The letter, which was organized by the Stanford University microbiologist David Relman and the University of Washington virologist Jesse Bloom, takes aim at a recent joint study of covid origins undertaken by the World Health Organization and China, which concluded that a bat virus likely reached humans via an intermediate animal and that a lab accident was “extremely unlikely.”
That conclusion was not scientifically justified, according to the authors of the new letter, since no trace of how the virus first jumped to humans has been found and the possibility of a laboratory accident received only a cursory look. Just a handful of the 313 pages of the WHO origins report and its annexes are devoted to the subject.
Marc Lipsitch, a well-known Harvard University epidemiologist who is among the signers of the letter, said he had not expressed a view on the origin of the virus until recently, choosing instead to focus on improving the design of epidemiological studies and vaccine trials—in part because the debate over the lab theory has become so controversial. “I stayed out of it because I was busy dealing with the outcome of the pandemic instead of the origin,” he says. “[But] when the WHO comes out with a report that makes a specious claim about an important topic … it’s worth speaking out.”
Several of those signing the letter, including Lipsitch and Relman, have in the past called for greater scrutiny of “gain of function” research, in which viruses are genetically modified to make them more infectious or virulent. Experiments to engineer pathogens were also ongoing at the Wuhan Institute of Virology, China’s leading center for studying bat viruses similar to SARS-CoV-2. Some see the fact that covid-19 first appeared in the same city in which the lab is located as circumstantial evidence that a laboratory accident could be to blame.
Lipsitch has previously estimated the risk of a pandemic caused by accidental release from a high-security biolab at between 1 in 1,000 and 1 in 10,000 per year, and he has warned that the proliferation of such labs around the globe is a major concern.
Even though Chinese scientists have said no such leak occurred in this case, the letter writers say that can only be established through a more independent investigation. “A proper investigation should be transparent, objective, data-driven, inclusive of broad expertise, subject to independent oversight, and responsibly managed to minimize the impact of conflicts of interest,” they write. “Public health agencies and research laboratories alike need to open their records to the public. Investigators should document the veracity and provenance of data from which analyses are conducted and conclusions drawn.”
The chief scientist for emerging disease at the Wuhan Institute of Virology, Shi Zhengli, said in an email that the letter’s suspicions were misplaced and would damage the world’s ability to respond to pandemics. “It’s definitely not acceptable,” Shi said of the group’s call to see her lab’s records. “Who can provide an evidence that does not exist?”
“It’s really sad to read this ‘Letter’ written by these 18 prominent scientists.” Shi wrote in her email. “The hypothesis of a lab leaking is just based on the expertise of a lab which has long been working on bat coronaviruses which are phylogenetically related to SARS-CoV-2. This kind of claim will definitely damage the reputation and enthusiasm of scientists who are dedicated to work on the novel animal viruses which have potential spillover risk to human populations and eventually weaken the ability of humans to prevent the next pandemic.”
The discussion around the lab leak hypothesis has already become highly political. In the US, it has been embraced most loudly by Republican lawmakers and conservative media figures, including Fox News host Tucker Carlson. The resulting polarization has had a chilling effect on scientists, some of whom have been reluctant to express their own concerns, says Relman.
“We felt motivated to say something because science is not living up to what it can be, which is a very fair and rigorous and open effort to gain greater clarity on something,” he says. “For me, part of the purpose was to create a safe space for other scientists to say something of their own.”
“Ideally, this is a relatively uncontroversial call for being as clear-eyed as possible in testing several viable hypotheses for which we have little data,” says Megan Palmer, a biosecurity expert at Stanford University who is not affiliated with the letter group. “When politics are complex and stakes are high, a reminder from prominent experts may be what is needed to compel careful consideration by others.”
This AI could predict 10 years of scientific priorities—if we let it
The survey committee, which receives input from a host of smaller panels, takes into account a gargantuan amount of information to create research strategies. Although the Academies won’t release the committee’s final recommendation to NASA for a few more weeks, scientists are itching to know which of their questions will make it in, and which will be left out.
“The Decadal Survey really helps NASA decide how they’re going to lead the future of human discovery in space, so it’s really important that they’re well informed,” says Brant Robertson, a professor of astronomy and astrophysics at UC Santa Cruz.
One team of researchers wants to use artificial intelligence to make this process easier. Their proposal isn’t for a specific mission or line of questioning; rather, they say, their AI can help scientists make tough decisions about which other proposals to prioritize.
The idea is that by training an AI to spot research areas that are either growing or declining rapidly, the tool could make it easier for survey committees and panels to decide what should make the list.
“What we wanted was to have a system that would do a lot of the work that the Decadal Survey does, and let the scientists working on the Decadal Survey do what they will do best,” says Harley Thronson, a retired senior scientist at NASA’s Goddard Space Flight Center and lead author of the proposal.
Although members of each committee are chosen for their expertise in their respective fields, it’s impossible for every member to grasp the nuance of every scientific theme. The number of astrophysics publications increases by 5% every year, according to the authors. That’s a lot for anyone to process.
That’s where Thronson’s AI comes in.
It took just over a year to build, but eventually, Thronson’s team was able to train it on more than 400,000 pieces of research published in the decade leading up to the Astro2010 survey. They were also able to teach the AI to sift through thousands of abstracts to identify both low- and high-impact areas from two- and three-word topic phrases like “planetary system” or “extrasolar planet.”
According to the researchers’ white paper, the AI successfully “backcasted” six popular research themes of the last 10 years, including a meteoric rise in exoplanet research and observation of galaxies.
“One of the challenging aspects of artificial intelligence is that they sometimes will predict, or come up with, or analyze things that are completely surprising to the humans,” says Thronson. “And we saw this a lot.”
Thronson and his collaborators think the steering committee should use their AI to help review and summarize the vast amounts of text the panel must sift through, leaving human experts to make the final call.
Their research isn’t the first to try to use AI to analyze and shape scientific literature. Other AIs have already been used to help scientists peer-review their colleagues’ work.
But could it be trusted with a task as important and influential as the Decadal Survey?
Securing the energy revolution and IoT future
In early 2021, Americans living on the East Coast got a sharp lesson on the growing importance of cybersecurity in the energy industry. A ransomware attack hit the company that operates the Colonial Pipeline—the major infrastructure artery that carries almost half of all liquid fuels from the Gulf Coast to the eastern United States. Knowing that at least some of their computer systems had been compromised, and unable to be certain about the extent of their problems, the company was forced to resort to a brute-force solution: shut down the whole pipeline.
The interruption of fuel delivery had huge consequences. Fuel prices immediately spiked. The President of the United States got involved, trying to assure panicked consumers and businesses that fuel would become available soon. Five days and untold millions of dollars in economic damage later, the company paid a $4.4 million ransom and restored its operations.
It would be a mistake to see this incident as the story of a single pipeline. Across the energy sector, more and more of the physical equipment that makes and moves fuel and electricity across the country and around the world relies on digitally controlled, networked equipment. Systems designed and engineered for analogue operations have been retrofitted. The new wave of low-emissions technologies—from solar to wind to combined-cycle turbines—are inherently digital tech, using automated controls to squeeze every efficiency from their respective energy sources.
Meanwhile, the covid-19 crisis has accelerated a separate trend toward remote operation and ever more sophisticated automation. A huge number of workers have moved from reading dials at a plant to reading screens from their couch. Powerful tools to change how power is made and routed can now be altered by anyone who knows how to log in.
These changes are great news—the world gets more energy, lower emissions, and lower prices. But these changes also highlight the kinds of vulnerabilities that brought the Colonial Pipeline to an abrupt halt. The same tools that make legitimate energy-sector workers more powerful become dangerous when hijacked by hackers. For example, hard-to-replace equipment can be given commands to shake itself to bits, putting chunks of a national grid out of commission for months at a stretch.
For many nation-states, the ability to push a button and sow chaos in a rival state’s economy is highly desirable. And the more energy infrastructure becomes hyperconnected and digitally managed, the more targets offer exactly that opportunity. It’s not surprising, then, that an increasing share of cyberattacks seen in the energy sector have shifted from targeting information technologies (IT) to targeting operating technologies (OT)—the equipment that directly controls physical plant operations.
To stay on top of the challenge, chief information security officers (CISOs) and their security operations centers (SOCs) will have to update their approaches. Defending operating technologies calls for different strategies—and a distinct knowledge base—than defending information technologies. For starters, defenders need to understand the operating status and tolerances of their assets—a command to push steam through a turbine works well when the turbine is warm, but can break it when the turbine is cold. Identical commands could be legitimate or malicious, depending on context.
Even collecting the contextual data needed for threat monitoring and detection is a logistical and technical nightmare. Typical energy systems are composed of equipment from several manufacturers, installed and retrofitted over decades. Only the most modern layers were built with cybersecurity as a design constraint, and almost none of the machine languages used were ever meant to be compatible.
For most companies, the current state of cybersecurity maturity leaves much to be desired. Near-omniscient views into IT systems are paired with big OT blind spots. Data lakes swell with carefully collected outputs that can’t be combined into a coherent, comprehensive picture of operational status. Analysts burn out under alert fatigue while trying to manually sort benign alerts from consequential events. Many companies can’t even produce a comprehensive list of all the digital assets legitimately connected to their networks.
In other words, the ongoing energy revolution is a dream for efficiency—and a nightmare for security.
Securing the energy revolution calls for new solutions equally capable of identifying and acting on threats from both physical and digital worlds. Security operations centers will need to bring together IT and OT information flows, creating a unified threat stream. Given the scale of data flows, automation will need to play a role in applying operational knowledge to alert generation—is this command consistent with business as usual, or does context show it’s suspicious? Analysts will need broad, deep access to contextual information. And defenses will need to grow and adapt as threats evolve and businesses add or retire assets.
This month, Siemens Energy unveiled a monitoring and detection platform aimed at resolving the core technical and capability challenges for CISOs tasked with defending critical infrastructure. Siemens Energy engineers have done the legwork needed to automate a unified threat stream, allowing their offering, Eos.ii, to serve as a fusion SOC that’s capable of unleashing the power of artificial intelligence on the challenge of monitoring energy infrastructure.
AI-based solutions answer the dual need for adaptability and persistent vigilance. Machine learning algorithms trawling huge volumes of operational data can learn the expected relationships between variables, recognizing patterns invisible to human eyes and highlighting anomalies for human investigation. Because machine learning can be trained on real-world data, it can learn the unique characteristics of each production site, and can be iteratively trained to distinguish benign and consequential anomalies. Analysts can then tune alerts to watch for specific threats or ignore known sources of noise.
Extending monitoring and detection into the OT space makes it harder for attackers to hide—even when unique, zero-day attacks are deployed. In addition to examining traditional signals like signature-based detection or network traffic spikes, analysts can now observe the effects that new inputs have on real-world equipment. Cleverly disguised malware would still raise red flags by creating operational anomalies. In practice, analysts using the AI-based systems have found that their Eos.ii detection engine was sensitive enough to predictively identify maintenance needs—for example, when a bearing begins to wear out and the ratio of steam in to power out begins to drift.
Done right, monitoring and detection that spans both IT and OT should leave intruders exposed. Analysts investigating alerts can trace user histories to determine the source of anomalies, and then roll forward to see what else was changed in a similar timeframe or by the same user. For energy companies, increased precision translates to dramatically reduced risk – if they can determine the scope of an intrusion, and identify which specific systems were compromised, they gain options for surgical responses that fix the problem with minimal collateral damage—say, shutting down a single branch office and two pumping stations instead of a whole pipeline.
As energy systems continue their trend toward hyperconnectivity and pervasive digital controls, one thing is clear: a given company’s ability to provide reliable service will depend more and more on their ability to create and sustain strong, precise cyber defenses. AI-based monitoring and detection offers a promising start.
To learn more about Siemens Energy’s new AI-based monitoring and detection platform, check out their recent white paper on Eos.ii.
Learn more about Siemens Energy cybersecurity at Siemens Energy Cybersecurity.
This content was produced by Siemens Energy. It was not written by MIT Technology Review’s editorial staff.
The US is about to kick-start its controversial covid booster campaign
Disagreements: Booster shots have been controversial. A group of top scientists, including experts at the FDA and WHO, published a review in The Lancet on Monday arguing that booster shots are unnecessary since vaccines are still very effective at preventing severe disease and death. Furthermore, they say, vaccine supplies could save more lives if they’re used for unvaccinated people rather than as boosters for the vaccinated. That’s why the WHO has been pleading with rich countries to stop handing them out until more of the world is vaccinated.
Unequal distribution: The US joins the UK, the UAE, France, Germany, and Israel, which have also launched booster programs. In the UK, for example, a rollout of booster shots to all over-50s is about to begin after officials gave the green light last week. Meanwhile, less than 4% of Africa’s population is fully vaccinated, compared with 70% of adults in the EU. In the US, it’s 55%, a figure that has stubbornly failed to significantly budge in recent weeks. Earlier this week, President Biden announced that the US would buy a further 500 million doses of vaccine to distribute to other parts of the world, bringing its total commitment to more than 1 billion.
Scramble: Millions of Americans are likely to try to get a third shot. A YouGov poll this summer found that three in five vaccinated Americans will get one if it’s available. Given the chaotic nature of the US vaccine rollout, it will be hard to prevent people from gaming the system to get a third shot even if they aren’t technically eligible.