National Counterintelligence and Security Center

Features

National Counterintelligence and Security Center

NCSC Podcast Logo

 

Authorized Disclosures is the NCSC Podcast on key counterintelligence and security issues.

 

Podcasts:

NCSC Podcast Logo

 

Jeanette McMillian, the Assistant Director for NCSC's Supply Chain and Cyber Directorate, recently sat down with Ms. Kemba E. Walden, the Principal Deputy National Cyber Director for the Office of the National Cyber Director (ONCD), for a podcast interview.

 

The discussion focused on the work of the ONCD and its efforts to enhance cybersecurity awareness for a more resilient cyber supply chain.

 

  • Check out the podcast interview, click here
  • For a transcript of the interview, click here
  • For Ms. Kemba E. Walden's biography, click here

 

Guest Speaker

Ms. Kemba E. Walden is the Principal Deputy National Cyber Director for the Office of the National Cyber Director. Ms. Walden brings a wealth of public and private sector experience to this role, including her work as assistant general counsel for Microsoft’s Digital Crimes Unit and her service at the Department of Homeland Security, where she served as a cybersecurity attorney for the Cybersecurity and Infrastructure Security Agency, or CISA.

 

 

Protect your information

 

 

 

Data breaches involving personal information result in a broad range of risks to individuals and organizations. This includes identity theft, targeting of individuals with knowledge of sensitive government information and internal business processes, and other intelligence activities that use personal information of U.S. citizens to undermine national security.

 

It is in our collective interest that we take actions to limit the risk of our personal information being exploited, and that we are able to recognize any indicators that we may be the target of such activities.

 

Confirmation that your personal information has been accessed in a data breach is not a guarantee that your information will be misused or that you will be targeted for further exploitation. However, it is important to remain mindful of the risk of such misuse or exploitation.

 

The following information is provided to raise your awareness to this possibility and to help you understand how your personal information may be used by foreign intelligence services, and other “bad actors” (extremists, criminals, hackers, and the like).

 

The information below is provided to raise awareness and provide guidance for mitigating risks; it is not intended to indicate that the government has observed particular adverse effects from data compromises.

 

 General Awareness & Protection Guidance

 

All individuals potentially affected by a breach should be wary of suspicious activities indicating their personal information has been or is being exploited, and follow these protective measures, including:

  • Do not provide additional or detailed information about yourself, your family or associates, or your position with any individual who has an unusual or heightened interest in you, or your family and associates;
  • Do not share personal, financial, or sensitive information if you are contacted by unknown individuals or groups via e-mail, instant messaging or text, telephone, social media interaction, and personal encounters;
  • Do not open attachments or click on links embedded in emails, instant messages or texts from unknown senders, senders who would be unlikely to send an email directly to you, and even from known senders with grammatical errors, misspellings, or if there is no text with the attachment or link;
  • Install and maintain up-to-date anti-virus and anti-malware software to guard against viruses, other malicious code, and pop-ups that can appear if your computer is infected;
  • Transmit electronic information safely using encryption and by using secure, known websites (e.g., with addresses starting with “https” rather than “http”);
  • Share electronic files and photographs only with those you know as they contain embedded metadata such as identity, date and time, and location information;
  • Select the highest level of privacy settings on your electronic devices and applications;
  • Monitor your credit history and activity through a reputable credit bureau and your account statements for any unauthorized or unusual entries. Free credit reports can be obtained at: http://www.consumer.ftc.gov/articles/0155-free-credit-reports;
  • Maintain direct positive control of, or leave at home, electronic devices during travel, especially when traveling out of the U.S.;
  • Know the locations and contact information for U.S. embassies, consulates, and other diplomatic establishments for any issues or emergencies when traveling out of the country. This information can be found at: http://www.state.gov/misc/list/index.htm;
  • Report per your department, agency, or company instructions, all suspicious activity, events, or individuals you, relatives, and associates encounter; and
  • Share these general awareness and protection guidelines with relatives and associates as appropriate. Avoid misconduct or behaviors that leave you vulnerable to blackmail, coercion, or recruitment.

 

Social Engineering

 

Social Engineering is the term used to describe bad actors using information they have discovered either legally or illegally about you to gain your trust and extract further information or manipulate you to take actions you would not otherwise take.

 

The use of stolen personal information by cyber operators is highly valuable for social engineering as it can be used to create a compelling illusion that you already know an individual or have a shared interest with them. It opens a means to contact you in either cyber space or the physical world to foster that trust or do harm.

 

Examples of how bad actors may use your personal information for social engineering and other purposes include:

 

Phishing (or spearphishing) is a common method used to contact people through email. With phishing, bad actors use social engineering to target their victims and lure them into taking actions that could ultimately compromise their computer or network. Examples include getting a victim to open a malicious attachment or clicking on a bogus embedded link. Like other social engineering attacks, spear phishing takes advantage of a victim’s most basic human traits, such as a desire to be helpful, provide a positive response to those in authority, or respond positively to someone who shares similar tastes or views, or simple curiosity about contemporary news and events. Those who “take the bait,” become unwitting participants in a computer network attack by allowing the attackers to bypass many of our technical defenses.

 

Phishing scams also trick you into providing your confidential information, which is then used to access your accounts. Typically this kind of fraud involves an email, text message, or pop-up window claiming to come from an official source.

 

Social Media Deception (including Facebook, Twitter, Google and LinkedIn) provides bad actors with an avenue to connect to their victims. Attackers may create a fake profile to befriend their victims while posing as a former acquaintance, job recruiter, or someone with a shared interest. Using a fake online persona, an attacker may try and get their victims to reveal more information about themselves or their employers, or they may simply collect more information about their victims from your social media postings.

 

Human Targeting is often used by foreign governments to target individuals with access to information of interest to them. For instance, you may unexpectedly meet someone at a venue of interest, such as a conference or child’s school event, who shares your interests or views and establishes an ongoing relationship. Your new friend may test you by getting you to do seemingly small “favors” for them or getting you to talk about trivial work-related information. Over time, trivial information may lead them to information that is of interest.

 

Travel Vulnerabilities are greater than usual, especially if you are traveling outside of the U.S., as it is common for you to encounter unfamiliar people. Also, your guard may be down because you are traveling for vacation, training, or other relaxing purposes. Therefore, take extra precaution of:

  • Those who approach you in a friendly manner and seem to have a lot in common with you--especially if they wish to maintain contact with you once you return home.
  • Interactions in social settings where you find you are unusually successful in meeting and impressing others.
  • Aseemingly random and/or other foreign acquaintance who has heightened interest in your work or introduces you to a third party who then wants to continue to meet with you.

 

Unsolicited Telephone and Text Messages from toll-free numbers can be set up quickly and sometimes exist solely for the purpose of capturing your confidential information, often simply by playing a prerecorded message about your accounts being in trouble. The message prompts you to enter your 16-digit account number. This is followed by a request for your PIN and other personal information. Or you may receive a text message or a phone call with a prerecorded message that describes an urgent situation that requires immediate action. The message may say, “Your account has been blocked. Please call 800-123-4567 to unlock it.” Before you realize you’re being scammed, you’ve given enough information to duplicate your card and access your accounts.

 

Identity Impersonation is acquiring key pieces of your confidential information, such as your name, address, birthdate, Social Security number, and mother's maiden name, in order to commit fraud. Identify Impersonation can be used as a tactic for corporate exploitation via the newly acquired identity. With this information, an identity thief can take over your financial accounts; open new bank accounts; purchase automobiles; apply for loans, credit cards, and Social Security benefits; rent apartments; and establish services with utility and phone companies, all in your name.

 

Reporting

 

To protect yourself and your family, we urge all affected individuals to exercise caution and remain vigilant to any events appearing out of the ordinary or suspicious.

 

If you believe you have observed activity related to a personal data compromise or suspect your personal information has been exploited, report your concern as soon as possible to your security office.

 

The appropriate Federal government sites may also be used to report specific incidents:

  • Report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
  • If you notice fraudulent activity, go to the Federal Trade Commission (FTC) website (www.ftc.gov/idtheft or www.identitytheft.gov) and complete an ID theft complaint form and place a fraud alert on your credit report.
  • Report unexplained activity related to criminal behavior to the local police department. Provide them with a copy of the FTC form and request a copy of the police report.

 

Videos

 

Know the Risk - Raise your Shield: Spear Phishing

 

Know the Risk - Raise your Shield: Social Media Deception

Know the Risk - Raise your Shield: Human Targeting

 

More Information

 

The additional information, as well as future resources, as can be found at the ncsc.gov web site, including:

 

 

 

SafeguardingScience Personnel Security

 

Job Aids

  • Counterintelligence Reporting Essentials (CORE): A Practical Guide for Reporting Counterintelligence and Security Indicators
    Supervisors and coworkers are the first line of defense against national security crimes. The government relies on you toprotect national security by reporting any behavior that you observe that may be related to a potential compromise ofsensitive information. However, judgment calls are often required by the potential reporter, and this often leads to indecisionor choosing not to report anything. This resource provides a focused list of serious counterintelligence- and security-relatedbehaviors that, if observed or learned about, should be reported immediately to the appropriate counterintelligence orsecurity authorities. All these behaviors are serious and require little or no speculation.

Reports

  • Enhancing Supervisor Reporting of Behaviors of Concern
    This report compiles a literature review with key information from subject matter expert (SME) interviews about barriers toreporting, strategies for overcoming these barriers, and tools to assist with the reporting process.
  • Reporting of Counterintelligence and Security Indicators by Supervisors and Coworkers
    Personnel and Security Research Center (PERSEREC) conducted a study of supervisor and coworker reporting of security-related information. Explanations were offered by security managers and by focus group participants as to why manysecurity-related behaviors are underreported. PERSEREC developed a clear, succinct list of behaviors that could pose apotential threat to national security and thus should be reported if observed.
  • On the Right Track: Worker-on-Worker Violence Prevention
    Researchers partnered with subject matter experts (SME) in law enforcement and asked them to share their opinions as towhy worker-on-worker violence seems so rare in police departments, especially given the intense, fast-paced, and armedenvironment. The purpose of this report is to identify best practices based on these discussions and recommend potentialprevention strategies that organizations might want to consider for its own workforce.

 

CBP NCSC 2022 11 04

 

 

 

Jeanette McMillian, the Assistant Director for NCSC's Supply Chain and Cyber Directorate, recently sat down with Mr. John P. Leonard, the Deputy Executive Assistant Commissioner for the Office of Trade at U.S. Customs and Border Protection (CBP), for a podcast interview.

 

The discussion focused on supply chain security from CBP’s perspective, highlighting some of the issues CBP sees at the intersection of trade security and supply chain security, including the rise of ecommerce, cyber security incidents, intellectual property rights enforcement, and trade relations with our number one trading partner, China.

 

 

Guest Speaker

 

Mr. John P. Leonard is the Deputy Executive Assistant Commissioner (DEAC) of Office of Trade, U.S. Customs and Border Protection (CBP). Mr. Leonard oversees a diverse portfolio of trade enforcement, security, and facilitation to enable legitimate trade, contribute to American economic prosperity, and protect against risks to public health and safety. His work ranges from enforcing over 500 U.S. trade laws, to overseeing 14 trade agreements, to directing CBP’s seven Priority Trade Issues in collaboration with 49 partner government agencies.

ResearchSecurity

 

 

The National Science Foundation is committed to maintaining the integrity of international scientific collaborations. They have developed resources to enhance research security practices that are reliable and adaptive to emerging and evolving threats. You can find these resources below and visit the NSF Research Security site for more information.

 

Quick Reference

 

   Introduction

  1. Research Security Background Documents
  2. Research Security Actions and Practices
  3. White House Documents
  4. Documents on Disclosure Requirements and Standardization
  5. Documents on Digital Persistent Identifiers (DPIs)
  6. Documents on Research Security Programs
  7. Risk Assessment and Mitigation
  8. Value of Principled International Collaboration
  9. Research Security Guidance from International Entities
  10. Research Security Guidance from Associations and Societies 

 

Introduction

Below is a collection of documents for reference collected by the National Science Foundation’s (NSF) Office of the Chief of Research Security Strategy and Policy (OCRSSP) regarding best practices in research security for the academic community. As stated by the NSPM-33 Implementation Guidance, research security is defined as “safeguarding the research enterprise against the misappropriation of research and development to the detriment of national or economic security, related violations of research integrity, and foreign government interference.” 

 

This research security toolkit is intended to serve as a resource for the academic community to understand initiatives currently underway and rationale for published guidance. Beginning with documents intended to outline key emerging concerns in the fundamental research security ecosystem (see Section I and Section II) and documents published by the White House (see Section III), resources are then categorized into seven groups: resources related to disclosure requirements and standardization (see Section IV); digital persistent identifiers (DPIs) (see Section V); research security programs (see Section VI); risk assessment and mitigation (see Section VII); the value of principled collaboration (see Section VIII); research security guidance from international entities (see Section IX); and research security guidance from associations and societies (see Section X).

 

 

I. Research Security Background Documents

  1. NSDD-189 – National Security Decision Directive 189 (NSDD-189) (Established in 1985, reaffirmed in 2001 and 2010)
    Directive
    Short Description: NSDD-189 remains a cornerstone of the fundamental research enterprise, making a clear distinction between fundamental and classified research and stating that products of fundamental research should remain “remain unrestricted” to the “maximum extent possible.”
  2. JASON/NSF – JASON Report on Fundamental Research Security (Dec 2019)
    Full Report
    Short Description: “NSF has charged JASON to produce an unclassified report that can be widely disseminated and discussed in the academic community, providing technical or other data about specific security concerns in a classified appendix.” Of the 6 questions NSF charged JASON to answer relevant to openness in fundamental research, principles of scientific openness, areas of fundamental research necessitating more control, controls on information, and best practices researchers can put in place, this report details “the results from the ensuing inquiry, discussions, and debates engaged with NSF, senior university administrators, the intelligence community, law enforcement, and others.”
    NSF Response to JASON Report
    Short Description: This document includes NSF’s response to JASON’s nine recommendations on fundamental science and security.
  3. The Association of American Universities (AAU), Association of Public and Land-Grant Universities (APLU), Council on Government Relations (COGR) – University Actions to Address Concerns about Security Threats and Undue Foreign Government Influence on Campus (May 2020)
    Document
    Short Description: “APLU and AAU have previously identified and shared effective practices universities are employing to ensure the security of research, protect against intellectual property theft and academic espionage, and prevent actions or activities by foreign governments and/or other entities that seek to exert undue foreign government influence or infringe on core academic values (e.g. free speech, scientific integrity, etc.)...The following incorporates new and existing activities universities are pursuing, according to the recent survey collection. We encourage all universities to review these examples and to consider implementing practices that might prove effective on their own campuses to protect against research security threats and undue foreign government.”
  4. NSF – Research Security Website
    Website
    Short Description: The NSF Research Security website includes updates on research security activities being conducted by the Office of the CRSSP, summaries of issues relevant to foreign interference and risk mitigation, and additional resources for reference.
  5. NSF – Webpage on NSTC Research Security Subcommittee, NSPM-33 Implementation Guidance Disclosure Requirements & Standardization
    Website
    Short Description: “The National Science and Technology Council (NSTC) Research Security Subcommittee has worked to develop consistent disclosure requirements for use by senior personnel, as well as to develop proposed common disclosure forms for the Biographical Sketch and Current and Pending (Other) Support sections of an application for Federal research and development (R&D) grants or cooperative agreements. NSF has agreed to serve as steward for these common forms as well as for posting and maintenance of the table entitled, NSPM-33 Implementation Guidance Pre- and Post-award Disclosures Relating to the Biographical Sketch and Current and Pending (Other) Support.” This website provides up-to-date information on disclosure requirements.
  6. COGR – Matrix of Science & Security Laws, Regulations, and Policies (Sep 2022)
    Webpage with Matrix
    Short Description: “COGR has developed a comprehensive chart that summarizes and compares federal laws, regulations, and policies in the area of science and security. The chart is divided into three separate tabs that cover (a) major federal-wide legislation or policy (e.g., National Presidential Security Memorandum 33, CHIPS and Science Act of 2022); (b) agency disclosure requirements for researchers and research institutions; and (c) agency conflict of interest policies. The chart will be updated as new laws, policy and guidance are published."

Back to top of page

 

II. Research Security Actions and Practices

  1. NSF – Former NSF Director Dr. France A. Córdova’s Dear Colleague Letter to the Academic Community (Jul 2019)
    Letter
    Short Description:Short Description: This Dear Colleague Letter, addressed to the academic community, identifies emerging risks to the nation’s science and engineering enterprise and identifies actions NSF is undertaking to uphold the values of “openness, transparency, and reciprocal collaboration.”
  2. AAU, APLU, COGR – University Actions to Address Concerns about Security Threats and Undue Foreign Government Influence on Campus (May 2020)
    Document
    Short Description:
  3. NSTC – Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research Enterprise (Jan 2021)
    Document
    Short Description:“This document was developed by the Subcommittee on Research Security, in coordination with the National Security Council staff, and was reviewed by JCORE [the Joint Committee on the Research Environment]. The document outlines recommended guidelines for organizations that conduct research.”
  4. American Council on Education (ACE) – Letter to ACE Member Presidents and Chancellors Regarding Growing Concerns about Foreign Influence/Interference (May 2019)
    Letter
    Short Description: This letter to ACE member Presidents and Chancellors highlights growing concerns regarding foreign influence and foreign interference in the U.S. research environment. In addition to citing steps federal entities are taking to secure the fundamental research environment, the letter offers suggestions and actions institutions can take to further enhance the security of their international partnerships.
  5. AAU – Actions Taken to Address Foreign Security Threats, Undue Foreign Interference, and Protect Research Integrity at U.S. Universities (Jun 2022)
    Document
    Short Description: This document summarizes “actions that have already been taken or are currently being taken by both universities and federal entities regarding research security.” Sections include 1) actions taken by universities; 2) actions taken by Congress; 3) actions taken by the Executive branch and federal agencies; and 4) existing federal research security requirements.

III. White House Documents

  1. National Security Presidential Memorandum on United States Government-Supported Research and Development National Security Policy 33 (NSPM-33) (Jan 2021)
    Memorandum
    Short Description: “This memorandum directs action to strengthen protections of United States Government-supported Research and Development (R&D) against foreign government interference and exploitation. The United States Government provides significant support to R&D across a broad spectrum of research institutions and programs conducted both within and outside of the United States and its territories. This R&D, including both basic and applied research, is a key contributor to American science and technology (S&T) innovation and is essential to United States economic and national security.”
  2. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
    Implementation Guidance
    Short Description: “The purpose of this document is to provide guidance to Federal departments and agencies regarding their implementation of National Security Presidential Memorandum 33 on National Security Strategy for U.S. Government-Supported Research and Development.”

Back to top of page

 

IV. Documents on Disclosure Requirements and Standardization

  1. Government Accountability Office (GAO) – Federal Research: Agencies Need to Enhance Policies to Address Foreign Influence (Dec 2020)
    Report
    Short Description: “GAO was asked to review federal agency and university COI policies and disclosure requirements. In this report, GAO examines (1) COI policies and disclosure requirements at selected agencies and universities that address potential foreign threats, (2) mechanisms to monitor and enforce policies and requirements, and (3) the views of selected stakeholders on how to better address foreign threats to federally funded research. GAO reviewed laws, regulations, federal guidance, and agency and university COI policies and requirements. GAO also interviewed agency officials, university officials, and researchers.” See full report for information relevant to disclosure requirements and standardization.
  2. NSPM-33 (Jan 2021)
    Memorandum
    Short Description: For information relevant to disclosure requirements and standardization, see Section 4.
  3. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
    Document
    Short Description: For information relevant to disclosure requirements and standardization, see pp. 2-7.
  4. NSF – NSF Proposal and Award Policies and Procedures Guide (PAPPG) (NSF 22-1) (Oct 2021)
    Document
    Short Description: “The PAPPG is comprised of information relating to NSF’s proposal and award process for the assistance programs of NSF.” The PAPPG is designed to set forth NSF’s proposal preparation and submission guidelines, as well as set forth NSF policies and procedures regarding the award, administration, and monitoring of grants and cooperative agreements. For information relevant to disclosure requirements and standardization, see Chapters II.C.1.e, II.C.2.f, and II.C.2.h.
  5. NSF – Draft Common Disclosure Forms for the Biographical Sketch and Current and Pending (Other) Support
    Federal Register Notice
    NSF Website
    Short Description: “NSF, on behalf of the National Science and Technology Council's (NSTC) Research Security Subcommittee, is soliciting public comment on common disclosure forms for the Biographical Sketch and Current and Pending (Other) Support sections of a research application. An excel spreadsheet that summarizes all of the data elements that will be collected in both the Biographical Sketch and Current and Pending (Other) Support, as well as their associated attributes, also is included for public comment.” All comments must be received by October 31, 2022, to be assured consideration. For updated information relevant to disclosure requirements and standardization, visit the NSF website.
  6. National Institutes of Health (NIH) – Requirements for Disclosure of other Support, Foreign Components, and Conflicts of Interest
    Website
    Short Description: “Full transparency in NIH applications and throughout the life of an NIH grant is critical. NIH requires the disclosure of all sources of research support, foreign components, and financial conflicts of interest for senior/key personnel on research applications and awards. NIH uses this information when making its funding decisions to determine if the research being proposed is receiving other sources of funding that could be duplicative, has the necessary time allocation, or if financial interests may affect objectivity in the conduct of the research.” This webpage provides information on applicant and recipient institution responsibilities, a chart on disclosure requirements, and details NIH’s responsibilities in the grant award process. For information relevant to disclosure requirements and standardization, see full webpage.
  7. Department of Energy (DOE) – PF 2022-32 Department of Energy Current and Pending Support Disclosure Requirements for Financial Assistance (Jun 2022)
    Website
    Financial Assistance Letter
    Short Description: “Information and guidance regarding the Department of Energy’s (DOE’s) implementation of National Security Presidential Memorandum 33 (NSPM-33) on National Security Strategy for United States Government-Supported Research and Development, issued January 2022 is provided by the attached Financial Assistance Letter.” For information relevant to disclosure requirements and standardization, see the Financial Assistance Letter

V. Documents on Digital Persistent Identifiers (DPIs)

  1. NSPM-33 (Jan 2021)
    Memorandum
    Short Description: For information relevant to DPIs, see Section 4.
  2. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
    Implementation Guidance
    Short Description: For information relevant to DPIs, see pp. 8-10.
  3. COGR – Summary of NSTC Guidance for Implementing NSPM-33: Provisions Regarding DPIs, Consequences, Information Sharing and Research Programs (Jan 2022)
    Summary
    Short Description: “This summary highlights key points of the NSPM-33 Guidance that address the other topics covered by the document: DPIs, consequences, information sharing, and research security programs.” For information relevant to DPIs, see pp. 1-2.

Back to top of page

 

VI. Documents on Research Security Programs

  1. NSPM-33 (Jan 2021)
    Memorandum
    Short Description: For information relevant to research security programs, see Section 4.
  2. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
    Implementation Guidance
    Short Description: For information relevant to research security programs, see pp. 18-21.
  3. GAO – Federal Research: Agencies Need to Enhance Policies to Address Foreign Influence (Dec 2020)
    Report
    Short Description: For information relevant to research security programs, see pp. 25-26.
  4. AAU, APLU, COGR – University Actions to Address Concerns about Security Threats and Undue Foreign Government Influence on Campus (May 2020)
    Document
    Short Description: For information relevant to research security programs, see pp. 2-5.
  5. COGR – Summary of NSTC Guidance for Implementing NSPM-33: Provisions Regarding DPIs, Consequences, Information Sharing and Research Programs (Jan 2022)
    Summary
    Short Description: For information relevant to research security programs, see pp. 5-6, 8-9.

VII. Risk Assessment and Mitigation

  1. NSF/JASON – JASON Report on Fundamental Research Security (Dec 2019)
    Full Report
    Short Description: See full report for information relevant to risk assessment and mitigation. See Section 7.3 for samples of questions that may be used for risk assessment.
  2. NSF – Research Security Website
    Website
    Short Description: For information relevant to risk assessment and mitigation, see section on “Foreign Interference and Risk Mitigation.”
  3. NSTC – Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research Enterprise (Jan 2021)
    Document
    Short Description: For information relevant to risk assessment and mitigation, see pp. 14-15, items 18-21.
  4. AAU, APLU – Principles and Values to Guide Actions Relevant to Foreign Government Interference in University Research (May 2021)
    Document
    Short Description: This document summarizes “fundamental principles and values of the AAU and APLU member institutions that are relevant to their approach to foreign government interference. The goal of articulating these principles and values is to foster protection against foreign government interference without damaging the contributions to national and economic security that the United States derives from the university research enterprise.” The document covers three components: 1) common values of AAU and APLU universities relevant to foreign government interference in research; 2) principles for government actions in protecting and ensuring the future of the U.S. university research enterprise, and 3) principles for universities in responding to foreign government interference. For information relevant to risk assessment and mitigation, see pp. 6-7.
  5. ACE – Letter to ACE Member Presidents and Chancellors Regarding Growing Concerns about Foreign Influence/Interference (May 2019)
    Letter
    Short Description: For information relevant to risk assessment and mitigation, see pp. 4-7.
  6. ACE – Letter to ACE Member Presidents Hosting Confucius Institutes (Jul 2018)
    Letter
    Short Description: This letter to ACE member presidents of institutions with Confucius Institutes provides recommendations on how to proactively assess the security of these specific programs, increase transparency, and enhance the security of research with national and economic security implications.

Back to top of page

 

VIII. Value of Principled International Collaboration

  1. American Academy of Arts and Sciences (AAAS) – America and the International Future of Science, Challenges for International Scientific Partnerships Initiative (Dec 2020)
    Report
    Short Description: “This report takes a broad view of international scientific partnerships, on all scales and levels of formality, and identifies elements that are integral to successful collaboration.” For information relevant to principled international collaboration, see pp. 33-35.

IX. Research Security Guidance from International Entities

  1. Australia – “Guidelines to Counter Foreign Interference in the Australian University Sector”, University Foreign Interference Taskforce (Nov 2019, modified in Nov 2021)
    Guidelines
    Short Description: “These Guidelines support universities to develop new or examine existing tools, frameworks and resources to use for assessing and mitigating risks from foreign interference, proportionate to risk. They also promote greater consistency across the sector. They offer principle-based and specific advice to universities on how to manage risk in their institution. The advice recognises that risk is not uniform across the sector, and universities may implement additional or existing leading-practice mitigation actions proportionate to their own risks of foreign interference. Universities are encouraged to consider whether the Guidelines can be applied to transnational education business models or offshore campuses, where appropriate.”
  2. Australia – Australian Strategic Policy Institute, China Defence Universities Tracker (launched Nov 2019, updated May 2021)
    Tracker
    Report
    Short Description: “The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. The updated Tracker – and accompanying report – continue to be a tool that enables universities, governments, the business community and scholars to conduct due diligence as they engage with entities from China…the Tracker should be used to inform due diligence of Chinese institutions, however, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links.”
  3. Canada – Safeguarding Your Research Website
    Website
    Short Description: This website provides researchers guidance on how to safeguard their research and innovation, covering topics such as 1) why researchers should safeguard research, 2) who they are at risk from, 3) what risks exist, 4) steps that can be taken to protect research, and more.
  4. Denmark – “Guidelines for International Research and Innovation Cooperation” (May 2022)
    Guidelines
    Short Description: “These guidelines have been prepared by the Committee on guidelines for international research and innovation cooperation…[and are intended to] help Danish institutions achieve a balanced approach to international cooperation on research and innovation, aiming to reduce ethical, financial and security risks and to protect their own long-term interests within such cooperation.”
  5. Global Research Council – Statement of Principles and Practices for Research Ethics, Integrity, and Culture in the Context of Rapid-Results Research (May 2022)
    Statement
    Short Description: “This Statement outlines eight principles and practices that frame the collective responsibility of funding agencies; researchers; public and private research organizations (both for- and non-profit); and national governments in ensuring the integrity of rapid-results research. This statement addresses all aspects of national and international research enterprises, from ideation to dissemination and commercialization, and has the potential to strengthen research outcomes.”
  6. G7 – Common Values and Principles on Research Security and Research Integrity (June 2022)
    Paper
    Short Description: This collaborative paper among G7 members emphasizes “the continuation of a collaborative research system where the importance of all talent – domestic and international – is acknowledged. Openness and security are not contradictory but complementary and mutually reinforcing.” This paper provides the G7’s common vision and principles in research security and integrity; defines important concepts; and describes current activities aimed at addressing existing concerns in the research enterprise.
  7. Japan – Policy Directions for Ensuring Research Integrity in Response to New Risks Associated with Increasing Internationalization and Openness of Research Activities (April 2021)
    Document
    Short Description: This document outlines steps the Japanese government is taking “in collaboration with researchers, universities, research institutions, and research funding agencies to support [and] autonomously secure the soundness and fairness of research (research integrity) of researchers, universities, and research institutions.” Efforts discussed include initiatives relevant to disclosure and outreach to organizations.
  8. New Zealand – Due Diligence Assessments: For Espionage and Foreign Interference Threats (May 2022)
    Guide
    Short Description: “This guidance outlines potential Foreign Interference risks to New Zealand business, research, and investment. It has practical approaches to due diligence, including identifying and making informed decisions about potential risks.”
  9. Organization for Economic Co-operation and Development (OECD) – OECD Report on Integrity and Security in the Global Research Ecosystem (June 2022)
    Report
    Short Description: “This report describes policy initiatives and actions to safeguard national and economic security whilst protecting freedom of inquiry, promoting international research cooperation, and ensuring openness and non-discrimination. It includes examples of actions that are being taken to prevent foreign interference, manage risks, and help ensure trust in science in the future, offering recommendations to help countries develop effective policies to strengthen research security as part of a broader framework of research integrity.”
  10. Sweden – Swedish Foundation for International Cooperation in Research and Higher Education (STINT), Responsible Internationalisation: Guidelines for Reflection on International Academic Collaboration (2020)
    Document
    Short Description: “The document is intended to serve as support for reflection and as the basis for discussion of strategic decisions on internationalisation. The purpose is to aid researchers, research directors, department heads, and university administration in assessing collaborations and structuring discussions on how the HEI [higher education institution], department or research group should approach international collaboration.”
  11. United Kingdom – Website on Trusted Research
    Website
    Short Description: Trusted Research, “a campaign to raise awareness of the risks to research collaborations which may occur when working with organisations or research partners with links to nations whose democratic and ethical values are different from our own”, aims to support the integrity of the system of international research collaboration. “Advice has been produced in consultation with the research and university community and is designed to help the U.K.’s world-leading research and innovation sector get the most out of international scientific collaboration whilst protecting intellectual property, sensitive research and personal information.” The U.K. Government’s National Technical Authority for Physical and Personnel Protective Security has developed an interactive website that provides guidance and checklists for academia and industry.

Back to top of page

 

X. Research Security Guidance from Associations and Societies

  1. AAU, APLU, COGR – University Actions to Address Concerns about Security Threats and Undue Foreign Government Influence on Campus (May 2020)
    Document
    Short Description
  2. AAU, APLU – Principles and Values to Guide Actions Relevant to Foreign Government Interference in University Research (May 2021)
    Document
    Short Description
  3. AAU – Actions Taken to Address Foreign Security Threats, Undue Foreign Interference, and Protect Research Integrity at U.S. Universities (Jun 2022)
    Document
    Short Description: This document summarizes “actions that have already been taken or are currently being taken by both universities and federal entities regarding research security.” Sections include 1) actions taken by universities; 2) actions taken by Congress; 3) actions taken by the Executive branch and federal agencies; and 4) existing federal research security requirements.
  4. ACE – Letter to ACE Member Presidents and Chancellors Regarding Growing Concerns about Foreign Influence/Interference (May 2019)
    Letter
    Short Description
  5. ACE – Letter to ACE Member Presidents Hosting Confucius Institutes (Jul 2018)
    Letter
    Short Description
  6. Association of American Medical Colleges (AAMC) – Research Security and Foreign Interference at U.S. Academic Institutions Webpage
    Webpage
    Short Description: “This page provides background information [on research security and foreign interference], the latest updates on relevant federal government policies and activities, and considerations and resources for institutional leadership, administrators, and researchers as they address this issue on their [campuses].”
  7. COGR – Matrix of Science & Security Laws, Regulations, and Policies (Sep 2022)
    Webpage with Matrix
    Short Description

Back to top of page

National Counterintelligence and Security Center