2

The U.S. Department of Defense, Research, and the Research Security Environment

During the first workshop session, panelists and event attendees discussed the current research and research security environment. Workshop planning committee member and session moderator Alan E. Kohler, Jr. (Pamir Consulting), introduced the session by discussing his prior work in counterintelligence at the Federal Bureau of Investigation (FBI), where one of his passions was figuring out how the Bureau could do a better job supporting the research security community. Kohler suggested that “we are all in this research security rowboat . . . paddling away as hard as we can. Every time we look . . . all we see is water” and “we are not quite sure how far along we have gotten.” Compared with 5 years ago, however, Kohler said that we are in a much better (though not perfect) place, and it is an appropriate time to take stock, assess, and move on and see where we can go with research security efforts.

The session’s first panelist, Jason Day (DOD), said that there is an urgent need to understand the impact of research security policies. He discussed the 2025 DOD Component Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions,¹ which informs agency decisions regarding the awarding of research grants. The matrix assists with the reviewing of proposals for fundamental research for potential conflicts of interest and conflicts of commitment (e.g., the receipt of funding from a

___________________

¹ See https://basicresearch.defense.gov/Portals/61/Documents/Academic%20Research%20Security%20Page/2025%20DoD%20Decision%20Matrix%20to%20Inform%20Fundamental%20Research%20Risk%20Decisions.pdf.

foreign country of concern or failure to disclose a patent application that resulted from research funded by the U.S. government but was filed in a foreign country of concern) and describes conditions where mitigation is required or suggested prior to the awarding of a grant.

DOD funds basic research at universities and supports the rapid transition of those technologies to the private sector or the department, Day said. Protecting this process is critical to U.S. national security and the economy.

Several categories of risks are associated with research, Day explained. Foreign influence in the research process, for example, is a high-risk concern, particularly if the research is being used to improve defense research capabilities of near-peer competitor nations.

The U.S. research enterprise is increasingly internationally focused and requires a robust ecosystem to support collaboration and stimulate innovation. Day said that DOD encourages U.S. researchers to collaborate internationally but recognizes the need to preserve openness and simultaneously protect the U.S. research enterprise against nations that wish to undermine it. To foster openness and transparency, DOD requires researchers to disclosure information about current and pending financial support and collaborations.

DOD takes a broad view in its research security evaluations, Day continued, considering not only risks but the impact of security policies on research. A secure research environment ensures that the United States can maximize technological advantage for economic and national security goals.

The session’s second panelist, Rebecca Spyke Keiser (NSF), said that the evaluation of research security efforts is top of mind for NSF, noting that it collaborates with agency partners to ensure consistency and harmonization in research security initiatives.

The evaluation of any type of governmental policy can be challenging, Keiser said, as policy implementation takes several years and the effects of policies may manifest over several more. Therefore, evaluation of research security initiatives needs to consider not only the outcomes of policies on those conducting research but the impact of research security efforts and how well

the United States maintains an open research ecosystem supportive of innovation. There is also a need to evaluate how well research security policies support maintaining and retaining beneficial international collaborations, she said.

Keiser noted that a 2019 JASON report, Fundamental Research Security,² outlined some concerning research security issues, including the misappropriation of research and undisclosed conflicts of interest and commitment. Such issues should be balanced against the need for a vibrant science, technology, engineering, and medicine (STEM) workforce in the United States as well as international collaborations that are critical to scientific innovation, she said.

Keiser said that the JASON report includes a list of helpful questions about how to assess risk in international collaboration. These include

• Can you readily identify the contributions of both sides of a collaboration?
• Do you know where the funding of both sides of the collaboration is coming from?
• How are data collected and disseminated as part of the collaboration?

Keiser suggested that these questions could be incorporated into evaluations to assess potential risks when collaborating.

Keiser also discussed a new NSF program called Research on Research Security (RoRS) that has the capability to collect data on research security in a rigorous, hypothesis-driven manner.³ She asked that those seeking to quantify the effects of research security policies consider applying to the program for support for research that supports evaluations of the impact of these policies.

Keiser also discussed NSF’s Safeguarding the Entire Community of the U.S. Research Ecosystem (SECURE) program.⁴ SECURE supports

___________________

² https://nsf-gov-resources.nsf.gov/files/JSR-19-2IFundamentalResearchSecurity12062019FINAL.pdf.

³ RoRS “supports interdisciplinary, evidence-based research to enhance understanding of security risks, practices and policies to safeguard the U.S. research enterprise and foster a strong academic field in research security.” See https://www.nsf.gov/funding/opportunities/rors-research-research-security-program.

⁴ SECURE’s mission is to “share information and reports on research security risks, provide training on research security to the science and engineering community and serve as a bridge between the research community and government funding agencies to strengthen cooperation on addressing security concerns.” See https://www.nsf.gov/news/nsf-backed-secure-center-will-support-research.

research security efforts in the research community, including by providing clarity regarding principled international collaboration in science. SECURE requires recipients of funding to conduct an internal evaluation of their research security program, including impacts on the research itself. SECURE can also assist in evaluating the impact of research security policies. NSF is funding SECURE through a cooperative agreement, which allows for engagement with multiple agencies, including on the development of evaluation measures.

Panelist Alexander Angert (FBI) said that “the U.S. has the most robust research ecosystem of anybody on the earth, and this has put us in the forefront of scientific discovery . . . generation after generation.” This is “something we want to protect, not treat lightly. It’s central to our national interests, including our security and economic prosperity. . . . If this is to continue, we need to be able to keep attracting the best and brightest talent from around the world to study here, work here, and hopefully even put down roots here.” The United States, Angert said, needs foreign talent, including from China. Each Chinese researcher who is not tied to military-civil fusion entities and who makes their home in the United States grows the talent pool.⁵ Nevertheless, Angert said that the research security threat from China is real.

Angert noted that, in the last 6–7 years, the United States has taken steps to protect its research ecosystem. He said that there are now far fewer Chinese Communist Party (CCP) researchers in the United States, including those with assessed military-civil

___________________

⁵ “Military-Civil Fusion,” or MCF, is a national strategy of the Chinese Communist Party (CCP). Its goal is to enable the Peoples Republic of China “to develop the most technologically advanced military in the world.” “A key part of MCF is the elimination of barriers between China’s civilian research and commercial sectors, and its military and defense industrial sectors.” See https://www.state.gov/wp-content/uploads/2020/05/What-is-MCF-One-Pager.pdf.

fusion ties. He noted that U.S. Presidential Proclamation 10043, which was signed by President Trump in 2020, has increased travel screening and security restrictions.⁶ Universities have taken action to implement network security policy management efforts and are proactively identifying researchers who are not in compliance with research security requirements. Federal security requirements now make it harder for individuals to conduct illicit activities and easier to identify those who do (and to stop them). Angert pointed out that research security requirements also reduce the ability of Chinese students in the United States, who have a high risk of being exploited by CCP authorities, to operate as nontraditional collectors of intellectual property (IP). Angert noted, however, that as research security policies have evolved, threat actors seeking to exploit our open academic environment have developed new approaches to leverage the U.S. research enterprise to their advantage.

Angert said that China refers to U.S. research security measures as a technology blockade and is taking efforts to undermine the U.S. system. He asserted that China and other competitors have obscured government funding sources and obtained information about the products of U.S. research from third-party collaborators. Angert said China is conducting persistent and sophisticated cyber operations against the United States. Despite a 2015 U.S.–China cybersecurity agreement, the U.S. government is aware of efforts that, while not necessarily illegal, are unethical and nontransparent.⁷ These include the unauthorized sharing of prepublication research data, obtaining advanced access to grant proposals, and attempts to influence the grant approval process.

Angert sees the FBI’s mission as safeguarding science and the R&D ecosystem by raising awareness about the objectives of adversaries. The Bureau is working to empower the research community by educating it about how to identify and manage potential anomalies. It has academic coordinators in all 55 of its field offices. Angert said that these individuals are the linchpin of the Bureau’s academic engagement efforts. In addition, he noted that the FBI’s National Cyber Investigative Joint Task Force, which is co-led by DOD,

___________________

⁶ Trump, D. J. 2020, June 4. “Proclamation 10043—Suspension of Entry as Non-immigrants of Certain Students and Researchers from the People’s Republic of China.” Federal Register 85(108): 34353–34355, https://www.federalregister.gov/documents/2020/06/04/2020-12217.

⁷ As part of the agreement, the United States and China agreed to not conduct government-sponsored economic espionage in cyberspace. See, e.g., https://jsis.washington.edu/news/u-s-china-cybersecurity-cooperation.

has within its purview academic and other research institutions and labs that work directly with their respective FBI field offices.⁸

Angert said that research security is a big undertaking, and federal agencies and academic institutions must be partners in this work. The FBI, he said, wants to support academia and other institutions in identifying any issues as they arise: “We have a common goal which is to ensure that great research can continue to happen in the United States and is not compromised by bad actors exploiting the openness that makes it possible.”

Session panelist Michael Witherell (Lawrence Berkeley National Laboratory [LBNL] and University of California, Berkeley) said that LBNL, which is owned by the U.S. Department of Energy (DOE) but managed by the University of California, conducts unclassified work. He said that LBNL has a well-managed research environment with a robust research security program. Lab reviews, external partnerships, and technology transfer agreements support the goal of advancing U.S. economic competitiveness and national security.

Witherell said that Chinese researchers are well integrated into universities conducting military research, nonmilitary institutes, and private companies. He observed that Chinese nationals working at U.S. institutions are likely to be interrogated when they return home to renew their visa. This can create anxiety and hesitancy about their research in the United States and put a damper on their ability to contribute to innovative research.

As a laboratory director, Witherell said that he works with his senior leadership team on research security issues. Threats are managed using a layered approach, wherein information is available to individuals to assist in the management of research security procedures, tools, and infrastructure. Witherell said, when managed properly, R&D on critical sensitive technologies can be conducted in the same institution where unclassified and nonsensitive research is conducted.

All foreign nationals requesting access to LBNL are vetted, Witherell explained, and enhanced vetting is performed for individuals who have associations with nations of concern. Everyone “badges in” when entering and exiting research buildings.

___________________

⁸ The National Cyber Investigative Joint Task Force was established in 2008 and includes more than 30 partnering agencies from across law enforcement, the intelligence community, and DOD. The Task Force coordinates, integrates, and shares information related to cyber threat investigations to support intelligence analysis for decision-makers. See https://www.fbi.gov/investigate/cyber/national-cyber-investigative-joint-task-force.

DOE labs have developed a science and technology risk matrix to identify and protect R&D on critical and emerging technologies.⁹ It “uses a Red/Yellow/Green categorization scheme to quantify the risk associated with a given topic and the resulting level of controls that are required.”¹⁰

Witherell noted that DOE is the only civilian science agency with its own counterintelligence program. LBNL participates in this program and DOE counterintelligence offices serve all national labs. The program monitors close calls which, in turn, inform evaluation efforts.

The final session panelist, Stephen Welby (Georgia Tech Research Institute), began his remarks by noting that the world is a competitive environment. Research capacity is fundamental to the United States and its economic and national security, he said. The United States’s economic and national security strategies depend on maintaining technical advantage for economic development and national security.

Welby said that DOD “has a vested interest in ensuring that the research that it funds does not inadvertently advance the interests and ambitions of our competitors and adversaries. Beyond that . . . every American citizen has a right to expect an appropriate return on investment on . . . tax dollars that get invested into federally funded research and development.” Return on investment is measured in terms of the advantage to the United States—not its competitors.

Welby said that it is important to have strong metrics to assess research security, noting that current assessments of research security efforts may not capture their impact. Research security policies often focus on issues such

___________________

⁹ DOE’s Science & Technology Risk Matrix is intended to “highlight areas of emerging and potential concern associated with economic and/or intellectual competitiveness.” See https://www.directives.doe.gov/terms_definitions/science-and-technology-risk-matrix-s-t-risk-matrix. Research institutions are looking at such matrices as potential models for their own research security efforts.

¹⁰ See DOE. 2022, December 17. Introduction to the Science & Technology (S&T) Risk Matrix, https://www.energy.gov/science/articles/science-technology-risk-matrix.

as conflicts of interest or affiliation with countries of concern but do not evaluate how they are affecting research or researchers directly.

Nearly all the U.S. R1 universities focus on fundamental research, the results of which are not subject to export control laws and regulations.^11,12 Agency requests for research proposals often begin with preambles that ask about the economic and national security impacts of the proposed research even if the research is described as fundamental, Welby said. Grantmakers must ensure, he said, that any designation for fundamental research that could significantly impact national or economic security is clear. If we are going to recognize the role of fundamental research in our competitive advantage in the United States, Welby said, it should be treated as such: unless “we’re measuring that, we may be measuring the wrong thing.”

DISCUSSION

Kohler asked panelists to comment on whether an understanding of research security varies based on where staff sit within an institution. In response, Witherell said that, while vice chancellors, vice presidents of research, and deans of research seem to have a strong understanding of research security issues, faculty may not. He emphasized the importance of being “explicit at the beginning what we’re protecting, because if you try to protect everything, you protect nothing.”

Welby said that it is important to identify sources of leakage in the U.S. R&D enterprise, noting that the FBI has identified individuals who have attempted to participate in the U.S. research ecosystem who are agents of foreign powers. We also need to pay continued attention to cybersecurity, the vulnerabilities of proprietary information, and national security information, he said.

Foreign involvement and ownership of critical technology firms is also an issue. If one were to examine and rank the risk associated with foreign

___________________

¹¹ R1 institutions have very high research spending and doctorate production.

¹² Welby defined fundamental research as research in science and engineering or mathematics that is typically published and shared widely within the research community without proprietary national security restrictions. For a discussion of fundamental and other types of research, see Box 1-1.

involvement and ownership of technology, it suggests that there are other areas where we should be investing resources preferentially, Welby said. “As we think about deploying resources to counter broader threats to our ecosystem, we should be asking what’s the best way to get return on that investment.”

Kohler noted that there have been discussions about the need for research culture to be more security minded, but that achieving such a culture change could involve additional requirements that would increase researchers’ workload. Day said that DOD is mindful of the burden that research security policies may impose when it develops new research security policies, and the agency is trying to make its processes more transparent. One approach is to provide the university community with specific details about what DOD is looking for during research security reviews, Day continued. DOD has also developed training resources jointly with NSF on research security. The agency is also working to share anecdotes and information about research security to help faculty understand what DOD is seeking during proposal review.

The SECURE Center is an important resource for the university community, Kohler added. As a clearinghouse for information for the research community, the Center will encourage the sharing of reports on research security risks and offer related training. By doing so, its aim is to build trust and improve communication between faculty and university administrations and federal agencies.

Kohler asked panelists to identify research security measures that should be changed or specific data that might help inform decision-making. Day said that information about Ph.D. flows between other countries in high-talent STEM areas could help DOD assess the impact of research security policies. Angert said that more openness from universities about suspicious activity and anomalous indicators would be useful. Witherell added that universities need to develop tools to manage research security issues related to postdoctoral programs. Welby said that assessments of the effects of research security policies could measure costs associated with implementation. It is harder to measure awareness of research security issues, he said, but surveys could be used to assess researchers’ situational awareness of research security challenges. Surveys could also be informative for developing metrics on resistance to research security policies, including

about perceptions that policies are discriminatory.

“The hardest thing to measure is effectiveness,” Welby said. “I only know after the fact whether I’ve actually been able to mitigate a particular risk, and I have to prove a counter positive” (i.e., that something did not occur as a result of the risk mitigation measures). “And we’ve wrestled for a long time with how to be able to do that—we would use sampling or other processes and other measurement techniques [but] that’s not viable in a large social system like this. . . . Ultimately, there is going to be the gap in terms of measuring how effective these tools are. It’s kind of a losing proposition. You’ll only know when you fail.”

Workshop planning committee member Lisa Nichols (University of Notre Dame) asked what kind of data the FBI was collecting on the unauthorized transfer of prepublication academic fundamental research. Angert said the agency has looked at data on the number of cases and prosecutions related to the theft of IP, but those data do not apply in this space. He said that, ideally, as research security policies and procedures are implemented, the research ecosystem will become more resilient and better able to stop threats. This will ultimately result in fewer cases of abuse.

Angert said that it is challenging for the FBI to collect data on the theft of fundamental research. However, academic coordinators in field offices with expertise in particular areas of research may have insight into key technologies that may be at risk.

Welby said that the “best measurement we could have is the impact of the things that we’re doing on the behavior and perceptions of those who do not have our best interests in mind.” This is a very difficult task. Workshop planning committee member J. Michael McQuade (Belfer Center for Science and International Affairs, Harvard University Kennedy School of Government) added that the research security community also needs to ask whether “we are having a negative impact on our ability to go fast and deliver.”

Day said that research outflows are another area for evaluation. Where individuals go after they have completed their research and who they collaborate with are areas of critical interest. Angert suggested that adversaries may be more interested in fundamental research as it lays the foundation for technology development. When looking to protect artificial intelligence (AI), quantum, and aerospace technologies, fundamental research may need to be an area of focus, he said. For researchers at academic institutions or research centers, publications and data are important tools. If the researcher is a person of concern, access to such resources may need to be controlled.

Fox asked participants to comment on barriers to information-sharing on research security. Day suggested that it could be beneficial if DOD was able to release more information about the research reviews they conduct. Additional information from the counterintelligence community could also be beneficial, he said.

Welby noted that, since National Security Presidential Memorandum 33 (NSPM-33) was issued, the pattern of prosecutorial success on matters related to research security has not been significant.¹³ Prosecutorial successes could be a metric, he said, if there were a significant number. What is clear and measurable is the cost implications of the implementation of research security policies on campus—though such costs are necessary to protect research, he said. He also noted that the costs of research security measures are showing up as indirect costs just as caps are being imposed on indirect cost recovery.¹⁴

___________________

¹³ White House. 2021, January 14. Presidential Memorandum on United States Government–Supported Research and Development National Security Policy. Executive Office of the President. https://www.whitehouse.gov/wp-content/uploads/2021/01/NSPM-33-Research-Security-Memo.pdf. NSPM-33 aims to protect U.S. federally funded research from foreign government interference and misappropriation while maintaining an open research environment. The memorandum mandates that research institutions receiving more than $50 million annually in federal research funding establish research security programs.

¹⁴ NSF, DOE, and the National Institutes of Health have all announced policies to cap indirect rates on grants and cooperative agreements at 15 percent. See, e.g., https://www.nsf.gov/policies/document/indirect-cost-rate, https://www.energy.gov/articles/department-energy-overhauls-policy-college-and-university-research-saving-405-million, and https://grants.nih.gov/grants/guide/notice-files/NOT-OD-25-068.html.

Fox said that there is a need for trusted relationships between federal agencies and universities. She suggested that relationships could be improved through information-sharing between the federal government and universities.

Nichols said that it sounds as if DOD is tracking the number of security reviews, the number of proposals rejected, and risks that were identified. She expressed an interest in having that information made public and asked if DOD was tracking scientific and international research impact broadly.

Day said such tracking is challenging because it takes several years for these things to manifest. He noted, for example, that publications, a common metric to track, can appear as many as 5 or 10 years after a collaboration took place.

Kohler said that people are by far the most important aspect of research security. He suggested that research security is about innovating around our adversaries while our security apparatus holds them back. The focus, he said, should be protecting people and encouraging them to stay in the United States. It is important to talk about success stories and point to the numbers who come to the United States, remain here, and contribute to American society.

Welby said that a clear measure of success is the fact that the U.S. system of research remains attractive to the world’s best and brightest researchers. A successful research enterprise is an accelerant and an enormous economic advantage. While difficult to quantify, success is apparent in the numbers of companies formed and the pace of research production. Day said that it is also important to account for those researchers the country is losing.