Research security in the new threat environment

Published On: November 2021Categories: 2021 Editorial Series, Editorials

Author(s):

Curtis Domingo Salati

Defence Research and Development Canada (DRDC)

Science Policy Analyst

headshot of a white man in a suit

Failure to counter interference could undermine domestic innovation and competitive advantage in emerging domains, thus creating negative implications for both national and economic security. To meet this challenge, collaborative efforts should be made to assess risks and implement mitigation measures.

Today’s security environment is increasingly defined by less traditional threats. Cyber-attacks, for instance, can be carried out with limited resources, offer a degree of anonymity, and can cause significant disruptions. Targets also extend beyond state and military institutions. The theft of intellectual property and basic and applied research, as well as foreign direct investment backed by malicious actors, are just some of the threats faced by the public, private and academic sectors. As will be expanded on below, democratic states, including those in the Five Eyes, are becoming more cognisant of these new challenges, and are looking for ways to strengthen security within their research and innovation ecosystems.

Countering interference that seeks to compromise research, innovation and scientific advancements needs to remain a priority for open and democratic states. Without strong counter measures, there is a risk that malicious actors will undermine open and democratic economies and strengthen their own technological advantage at their targets’ expense. These state or non-state actors may have no limits in how they choose to use emerging disruptive technologies. This could include utilising them in unethical ways that run counter to democratic values and principles.

Raising the priority

The G7 Research Compact established in June 2021 is a good indication of the level of urgency being placed on research security. The G7 nations have committed to work together “to uphold and protect the principles that underpin effective international collaboration that is as open as possible and as secure as necessary”.[1] In support of this goal the G7 nations have called for the establishment of a new Working Group on the Security and Integrity of the Research Ecosystem that will “develop a common set of principles which will help to protect the research and innovation ecosystem across the G7”.[2]

Individual states are also expanding their own research security toolkits. For example, Canada has provided guidance and outreach resources on safeguarding research and science[3], with plans to “develop risk guidelines to integrate national security considerations into the evaluation and funding of research partnerships”.[4] Building on this earlier this year, Canada released National Security Guidelines for Research Partnerships, specifically associated with the Natural Sciences and Engineering Research Council’s (NSERC) Alliance Grants Program.[5] In the United States, a National Security Presidential Memorandum enacted by the previous administration called for action to “strengthen protections of U.S. government-supported research and development (R&D) against foreign government interference and exploitation”.[6] This was accompanied by a report from the Joint Committee on the Research Environment (JCORE) that offered recommendations to research organisations “to better protect the security and integrity of America’s research enterprise”.[7] The current administration has committed to the implementation of the memorandum “in a way that protects the nation’s interests in both security and openness”.[8] The United Kingdom and Australia are also exploring this space through their Trusted Research program and University Foreign Interference Task Force, respectively. [9] [10]

Building an approach framed around shared responsibility

Promoting security in a research ecosystem made up of public, private, and academic actors can be a difficult endeavour. Responsibility is a lingering question. There is an argument that industry and academia must do their part to protect national security, as well as the call for formal government guidance and measures to mitigate threats. It is important to remember that researchers and research institutions are not national security experts, so merely calling on them to assess the potential risks associated with their work could present challenges. This is an even bigger challenge if the research alone presents little to no risk but becomes an issue once aggregated with other inputs.

Another challenge with placing responsibility solely on non-government actors is that it may inadvertently discourage open collaboration. Researchers and institutions may find themselves a target of public or prospective partner criticism as a result of risk assessment conclusions they make, and mitigation measures they implement. As a result, they could seek funding and partnerships elsewhere.

To meet these challenges any future efforts to build security into research and innovation ecosystems could examine measures that provide a degree of shared responsibility. National security and scientific organisations offer the expertise that research institutions need to make greater progress in this domain. As a result, research institutions should consider how they can better leverage this expertise to build their own research security capacity.

Interchange Canada is an example of an exchange program that allows employees to join host organisations on time-limited contracts. Participants remain employees of their home organisation but are given the opportunity to develop their skills and build experience in new roles. The program is unique in that it can facilitate temporary assignments of individuals in and out of the core public administration. The program can be used for several reasons, including the transfer of knowledge and expertise, the improvement of networks between the core public administration and other sectors, and to meet organisational needs.[11] Building the research security capacity of domestic organisations is an effort that aligns with all these reasons.

The new G7 Working Group on the Security and Integrity of the Research Ecosystem, as well as all democratic states that value research which is “as open as possible and as secure as necessary”, should consider the prospects of exchange programs in promoting research security. For instance, a university could leverage public and private sector national security experts to build their own research security capacity. This may help these institutions better align themselves with government-sponsored principles and guidelines and have in place the knowledge and expertise that is needed to carry out effective risk assessments that are based on facts.

Moving forward

With science and technology outpacing the regulatory environment it is not only making it easier for malicious actors to bypass protections, but it makes emerging domains more attractive to such actors. Artificial intelligence, biotechnology, and quantum technologies are but a fraction of the fields that will face challenges. These fields will benefit from open collaboration but will also need to place added emphasis on research security.

To maintain an effective footing in today’s threat environment, it will be important to avoid tendencies to download responsibility and instead explore collaborative approaches that allow for a greater degree of shared responsibility. Although it is not a complete solution, public-private exchanges that can be leveraged through programs such as Interchange Canada might offer one opportunity to help reach this goal.

Democratic states need to recognise that navigating their way through the new threat environment will be greatly aided should all members of their research and innovation ecosystem choose to operate together. As such, public, private and academic organisations should find ways to take on the challenge of research security together, as opposed to limiting themselves to siloed solutions.

*The views expressed by the author in this editorial are their own.*

[1] G7 2021 Research Compact (June 2021)

[2] Ibid

[3] Safeguarding Your Research; Safeguarding Science

[4] Research Security Policy Statement – Spring 2021 (March 24, 2021)

[5] National Security Guidelines for Research Partnerships

[6] Presidential Memorandum on United States Government-Supported Research and Development National Security Policy (January 14, 2021)

[7] Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research Enterprise (January 2021)

[8] Clear Rules for Research Security and Researcher Responsibilities (August 10, 2021)

[9] Trusted Research – Centre for the Protection of National Infrastructure

[10] Guidelines to counter foreign interference in the Australian university sector

[11] Interchange Canada