Meet the Scientists on the Frontlines of Protecting Humanity from a Man-Made Pathogen

From left: Jean Peccoud, Randall Murch, and Neeraj Rao.
Jean Peccoud wasn't expecting an email from the FBI. He definitely wasn't expecting the agency to invite him to a meeting. "My reaction was, 'What did I do wrong to be on the FBI watch list?'" he recalls.
You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack.
He didn't know what the feds could possibly want from him. "I was mostly scared at this point," he says. "I was deeply disturbed by the whole thing."
But he decided to go anyway, and when he traveled to San Francisco for the 2008 gathering, the reason for the e-vite became clear: The FBI was reaching out to researchers like him—scientists interested in synthetic biology—in anticipation of the potential nefarious uses of this technology. "The whole purpose of the meeting was, 'Let's start talking to each other before we actually need to talk to each other,'" says Peccoud, now a professor of chemical and biological engineering at Colorado State University. "'And let's make sure next time you get an email from the FBI, you don't freak out."
Synthetic biology—which Peccoud defines as "the application of engineering methods to biological systems"—holds great power, and with that (as always) comes great responsibility. When you can synthesize genetic material in a lab, you can create new ways of diagnosing and treating people, and even new food ingredients. But you can also "print" the genetic sequence of a virus or virulent bacterium.
And while it's not easy, it's also not as hard as it could be, in part because dangerous sequences have publicly available blueprints. You use those blueprints for white-hat research—which is, indeed, why the open blueprints exist—or you can do the same for a black-hat attack. You could synthesize a dangerous pathogen's code on purpose, or you could unwittingly do so because someone tampered with your digital instructions. Ordering synthetic genes for viral sequences, says Peccoud, would likely be more difficult today than it was a decade ago.
"There is more awareness of the industry, and they are taking this more seriously," he says. "There is no specific regulation, though."
Trying to lock down the interconnected machines that enable synthetic biology, secure its lab processes, and keep dangerous pathogens out of the hands of bad actors is part of a relatively new field: cyberbiosecurity, whose name Peccoud and colleagues introduced in a 2018 paper.
Biological threats feel especially acute right now, during the ongoing pandemic. COVID-19 is a natural pathogen -- not one engineered in a lab. But future outbreaks could start from a bug nature didn't build, if the wrong people get ahold of the right genetic sequences, and put them in the right sequence. Securing the equipment and processes that make synthetic biology possible -- so that doesn't happen -- is part of why the field of cyberbiosecurity was born.
The Origin Story
It is perhaps no coincidence that the FBI pinged Peccoud when it did: soon after a journalist ordered a sequence of smallpox DNA and wrote, for The Guardian, about how easy it was. "That was not good press for anybody," says Peccoud. Previously, in 2002, the Pentagon had funded SUNY Stonybrook researchers to try something similar: They ordered bits of polio DNA piecemeal and, over the course of three years, strung them together.
Although many years have passed since those early gotchas, the current patchwork of regulations still wouldn't necessarily prevent someone from pulling similar tricks now, and the technological systems that synthetic biology runs on are more intertwined — and so perhaps more hackable — than ever. Researchers like Peccoud are working to bring awareness to those potential problems, to promote accountability, and to provide early-detection tools that would catch the whiff of a rotten act before it became one.
Peccoud notes that if someone wants to get access to a specific pathogen, it is probably easier to collect it from the environment or take it from a biodefense lab than to whip it up synthetically. "However, people could use genetic databases to design a system that combines different genes in a way that would make them dangerous together without each of the components being dangerous on its own," he says. "This would be much more difficult to detect."
After his meeting with the FBI, Peccoud grew more interested in these sorts of security questions. So he was paying attention when, in 2010, the Department of Health and Human Services — now helping manage the response to COVID-19 — created guidance for how to screen synthetic biology orders, to make sure suppliers didn't accidentally send bad actors the sequences that make up bad genomes.
Guidance is nice, Peccoud thought, but it's just words. He wanted to turn those words into action: into a computer program. "I didn't know if it was something you can run on a desktop or if you need a supercomputer to run it," he says. So, one summer, he tasked a team of student researchers with poring over the sentences and turning them into scripts. "I let the FBI know," he says, having both learned his lesson and wanting to get in on the game.
Peccoud later joined forces with Randall Murch, a former FBI agent and current Virginia Tech professor, and a team of colleagues from both Virginia Tech and the University of Nebraska-Lincoln, on a prototype project for the Department of Defense. They went into a lab at the University of Nebraska at Lincoln and assessed all its cyberbio-vulnerabilities. The lab develops and produces prototype vaccines, therapeutics, and prophylactic components — exactly the kind of place that you always, and especially right now, want to keep secure.
"We were creating wiki of all these nasty things."
The team found dozens of Achilles' heels, and put them in a private report. Not long after that project, the two and their colleagues wrote the paper that first used the term "cyberbiosecurity." A second paper, led by Murch, came out five months later and provided a proposed definition and more comprehensive perspective on cyberbiosecurity. But although it's now a buzzword, it's the definition, not the jargon, that matters. "Frankly, I don't really care if they call it cyberbiosecurity," says Murch. Call it what you want: Just pay attention to its tenets.
A Database of Scary Sequences
Peccoud and Murch, of course, aren't the only ones working to screen sequences and secure devices. At the nonprofit Battelle Memorial Institute in Columbus, Ohio, for instance, scientists are working on solutions that balance the openness inherent to science and the closure that can stop bad stuff. "There's a challenge there that you want to enable research but you want to make sure that what people are ordering is safe," says the organization's Neeraj Rao.
Rao can't talk about the work Battelle does for the spy agency IARPA, the Intelligence Advanced Research Projects Activity, on a project called Fun GCAT, which aims to use computational tools to deep-screen gene-sequence orders to see if they pose a threat. It can, though, talk about a twin-type internal project: ThreatSEQ (pronounced, of course, "threat seek").
The project started when "a government customer" (as usual, no one will say which) asked Battelle to curate a list of dangerous toxins and pathogens, and their genetic sequences. The researchers even started tagging sequences according to their function — like whether a particular sequence is involved in a germ's virulence or toxicity. That helps if someone is trying to use synthetic biology not to gin up a yawn-inducing old bug but to engineer a totally new one. "How do you essentially predict what the function of a novel sequence is?" says Rao. You look at what other, similar bits of code do.
"We were creating wiki of all these nasty things," says Rao. As they were working, they realized that DNA manufacturers could potentially scan in sequences that people ordered, run them against the database, and see if anything scary matched up. Kind of like that plagiarism software your college professors used.
Battelle began offering their screening capability, as ThreatSEQ. When customers -- like, currently, Twist Bioscience -- throw their sequences in, and get a report back, the manufacturers make the final decision about whether to fulfill a flagged order — whether, in the analogy, to give an F for plagiarism. After all, legitimate researchers do legitimately need to have DNA from legitimately bad organisms.
"Maybe it's the CDC," says Rao. "If things check out, oftentimes [the manufacturers] will fulfill the order." If it's your aggrieved uncle seeking the virulent pathogen, maybe not. But ultimately, no one is stopping the manufacturers from doing so.
Beyond that kind of tampering, though, cyberbiosecurity also includes keeping a lockdown on the machines that make the genetic sequences. "Somebody now doesn't need physical access to infrastructure to tamper with it," says Rao. So it needs the same cyber protections as other internet-connected devices.
Scientists are also now using DNA to store data — encoding information in its bases, rather than into a hard drive. To download the data, you sequence the DNA and read it back into a computer. But if you think like a bad guy, you'd realize that a bad guy could then, for instance, insert a computer virus into the genetic code, and when the researcher went to nab her data, her desktop would crash or infect the others on the network.
Something like that actually happened in 2017 at the USENIX security symposium, an annual programming conference: Researchers from the University of Washington encoded malware into DNA, and when the gene sequencer assembled the DNA, it corrupted the sequencer's software, then the computer that controlled it.
"This vulnerability could be just the opening an adversary needs to compromise an organization's systems," Inspirion Biosciences' J. Craig Reed and Nicolas Dunaway wrote in a paper for Frontiers in Bioengineering and Biotechnology, included in an e-book that Murch edited called Mapping the Cyberbiosecurity Enterprise.
Where We Go From Here
So what to do about all this? That's hard to say, in part because we don't know how big a current problem any of it poses. As noted in Mapping the Cyberbiosecurity Enterprise, "Information about private sector infrastructure vulnerabilities or data breaches is protected from public release by the Protected Critical Infrastructure Information (PCII) Program," if the privateers share the information with the government. "Government sector vulnerabilities or data breaches," meanwhile, "are rarely shared with the public."
"What I think is encouraging right now is the fact that we're even having this discussion."
The regulations that could rein in problems aren't as robust as many would like them to be, and much good behavior is technically voluntary — although guidelines and best practices do exist from organizations like the International Gene Synthesis Consortium and the National Institute of Standards and Technology.
Rao thinks it would be smart if grant-giving agencies like the National Institutes of Health and the National Science Foundation required any scientists who took their money to work with manufacturing companies that screen sequences. But he also still thinks we're on our way to being ahead of the curve, in terms of preventing print-your-own bioproblems: "What I think is encouraging right now is the fact that we're even having this discussion," says Rao.
Peccoud, for his part, has worked to keep such conversations going, including by doing training for the FBI and planning a workshop for students in which they imagine and work to guard against the malicious use of their research. But actually, Peccoud believes that human error, flawed lab processes, and mislabeled samples might be bigger threats than the outside ones. "Way too often, I think that people think of security as, 'Oh, there is a bad guy going after me,' and the main thing you should be worried about is yourself and errors," he says.
Murch thinks we're only at the beginning of understanding where our weak points are, and how many times they've been bruised. Decreasing those contusions, though, won't just take more secure systems. "The answer won't be technical only," he says. It'll be social, political, policy-related, and economic — a cultural revolution all its own.
Podcast: The Friday Five weekly roundup in health research
Scientists have designed a phone app that could alert consumers to high levels of cancer-causing chemicals, Yale researchers revive organs in dead pigs, and more in this week's Friday Five.
The Friday Five covers five stories in health research that you may have missed this week. There are plenty of controversies and troubling ethical issues in science – and we get into many of them in our online magazine – but this news roundup focuses on scientific creativity and progress to give you a therapeutic dose of inspiration headed into the weekend.
Listen to the Episode
Listen on Apple | Listen on Spotify | Listen on Stitcher | Listen on Amazon | Listen on Google
Covered in this week's Friday Five:
- A new blood test for cancer
- Patches of bacteria can use your sweat to power electronic devices
- Researchers revive organs of dead pigs
- Phone apps detects cancer-causing chemicals in foods
- Stem cells generate "synthetic placentas" in mice
Plus, an honorable mention for early research involving vitamin K and Alzheimer's
Matt Fuchs is the editor-in-chief of Leaps.org. He is also a contributing reporter to the Washington Post and has written for the New York Times, Time Magazine, WIRED and the Washington Post Magazine, among other outlets. Follow him on Twitter @fuchswriter.
A Tool for Disease Detection Is Right Under Our Noses
In March, researchers published a review that lists which organic chemicals match up with certain diseases and biomarkers in the skin, saliva and urine. It’s an important step in creating a robot nose that can reliably detect diseases.
The doctor will sniff you now? Well, not on his or her own, but with a device that functions like a superhuman nose. You’ll exhale into a breathalyzer, or a sensor will collect “scent data” from a quick pass over your urine or blood sample. Then, AI software combs through an olfactory database to find patterns in the volatile organic compounds (VOCs) you secreted that match those associated with thousands of VOC disease biomarkers that have been identified and cataloged.
No further biopsy, imaging test or procedures necessary for the diagnosis. According to some scientists, this is how diseases will be detected in the coming years.
All diseases alter the organic compounds found in the body and their odors. Volatolomics is an emerging branch of chemistry that uses the smell of gases emitted by breath, urine, blood, stool, tears or sweat to diagnose disease. When someone is sick, the normal biochemical process is disrupted, and this alters the makeup of the gas, including a change in odor.
“These metabolites show a snapshot of what’s going on with the body,” says Cristina Davis, a biomedical engineer and associate vice chancellor of Interdisciplinary Research and Strategic Initiatives at the University of California, Davis. This opens the door to diagnosing conditions even before symptoms are present. It’s possible to detect a sweet, fruity smell in the breath of someone with diabetes, for example.
Hippocrates may have been the first to note that people with certain diseases give off an odor but dogs provided the proof of concept. Scientists have published countless studies in which dogs or other high-performing smellers like rodents have identified people with cancer, lung disease or other conditions by smell alone. The brain region that analyzes smells is proportionally about 40 times greater in dogs than in people. The noses of rodents are even more powerful.
Take prostate cancer, which is notoriously difficult to detect accurately with standard medical testing. After sniffing a tiny urine sample, trained dogs were able to pick out prostate cancer in study subjects more than 96 percent of the time, and earlier than a physician could in some cases.
But using dogs as bio-detectors is not practical. It is labor-intensive, complicated and expensive to train dogs to bark or lie down when they smell a certain VOC, explains Bruce Kimball, a chemical ecologist at the Monell Chemical Senses Center in Philadelphia. Kimball has trained ferrets to scratch a box when they smell a specific VOC so he knows. The lab animal must be taught to distinguish the VOC from background odors and trained anew for each disease scent.
In the lab of chemical ecologist Bruce Kimball, ferrets were trained to scratch a box when they identified avian flu in mallard ducks.
Glen J. Golden
There are some human super-smellers among us. In 2019, Joy Milne of Scotland proved she could unerringly identify people with Parkinson’s disease from a musky scent emitted from their skin. Clinical testing showed that she could distinguish the odor of Parkinson’s on a worn t-shirt before clinical symptoms even appeared.
Hossam Haick, a professor at Technion-Israel Institute of Technology, maintains that volatolomics is the future of medicine. Misdiagnosis and late detection are huge problems in health care, he says. “A precise and early diagnosis is the starting point of all clinical activities.” Further, this science has the potential to eliminate costly invasive testing or imaging studies and improve outcomes through earlier treatment.
The Nose Knows a Lot
“Volatolomics is not a fringe theory. There is science behind it,” Davis stresses. Every VOC has its own fingerprint, and a method called gas chromatography-mass spectrometry (GCMS) uses highly sensitive instruments to separate the molecules of these VOCs to determine their structures. But GCMS can’t discern the telltale patterns of particular diseases, and other technologies to analyze biomarkers have been limited.
We have technology that can see, hear and sense touch but scientists don’t have a handle yet on how smell works. The ability goes beyond picking out a single scent in someone’s breath or blood sample. It’s the totality of the smell—not the smell of a single chemical— which defines a disease. The dog’s brain is able to infer something when they smell a VOC that eludes human analysis so far.
Odor is a complex ecosystem and analyzing a VOC is compounded by other scents in the environment, says Kimball. A person’s diet and use of tobacco or alcohol also will affect the breath. Even fluctuations in humidity and temperature can contaminate a sample.
If successful, a sophisticated AI network can imitate how the dog brain recognizes patterns in smells. Early versions of robot noses have already been developed.
With today’s advances in data mining, AI and machine learning, scientists are trying to create mechanical devices that can draw on algorithms based on GCMS readings and data about diseases that dogs have sniffed out. If successful, a sophisticated AI network can imitate how the dog brain recognizes patterns in smells.
In March, Nano Research published a comprehensive review of volatolomics in health care authored by Haick and seven colleagues. The intent was to bridge gaps in the field for scientists trying to connect the biomarkers and sensor technology needed to develop a robot nose. This paper serves as a reference manual for the field that lists which VOCs are associated with what disease and the biomarkers in skin, saliva, breath, and urine.
Weiwei Wu, one of the co-authors and a professor at Xidian University in China, explains that creating a robotic nose requires the expertise of chemists, computer scientists, electrical engineers, material scientists, and clinicians. These researchers use different terms and methodologies and most have not collaborated before with the other disciplines. “The electrical engineers know the device but they don’t know as much about the biomarkers they need to detect,” Wu offers as an example.
This review is significant, Wu continues, because it can facilitate progress in the field by providing experts in all the disciplines with the basic knowledge needed to create an effective robot nose for diagnostic use. The paper also includes a systematic summary of the research methodology of volatolomics.
Once scientists build a stronger database of VOCs, they can program a device to identify critical patterns of specified diseases on a reliable basis. On a machine learning model, the algorithms automatically get better at diagnosing with each use. Wu envisions further tweaks in the next few years to make the devices smaller and consume less power.
A Whiff of the Future
Early versions of robot noses have already been developed. Some of them use chemical sensors to pick up smells in the breath or other body emission molecules. That data is sent through an electrical signal to a computer network for interpretation and possible linkage to a disease.
This electronic nose, or e-nose, has been successful in small pilot studies at labs around the world. At Ben-Gurion University in Israel, researchers detected breast cancer with electronic gas sensors with 95% accuracy, a higher sensitivity than mammograms. Other robot noses, called p-noses, use photons instead of electrical signals.
The mechanical noses being developed tap different methodologies and analytic techniques which makes it hard to compare them. Plus, the devices are intended for varying uses. One team, for example, is working on an e-nose that can be waved over a plate to screen for the presence of a particular allergen when you’re dining out.
A robot nose could be used as a real-time diagnostic tool in clinical practice. Kimball is working on one such tool that can distinguish between a viral and bacterial infection. This would enable physicians to determine whether an antibiotic prescription is appropriate without waiting for a lab result.
Davis is refining a hand-held device that identifies COVID-19 through a simple breath test. She sees the tool being used at crowded airports, sports stadiums and concert venues where PCR or rapid antigen testing is impractical. Background air samples are collected from the space so that those signals can be removed from the human breath measurement. “[The sensor tool] has the same accuracy as the rapid antigen test kits but exhaled breath is easier to collect,” she notes.
The NaNose, also known as the SniffPhone, uses tiny sensors boosted by AI to distinguish Alzheimer's, Crohn's disease, the early stages of several cancers, and other diseases with 84 to 98 percent accuracy.
Hossam Haick
Haick named his team’s robot nose, “NaNose,” since it is based on nanotechnology; the prototype is called the SniffPhone. Using tiny sensors boosted by AI, it can distinguish 23 diseases in human subjects with 84 to 98 percent accuracy. This includes early stages of several cancers, Alzheimer’s, tuberculosis and Crohn’s disease. His team has been raising the accuracy level by combining biomarker signals from both breath and skin, for example. The goal is to achieve 99.9 percent accuracy consistently so no other diagnostic tests would be needed before treating the patient. Plus, it will be affordable, he says.
Kimball predicts we’ll be seeing these diagnostic tools in the next decade. “The physician would narrow down what [the diagnosis] might be and then get the correct tool,” he says. Others are envisioning one device that can screen for multiple diseases by programming the software, which would be updated regularly with new findings.
Larger volatolomics studies must be conducted before these e-noses are ready for clinical use, however. Experts also need to learn how to establish normal reference ranges for e-nose readings to support clinicians using the tool.
“Taking successful prototypes from the lab to industry is the challenge,” says Haick, ticking off issues like reproducibility, mass production and regulation. But volatolomics researchers are unanimous in believing the future of health care is so close they can smell it.