Protecting cutting-edge research in a world of sharpened tensions

Governments are prioritising research security amid heightened competition over science and technology
Main Top Image
Image created with the assistance of Midjourney

UK security chiefs on April 25 briefed university vice-chancellors about the threat posed by hostile states to academic research. This came just days after the German authorities announced the arrest of three people alleged to have transferred sensitive technology and research to China. Two of the suspects ran a business that conducted collaborative research projects with a German university, allegedly passing on the results to an agent of the Chinese Ministry of State Security.

These examples are the latest indication that the security of research and technological innovation is an increasing concern for Western states. Scientific and technological innovation is a key arena of competition, so states increasingly seek to secure parts of the research ecosystem against their adversaries. However, increased scrutiny and regulation of research can be unwelcome to academics, who see it as undermining their ability to collaborate productively with their peers.

The long history of research security

The focus on the security of research and technological innovation is shared across the Five Eyes countries: the United Kingdom, the United States, Australia, Canada, and New Zealand. It is also on the agenda for the OECD, the G7, and the European Union. The term ‘research security’ is increasingly used to refer to the practice of protecting research, with the United States writing the term into law. However, alternative expressions, such as ‘knowledge security’ have also been used.

Research security and knowledge security encompass a range of long-standing threats. Industrial espionage is nothing new (although there are good reasons to question its effectiveness as a way of acquiring technologies). During the Cold War, espionage targeting research and technological innovation was central to the intelligence competition between the United States and the Soviet Union. This prompted Washington to commission a report, which was published in 1982 and warned that “apparent increases in acquisition efforts by our adversaries […] raised serious concerns that openness may harm US security”. In some ways, the current focus on research security harks back to this period.

A sharpened geopolitical environment

Given the familiarity of the underlying issues, the renewed focus on research security likely reflects an increase in government threat assessments. One factor driving this change is likely to be the scale and complexity of the international research ecosystem. Since the 1990s, international academic collaboration has grown dramatically: one study found that the percentage of the UK’s research output produced in collaboration with Chinese authors increased from 1% in 2000 to around 11% in 2019.

This collaboration has been good for universities, science, and economic development. However, in the context of a “sharpened geopolitical environment”, the level of collaboration is prompting concern among Western governments. The issue is not so much the scale of collaboration per se, but rather that this scale creates challenges for governments and universities in managing risks that “are increasingly dynamic and growing in complexity”.

Another factor driving the elevated threat assessment is that the relationship between academic research and technological development is also changing. In March 2024, JASON, a group that advises the US government on defence science and technology, published a report on research security that describes the “increasing connection and decreasing distance between areas of academic research and their application and commercial development”.

The national security implications of research into Artificial Intelligence (AI) or autonomous vehicles, for example, underline that dual-use or sensitive research is no longer conducted solely at secure institutes and major defence contractors. Instead, more areas of academic research and the economy are being conceptualised as critical to national security.

A tougher UK approach

The United Kingdom runs two awareness campaigns relevant to research security: the ‘Trusted Research’ campaign focuses on international research collaboration, while the ‘Secure Innovation’ campaign targets the emerging technology sector.

The UK’s National Protective Security Authority (NPSA) leads these campaigns. Established in March 2023, the NPSA is the “national technical authority for physical and personnel protective security”. Its remit includes protecting against “[s]tate-sponsored attempts at stealing sensitive research and information”.

In an April 18 speech, UK Deputy Prime Minister Oliver Dowden said the government was considering additional measures to ensure that research could not be “influenced, exploited, or even coerced”. Among the options are expanding the number of university staff with security clearances, establishing a working group to create professional standards around research security, and increasing funding for universities to develop research security capabilities.

Blunting the cutting edge of research?

London’s approach is broadly aligned with Washington’s. Directives introduced under the Trump administration and maintained by President Joe Biden require that research institutions receiving above $50 million of public funding annually have a research security programme covering “cyber security, foreign travel security, insider threat awareness and identification, and, as appropriate, export control training.”

In response to these government requirements, the US National Institute of Standards and Technology (NIST) established a Research Security Framework to provide guidance on best practices for research security. However, a group representing US universities, the Council on Government Relations (COGR), criticised the NIST framework as “unfeasible”. COGR argues that universities are fundamentally unsuited to the kind of security review processes the Framework envisages, highlighting their decentralised structure, emphasis on academic freedom, and resource limitations compared to a government agency.

The COGR assessment underlines a fundamental challenge around research security. Increased controls on research limit the international collaboration on which cutting-edge research depends. The introduction of vetting around international recruitment and partnerships also predictably leads to delays that can undermine projects. Some observers warn that increased government scrutiny alone can exert a chilling effect on international collaboration.

Research into research security

The risks that security controls pose to research collaboration are examined in the March 2024 JASON report, which argues against the introduction of blanket controls on basic research. Following its recommendations, the US National Science Foundation (NSF) is exploring less intrusive ways to identify projects that require additional security, including using AI to recognise potentially security-relevant projects for further scrutiny.

Nonetheless, the issue of research security poses tough choices around resource allocation in a time of straitened financial circumstances in higher education. How to create research security programmes that effectively mitigate risks while avoiding undermining research collaboration is a pressing question. It raises emotionally and morally charged questions about the relationship between academic freedom and national security.

In the United States, the NSF has initiated a programme of research on research security. Further research could quantify the impact of security controls on collaboration, which could benefit the wider debate. More broadly, the topic of research security touches on debates in the study of intelligence, cyber security and conflict, and science and technology. The concept of research security is also ripe for critical examination, for example, to understand the variation in the usage of ‘research security’ and related terms and the underlying understandings they support. Although it may seem self-referential, there is a need for security researchers to conduct further research on research security.

Neil Ashdown is a PhD candidate at Royal Holloway University of London. His thesis examines public-private collaboration on intelligence and security.

Terms & Conditions

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by the European Cyber Conflict Research Incubator (“ECCRI CIC”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 15 December 2024, 00:00 am CET., through the official submission portal provided by ECCRI CIC.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants ECCRI CIC exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

ECCRI CIC, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify ECCRI CIC, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

ECCRI CIC reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond ECCRI CIC’s reasonable control impairs the integrity or proper functioning of the Competition, as determined by ECCRI CIC in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, ECCRI CIC reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.