It shouldn’t be easy to buy synthetic DNA fragments to recreate the 1918 flu virus

It should be hard — exceedingly hard — to obtain the synthetic DNA needed to recreate the virus that caused the deadly 1918 influenza pandemic without authorization. But my lab found that it’s surprisingly easy, even when ordering gene fragments from companies that check customers’ orders to detect hazardous sequences.

Our experiment demonstrates that the immense potential benefits of biotechnology are profoundly vulnerable to misuse. A pandemic caused by a virus made from synthetic DNA — or even a lesser instance of synthetic bioterrorism — would not only generate a public health crisis but also trigger crippling restrictions on research.

Both the genome sequences of pandemic viruses and step-by-step protocols to make infectious samples from synthetic DNA are now freely available online. That makes it essential to ensure that all synthetic DNA orders are screened to determine whether they contain hazardous sequences, which should be shipped only to legitimate researchers whose work has been approved by a biosafety authority.

Gene synthesis leaders are aware of the security risks and the potential for liability: sequence providers who belong to the International Gene Synthesis Consortium (IGSC) have been voluntarily screening orders since 2009. But these efforts aren’t very useful if most of the dozens of non-members don’t screen their orders, if IGSC firms will ship fragments of hazardous sequences without proof of biosafety approval, or if sequence screening can be easily bypassed.

To test the effectiveness of current practices, Rey Edison and Shay Toner, both Ph.D. students in my lab at MIT, conducted a red-teaming experiment overseen by the Federal Bureau of Investigation. They used simple evasive strategies to camouflage orders for gene-length DNA fragments that could be used to generate the 1918 influenza virus, which killed more than 50 million people. The orders were placed on behalf of an organization that doesn’t perform lab experiments and requested shipping to an office address that obviously lacks laboratory space, providing extra reasons for suspicion. Alarmingly, 36 out of 38 providers — including 12 of 13 IGSC members — shipped multiple 1918 influenza fragments. Only one company detected a hazard and requested proof of biosafety approval.

Using complementary DNA pieces for safety, Edison and Toner then showed that standard synthetic biology techniques could assemble harmless constructs equivalent to ones that would generate the infectious virus. In other words, it’s now so easy to assemble fragments of the 1918 influenza genome that a collection of pieces is as dangerous as the entire thing.

This isn’t a criticism of gene synthesis providers, many of whom have been voluntarily screening orders at their own expense. The problem is that governments don’t mandate security across the industry — and even though it’s a crime to ship DNA sufficient to generate the entire infectious 1918 influenza, there’s no law against shipping pieces of it.

A step in the right direction is November’s Executive Order 14110, which will require federally funded entities to purchase synthetic DNA only from firms that conduct screening. The move has strong support from the gene synthesis industry, which has been lobbying Congress for even more stringent regulations. While many providers understandably waited to see what the implementation framework would look like, others have been adopting new screening software and solutions.

SecureDNA, a privacy-preserving system that can detect all of the evasive strategies and order-splitting attacks that we used to obtain the complete genome of the 1918 influenza virus, is now freely available to all DNA synthesis providers and manufacturers of synthesis devices. Developed by an international team of biologists and cryptographers and operated by a neutral Switzerland-based nonprofit, it was designed to verifiably screen orders against an up-to-date database of hazards, potentially limiting provider liability while protecting trade secrets. (Full disclosure: I am co-chair of the foundation council with Andrew Yao of Tsinghua University.)

The Common Mechanism, a new screening system by the International Biosecurity and Biosafety Initiative for Science (IBBIS) that is now in open beta release, is similarly freely available. It uses a different detection algorithm than SecureDNA, making the tools complementary. Established commercial services to assist gene synthesis providers are also available, and Aclid now offers know-your-customer support, completely removing the burden from gene synthesis providers.

The problem is the lack of any strong incentive favoring truly effective security. The new implementation framework of Executive Order 14110 is already outdated: it won’t reliably detect the types of evasive strategies we used to acquire the DNA for 1918 influenza virus. Worse, it applies only to customers who receive federal funding, meaning that firms currently offering DNA synthesis as a side business without any security precautions can continue to do so.

To safeguard the bioeconomy, follow-up regulation is needed that empowers firms to compete based on their actual security. This might be achieved by:

• mandating monthly security audits in which experts like Edison and Toner try to obtain hazardous DNA from providers in any way they can;
• producing a security score for each provider based on how many attempts succeed, including those that split hazards among multiple providers; and
• mandating that providers consistently earn a security score not far short of the top industry performers in order to continue selling synthetic DNA.

Thanks to the dedication of leading IGSC providers — many of whom have already closed vulnerabilities after being privately warned of our red-teaming results — such a policy would virtually guarantee best-practice security across the entire DNA synthesis industry. Until then, the least companies and organizations can do is exclusively buy DNA from providers who take security seriously, and urge any providers who aren’t screening to begin as soon as possible.

Would incentivizing robust screening increase costs or compromise privacy? Not necessarily. Both the Common Mechanism and SecureDNA are freely available to all providers, and SecureDNA uses cryptography to protect trade secrets, learning nothing about screened orders except the number of subsequences matching hazardous genes. New technologies will continue to lighten the burden: SecureDNA has developed software that makes it easy for research institutions to turn existing biosafety approvals into public-key infrastructure certificates that can be uploaded with DNA synthesis orders, so legitimate researchers can obtain DNA from any gene or organism they’re already approved to work with without any delays. Meanwhile, subsidized trade-in programs could replace existing small-scale “benchtop” DNA synthesizers — which allow labs to make short DNA fragments of their choice without any screening — with modern machines that feature built-in screening of the input as required by the Executive Order, simultaneously closing existing vulnerabilities and accelerating research.

The world has too much to gain from the life sciences to continue letting just anyone obtain DNA sufficient to cause a pandemic. Ensuring that only researchers with approval from a biosafety authority can obtain DNA that is at risk of misuse can safeguard the future of biotechnology.

Kevin M. Esvelt is a professor at the MIT Media Lab, where he leads the Sculpting Evolution Group in advancing biotechnology safely, and a co-founder of the SecureDNA Foundation.