It should be virtually impossible for malicious actors to obtain the synthetic DNA needed to recreate a virus like the one that caused the devastating 1918 Spanish Flu pandemic. However, a fascinating — and terrifying — real-world experiment by an MIT professor and two of his students found that it is "surprisingly easy, even when ordering gene fragments from companies that check customers' orders to detect hazardous sequences."
The MIT experiment, conducted by two graduate students of Professor Kevin Esvelt under the supervision of the FBI, reveals the vulnerability of the current system.
Some background is necessary.
The genome sequences of pandemic viruses and step-by-step protocols for making infectious samples from synthetic DNA are now freely available online. That makes it essential to ensure that all orders for synthetic DNA are screened to determine whether they contain hazardous sequences that should be shipped only to legitimate researchers whose work has been approved by a biosafety authority.
Terrorists are ingenious and respect no boundaries. Although it was not so long ago, few Americans remember the worst bioweapon attack in U.S. history: After the 9/11 terrorist attacks, letters containing anthrax bacteria began to appear in various parts of the country, killing five and sickening 17. Imagine the havoc if they could create variants of the COVID-19 virus that could escape vaccine-induced immunity.
Scientists who synthesize genes and provide them to other researchers are aware of the security risks and the potential for liability: Sequence providers who belong to the International Gene Synthesis Consortium (IGSC, "Where Gene Synthesis and Biosecurity Align") have been voluntarily screening orders since 2009.
However, as Professor Esvelt observed, these efforts can be compromised under various scenarios. For example, if most of the dozens of non-members don't screen their orders, if IGSC firms will ship fragments of hazardous sequences without proof of biosafety approval, or if the screening of sequences can easily be bypassed.
Now, we come to the actual MIT experiment. To test the effectiveness of current biosecurity practices, the two grad students conducted a "red-teaming" experiment overseen by the FBI. Red-teaming tests vulnerabilities in the biosecurity infrastructure for screening DNA sequence acquisition and the capabilities of AI tools. It has been used effectively to test cybersecurity, for example, by having ethical hackers emulating malicious attackers' tactics and techniques against computer security systems.
The students used simple evasive strategies to camouflage orders for gene-length DNA fragments that could be used to recreate the Spanish Flu virus that caused a pandemic of historic proportions, killing 50 million people worldwide in 1918-1920. (The flu virus genome consists of RNA, which can easily be made from a DNA template.)
Alarmingly, 36 out of 38 providers — including 12 of 13 IGSC members — shipped multiple Spanish Flu fragments. Only one company detected a hazard and requested proof of biosafety approval.
Obtaining the potentially hazardous DNA segments was only the beginning of the exercise. The students then demonstrated that standard synthetic biology techniques could assemble the parts to generate an infectious virus.
In other words, it is now so easy to assemble fragments of the 1918 Spanish Flu virus genome that a collection of pieces is as dangerous as the entire thing.
Esvelt notes two problems: Governments do not mandate security across the industry, and although it's a crime to ship DNA sufficient to generate the entire infectious 1918 flu virus, it isn't illegal to ship pieces of it.
According to Esvelt, some systems can detect all the evasive strategies used by his students to obtain the complete genome of the Spanish Flu virus, and those systems are now freely available to all DNA synthesis providers and manufacturers of synthesis devices, but the use of them is not compulsory.
It should be noted that there is a Biological Weapons Convention, an international treaty that bans biological and toxin weapons, but it is toothless. Unlike other arms control agreements, such as the Nuclear Non-Proliferation Treaty, the BWC lacks either a robust verification regime or a mechanism for enforcement. Since it applies to the actions of nations, it is unlikely to have any effect on non-state-sponsored terrorists.
There are already a few very knowledgeable, highly motivated people working on biosecurity issues, some of the most prominent of whom are at the non-profit Nuclear Threat Initiative, co-chaired by former Secretary of Energy Ernest Moniz and former Sen. Sam Nunn, D-Ga. A fundamental problem, however, is the absence of strong incentives to adopt and adhere to widespread, effective security measures.
Bioterrorism is a palpable threat; its mitigation is a shared responsibility between governments and the private sector. We need to act before it's too late.
Henry I. Miller, a physician and molecular biologist, is the Glenn Swogger Distinguished Fellow at the American Council on Science and Health. He was the founding director of the FDA's Office of Biotechnology. Find Henry on X @HenryIMiller