money problems. Anthony and Fambro were part of the original crew that founded Aptera in 2006 and worked on the first prototype around the same time Tesla built its first roadster, but Aptera went bankrupt in 2011. Anthony and Fambro left a year before the bankruptcy and went on to start other companies. Among other projects, Fambro developed the first USDA organic vertical farm in the United Arab Emirates, and Anthony built a lithium battery company, before the two decided to buy Aptera back. Without a billionaire such as Elon Musk bankrolling the risky process of establishing a whole new car production system from scratch, the huge production costs are almost insurmountable.
But Aptera's founders believe they have found solutions for the entire production process as well as the car design. Most parts of the Sol's body can be made by 3D printers and assembled like a Lego kit. If this makes you think of a toy car, Anthony assures potential buyers that the car aced stress tests and claims it's safer than any vehicle on the market, "because the interior is shaped like an egg and if there is an impact, the pressure gets distributed equally." However, Aptera has yet to release crash test safety data so outside experts cannot evaluate their claims.
Instead of building a huge production facility, Anthony and Fambro envision "micro-factories," each less than 10,000 square feet, where a small crew can assemble cars on demand wherever the orders are highest, be it in California, Canada, or China.
If a part of the Sol breaks, Aptera promises to send replacement parts to any corner of the world within 24 hours, with instructions. So a mechanic in a rural corner in Arkansas or China who never worked on a solar car before simply needs to download the instructions and replace the broken part. At least that's the idea. "The material does not rust nor fatigue," Fambro promises. "You can pass the car onto your grandchildren. When more efficient solar panels hit the market, we simply replace them."
More than 11,000 potential buyers have already signed up; the cheapest model costs around $26,000 USD and Aptera expects the first cars to ship by the end of the year.
Two other solar carmakers are vying for the pole position in the race to be the first to market: The German startup Sono has also announced it will also produce its first solar car by the end of this year. The price tag for the basic model is also around $26,000, but its concept is very different. From the outside, the Sion looks like a conservative minivan for a family; only a closer look reveals that the dark exterior is made of solar panels. Sono, too, nearly went bankrupt a few years ago and was saved through a crowdfunding campaign by enthusiastic fans.
Meanwhile, Norwegian company Lightyear wants to produce a sleek solar-powered luxury sedan by the end of the year, but its price of around $180,000 makes it unaffordable for most buyers.
There has never been a lack of grand visions for the future of the automobile, but until these solar cars actually hit the streets, nobody knows how the promises will hold up. How often will the cars need to be repaired? What happens when snow and ice cover the solar panels? Also, you can't park the car in a garage if you need the sun to charge it.
Critics, including students at the Solar Car team at the University of Michigan, say that mounting solar panels on a moving vehicle will never yield the most efficient results compared to static panels. Also, they are quick to point out that no company has managed to overcome the production hurdles yet. Others in the field also wonder how well the solar panels will actually work.
"It's important to realize that the solar mileage claims by these companies are likely the theoretical best case scenario but in the real world, solar range will be significantly less when you factor in shading, parking in garages, and geographies with lower solar irradiance," says Evan Stumpges, the team coordinator for the American Solar Challenge, a competition in which enthusiasts build and race solar-powered cars. "The encouraging thing is that I have seen videos of real working prototypes for each of these vehicles which is a key accomplishment. That said, I believe the biggest hurdle these companies have yet to face is successfully ramping up to volume production and understanding what their profitability point will be for selling the vehicles once production has stabilized."
Professor Daniel M. Kammen, the founding director of the Renewable and Appropriate Energy Laboratory at the University of California, Berkeley, and one of the world's foremost experts on renewable energy, believes that the technical challenges have been solved, and that solar cars have real advantages over electric vehicles.
"This is the right time to be bullish. Cutting out the charging is a natural solution for long rides," he says. "These vehicles are essentially solar panels and batteries on wheels. These are now record low-cost and can be built from sustainable materials." Apart from Aptera's no-charge technology, he appreciates the move toward no-conflict materials. "Not only is the time ripe but the youth movement is pushing toward conflict-free material and reducing resource waste....A low-cost solar fleet could be really interesting in relieving burden on the grid, or you could easily imagine a city buying a bunch of them and connecting them with mass transit." While he has followed all three new solar companies with interest, he has already ordered an Aptera car for himself, "because it's American and it looks the most different."
After taking a spin in the Sol, it is startling to switch back into a regular four-seater. Rolling out of Aptera's parking lot onto the freeway next to all the oversized gas guzzlers that need to stop every couple of hundreds of miles to fill up, one can't help but think: We've just taken a trip into the future.