Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Responding to COVID-19 outbreaks at more than 200 mink farms, the Danish government, in November 2020, culled its entire mink population. The Danish armed forces helped farmers slaughter each of their 17 million minks, which are normally farmed for their valuable fur.
The SARS-CoV-2 virus, said officials, spread from human handlers to the small, ferret-like animals, mutated, and then spread back to several hundred humans. Although the mass extermination faced much criticism, Denmark’s prime minister defended the decision last month, stating that the step was “necessary” and that the Danish government had “a responsibility for the health of the entire world.”
Over the past two and half years, COVID-19 infections have been reported in numerous animal species around the world. In addition to the Danish minks, there is other evidence that the virus can mutate as it’s transmitted back and forth between humans and animals, which increases the risk to public health. According to the World Health Organisation (WHO), COVID-19 vaccines for animals may protect the infected species and prevent the transmission of viral mutations. However, the development of such vaccines has been slow. Scientists attribute the deficiency to a lack of data.
“Several animal species have been predicted and found to be susceptible to SARS-CoV-2,” says Suresh V. Kuchipudi, interim director of the Animal Diagnostic Laboratory at the Huck Institutes of Life Sciences. But the risk remains unknown for many animals in several parts of the world, he says. “Therefore, there is an urgent need to monitor the SARS-CoV-2 exposure of high-risk animals in different parts of the world.”
In June, India introduced Ancovax, its first COVID-19 vaccine for animals. The development came a year after the nation reported that the virus had infected eight Asiatic lions, with two of them dying. While 30 COVID-19 vaccines for humans have been approved for general or emergency use across the world, Ancovax is only the third such vaccine for animals. The first, named Carnivac-Cov, was registered by Russia in March last year, followed by another vaccine four months later, developed by Zoetis, a U.S. pharmaceutical company.
Christina Lood, a Zoetis spokesperson, says the company has donated over 26,000 doses of its animal vaccine to over 200 zoos – in addition to 20 conservatories, sanctuaries and other animal organizations located in over a dozen countries, including Canada, Chile and the U.S. The vaccine, she adds, has been administered to more than 300 mammalian species so far.
“At least 75 percent of emerging infectious diseases have an animal origin, including COVID-19,” says Lood. “Now more than ever before, we can all see the important connection between animal health and human health."
The Dangers of COVID-19 Infections among Animals
Cases of the virus in animals have been reported in several countries across the world. As of March this year, 29 kinds of animals have been infected. These include pet animals like dogs, cats, ferrets and hamsters; farmed animals like minks; wild animals like the white-tailed deer, mule deer and black-tailed marmoset; and animals in zoos and sanctuaries, including hyenas, hippopotamuses and manatees. Despite the widespread infection, the U.S. Centres for Diseases Control and Prevention (CDC) has noted that “we don’t yet know all of the animals that can get infected,” adding that more studies and surveillance are needed to understand how the virus is spread between humans and animals.
Leyi Wang, a veterinary virologist at the Veterinary Diagnostic Laboratory, University of Illinois, says that captive and pet animals most often get infected by humans. It goes both ways, he says, citing a recent study in Hong Kong that found the virus spread from pet hamsters to people.
Wang’s bigger concern is the possibility that humans or domestic animals could transmit the virus back to wildlife, creating an uncontrollable reservoir of the disease, especially given the difficulty of vaccinating non-captive wild animals. Such spillbacks have happened previously with diseases such as plague, yellow-fever, and rabies.
It’s challenging and expensive to develop and implement animal vaccines, and demand has been lacking as the broader health risk for animals isn’t well known among the public. People tend to think only about their house pets.
In the past, other human respiratory viruses have proven fatal for endangered great apes like chimpanzees and gorillas. Fearing that COVID-19 could have the same effect, primatologists have been working to protect primates throughout the pandemic. Meanwhile, virus reservoirs have already been created among other animals, Wang says. “Deer of over 20 U.S. states were tested SARS-CoV-2 positive,” says Wang, pointing to a study that confirmed human-to-deer transmission as well as deer-to-deer transmission. It remains unclear how many wildlife species may be susceptible to the disease due to interaction with infected deer, says Wang.
In April, the CDC expressed concerns over new coronavirus variants mutating in wildlife, urging health authorities to monitor the spread of the contagion in animals as threats to humans. The WHO has made similar recommendations.
Challenges to Vaccine Development
Zoetis initiated development activities for its COVID-19 vaccine in February 2020 when the first known infection of a dog occurred in Hong Kong. The pharmaceutical giant completed the initial development work and studies on dogs and cats, and shared their findings at the World One Health Congress in the fall of 2020. A few months later, after a troop of eight gorillas contracted the virus at the San Diego Zoo Safari Park, Zoetis donated its experimental vaccine for emergency use in the great ape population.
Zoetis has uniquely formulated its COVID-19 vaccine for animals. It uses the same antigen as human vaccines, but it includes a different type of carrier protein for inducing a strong immune response. “The unique combination of antigen and carrier ensures safety and efficacy for the species in which a vaccine is used,” says Lood.
But it’s challenging and expensive to develop and implement animal vaccines, and demand has been lacking as the broader health risk for animals isn’t well known among the public. People tend to think only about their house pets. “As it became apparent that risk of severe disease for household pets such as cats and dogs was low, demand for those vaccines decreased before they became commercially available,” says William Karesh, executive vice-president for health and policy at EcoHealth Alliance. He adds that in affected commercial mink farms, the utility of a vaccine could justify the cost in some cases.
Although scientists have made tremendous advances in making vaccines for animals, Kuchipudi thinks that the need for COVID-19 vaccines for animals “must be evaluated based on many factors, including the susceptibility of the particular animal species, health implications, and cost.”.
Not every scientist feels the need for animal vaccines. Joel Baines, a professor of virology at Cornell University’s Baker Institute for Animal Health, says that while domestic cats are the most susceptible to COVID-19, they usually suffer mild infections. Big cats in zoos are vulnerable, but they can be isolated or distanced from humans. He says that mink farms are a relatively small industry and, by ensuring that human handlers are COVID negative, such outbreaks can be curtailed.
Baines also suggests that human vaccines could probably work in animals, as they were tested in animals during early clinical trials and induced immune responses. “However, these vaccines should be used in humans as a priority and it would be unethical to use a vaccine meant for humans to vaccinate an animal if vaccine doses are at all limiting,” he says.
William Karesh, president of the World Animal Health Organization Working Group on Wildlife Diseases, says the best way to protect animals is to reduce their exposure to infected people.
In the absence of enough vaccines, Karesh says that the best way to protect animals is the same as protecting unvaccinated humans - reduce their exposure to infected people by isolating them when necessary. “People working with or spending time with wild animals should follow available guidelines, which includes testing themselves and wearing PPE to avoid accidentally infecting wildlife,” he says.
The Link between Animal and Human Health
Although there is a need for animal vaccines in response to virus outbreaks, the best approach is to try to prevent the outbreaks in the first place, explains K. Srinath Reddy, president of the Public Health Foundation of India. He says that the incidence of zoonotic diseases has increased in the past six decades because human actions like increased deforestation, wildlife trade and animal meat consumption have opened an ecological window for disease transmission between humans and animals. Such actions chip away at the natural barriers between humans and forest-dwelling viruses, while building conveyor belts for the transmission of zoonotic diseases like COVID-19.
Many studies suggest that the source of COVID-19 was infected live animals sold at a wet market in China’s Wuhan. The market sold live dogs, rats, porcupines, badgers, hares, foxes, hedgehogs, marmots and Chinese muntjac (small deer) and, according to a study published in July, the virus was found on the market’s stalls, animal cages, carts and water drains.
This research strongly suggests that COVID-19 is a zoonotic disease, one that jumps from animals to humans due to our close relationship with them in agriculture, as companions and in the natural environment. Half of the infectious diseases that affect people come from animals, but the study of zoonotic diseases has been historically underfunded, even as they can reduce the likelihood and cost of future pandemics.
“We need to invest in vaccines,” says Reddy, “but that cannot be a substitute for an ecologically sensible approach to curtailing zoonotic diseases.”
The Friday Five covers five stories in health research that you may have missed this week. There are plenty of controversies and troubling ethical issues in science – and we get into many of them in our online magazine – but this news roundup focuses on scientific creativity and progress to give you a therapeutic dose of inspiration headed into the weekend.