Protecting cutting-edge research in a world of sharpened tensions

UK security chiefs on April 25 briefed university vice-chancellors about the threat posed by hostile states to academic research. This came just days after the German authorities announced the arrest of three people alleged to have transferred sensitive technology and research to China. Two of the suspects ran a business that conducted collaborative research projects with a German university, allegedly passing on the results to an agent of the Chinese Ministry of State Security.

These examples are the latest indication that the security of research and technological innovation is an increasing concern for Western states. Scientific and technological innovation is a key arena of competition, so states increasingly seek to secure parts of the research ecosystem against their adversaries. However, increased scrutiny and regulation of research can be unwelcome to academics, who see it as undermining their ability to collaborate productively with their peers.

The long history of research security

The focus on the security of research and technological innovation is shared across the Five Eyes countries: the United Kingdom, the United States, Australia, Canada, and New Zealand. It is also on the agenda for the OECD, the G7, and the European Union. The term ‘research security’ is increasingly used to refer to the practice of protecting research, with the United States writing the term into law. However, alternative expressions, such as ‘knowledge security’ have also been used.

Research security and knowledge security encompass a range of long-standing threats. Industrial espionage is nothing new (although there are good reasons to question its effectiveness as a way of acquiring technologies). During the Cold War, espionage targeting research and technological innovation was central to the intelligence competition between the United States and the Soviet Union. This prompted Washington to commission a report, which was published in 1982 and warned that “apparent increases in acquisition efforts by our adversaries […] raised serious concerns that openness may harm US security”. In some ways, the current focus on research security harks back to this period.

A sharpened geopolitical environment

Given the familiarity of the underlying issues, the renewed focus on research security likely reflects an increase in government threat assessments. One factor driving this change is likely to be the scale and complexity of the international research ecosystem. Since the 1990s, international academic collaboration has grown dramatically: one study found that the percentage of the UK’s research output produced in collaboration with Chinese authors increased from 1% in 2000 to around 11% in 2019.

This collaboration has been good for universities, science, and economic development. However, in the context of a “sharpened geopolitical environment”, the level of collaboration is prompting concern among Western governments. The issue is not so much the scale of collaboration per se, but rather that this scale creates challenges for governments and universities in managing risks that “are increasingly dynamic and growing in complexity”.

Another factor driving the elevated threat assessment is that the relationship between academic research and technological development is also changing. In March 2024, JASON, a group that advises the US government on defence science and technology, published a report on research security that describes the “increasing connection and decreasing distance between areas of academic research and their application and commercial development”.

The national security implications of research into Artificial Intelligence (AI) or autonomous vehicles, for example, underline that dual-use or sensitive research is no longer conducted solely at secure institutes and major defence contractors. Instead, more areas of academic research and the economy are being conceptualised as critical to national security.

A tougher UK approach

The United Kingdom runs two awareness campaigns relevant to research security: the ‘Trusted Research’ campaign focuses on international research collaboration, while the ‘Secure Innovation’ campaign targets the emerging technology sector.

The UK’s National Protective Security Authority (NPSA) leads these campaigns. Established in March 2023, the NPSA is the “national technical authority for physical and personnel protective security”. Its remit includes protecting against “[s]tate-sponsored attempts at stealing sensitive research and information”.

In an April 18 speech, UK Deputy Prime Minister Oliver Dowden said the government was considering additional measures to ensure that research could not be “influenced, exploited, or even coerced”. Among the options are expanding the number of university staff with security clearances, establishing a working group to create professional standards around research security, and increasing funding for universities to develop research security capabilities.

Blunting the cutting edge of research?

London’s approach is broadly aligned with Washington’s. Directives introduced under the Trump administration and maintained by President Joe Biden require that research institutions receiving above $50 million of public funding annually have a research security programme covering “cyber security, foreign travel security, insider threat awareness and identification, and, as appropriate, export control training.”

In response to these government requirements, the US National Institute of Standards and Technology (NIST) established a Research Security Framework to provide guidance on best practices for research security. However, a group representing US universities, the Council on Government Relations (COGR), criticised the NIST framework as “unfeasible”. COGR argues that universities are fundamentally unsuited to the kind of security review processes the Framework envisages, highlighting their decentralised structure, emphasis on academic freedom, and resource limitations compared to a government agency.

The COGR assessment underlines a fundamental challenge around research security. Increased controls on research limit the international collaboration on which cutting-edge research depends. The introduction of vetting around international recruitment and partnerships also predictably leads to delays that can undermine projects. Some observers warn that increased government scrutiny alone can exert a chilling effect on international collaboration.

Research into research security

The risks that security controls pose to research collaboration are examined in the March 2024 JASON report, which argues against the introduction of blanket controls on basic research. Following its recommendations, the US National Science Foundation (NSF) is exploring less intrusive ways to identify projects that require additional security, including using AI to recognise potentially security-relevant projects for further scrutiny.

Nonetheless, the issue of research security poses tough choices around resource allocation in a time of straitened financial circumstances in higher education. How to create research security programmes that effectively mitigate risks while avoiding undermining research collaboration is a pressing question. It raises emotionally and morally charged questions about the relationship between academic freedom and national security.

In the United States, the NSF has initiated a programme of research on research security. Further research could quantify the impact of security controls on collaboration, which could benefit the wider debate. More broadly, the topic of research security touches on debates in the study of intelligence, cyber security and conflict, and science and technology. The concept of research security is also ripe for critical examination, for example, to understand the variation in the usage of ‘research security’ and related terms and the underlying understandings they support. Although it may seem self-referential, there is a need for security researchers to conduct further research on research security.

Neil Ashdown is a PhD candidate at Royal Holloway University of London. His thesis examines public-private collaboration on intelligence and security.