Appendix F

The National Science, Technology, and Security Roundtable Co-Chairs’ Paper

John C. Gannon, Richard A. Meserve, Maria T. Zuber

July 2024

This paper was presented at the Capstone Workshop and shared in advance with all attendees. It was revised after the workshop to incorporate comments and additional information from the workshop.

The opinions expressed here are those of the authors and do not necessarily represent positions of the other workshop participants; the National Science, Technology, and Security Roundtable; or the National Academies of Sciences, Engineering, and Medicine.

Section 1746(b) of the National Defense Authorization Act for Fiscal Year 2020 (NDAA 2020; P.L. 116-92)¹ directed the establishment of a National Science, Technology, and Security Roundtable (NSTSR) by the National Academies of Sciences, Engineering, and Medicine (the National Academies) to explore issues related to the illicit exploitation of the openness of U.S. fundamental research by certain foreign countries, principally China, in ways detrimental to U.S. national and economic security. The Statement of Task for the NSTSR arising from the congressional direction is set out in Box F-1.

Our basic mandate was to assess the growing foreign threat to open science and the effectiveness of the U.S. response to it. The NSTSR reached out to a wide range of stakeholders to discuss foreign threats and risks and to engage in a dialogue about risk management. Our objective was to gain understanding and share our observations, not necessarily to develop a consensus on substance or policy.

The membership of the NSTSR is made up of representatives of federal agencies and key stakeholders in the scientific enterprise, including universities, federal research laboratories, industry, and nonprofit organizations. The NSTSR held 14 meetings between November 2020 and September 2024 to explore issues related to its charge, including 9 sessions in Washington, D.C. and 5 regional meetings at the University of Maryland, Massachusetts Institute of Technology (MIT), Northwestern University, Hoover Institution at Stanford University, and Texas A&M University. The NSTSR has had extensive interactions with numerous federal agencies, including law enforcement and the Intelligence Community, and a wide range of people from the research community.

PURPOSE OF THIS REPORT

NDAA 2020 directs that the NSTSR shall issue publicly available reports concerning the matters covered in the Statement of Task. Because National Academies procedures prohibit roundtables from preparing consensus reports, the three co-chairs drafted this document to describe the course of the NSTSR’s work and to convey our observations from our extensive deliberations. NSTSR members provided useful input to the draft in two review sessions at Texas A&M on January 6, 2024, and at the National Academies’ Keck Center in Washington, D.C., on May 1, 2024,

___________________

¹ The text of the Section 1746(b) is set out in an addendum to this paper.

and some of those suggestions have been incorporated into this document. We conclude with the view that much has been done but much more needs to be done within the research enterprise and by other government and private-sector stakeholders.

The co-chairs believe that an unrestricted, independent report from them is the best way to convey the full measure of the rich insights received from a wide range of stakeholders over the past 4 years and to address broader issues relevant to U.S. scientific research. This paper is divided into four sections: (1) “Bottom Lines,” a brief snapshot of the current state of

play on salient issues; (2) “The Vital Role of Open Science,” an in-depth assessment of current challenges; (3) “A Roundup of the Roundtable’s 4-Year Journey,” a summary and analysis of the topics addressed by the roundtable; and (4) “Final Thoughts – Building an Offense,” a summary of critical steps that should be pursued.

BOTTOM LINES

We found wide agreement that significant progress has been made over the past 4 years in containing the foreign threat, protecting open science, and defending both international engagement and the recruitment of foreign talent in our universities. Awareness of the serious and growing foreign threat, especially from China, has grown steadily across the research enterprise. Research agencies have hardened their defenses. Many universities, on their own or in response to explicit federal guidance, have developed strong risk management processes and structured research security programs. The Federal Bureau of Investigation (FBI) is collaborating in the development of research security programs at multiple universities and has begun to reach out to the Asian American academic community to address concerns about discrimination. And the Department of Justice appears to have softened the aggressive prosecutorial reach noted on some campuses during the period of the China Initiative (2018–2022), while, at the same time, collaborating more effectively with research entities to deal with increasing foreign interference.

This good news is mostly about commendable best practices that are making a difference but are not yet the standard across academic and research entities. These best practices, including closer collaboration between academia and law enforcement, clearly need to be pursued more broadly. In addition to more collaboration in the field, for example, we also have heard proposals for closer executive-level communication with the FBI in the form of a central academic relations office at FBI headquarters. But the NSTSR has observed that foreign interference, especially brazen intellectual property (IP) theft, has continued. We have done a lot, but clearly not enough!

International Engagement

The research community today recognizes that the United States no longer dominates research and development (R&D) across the world. Inter-

national engagement is an imperative, not an option, for sustaining both the competitiveness of our research programs and the global attractiveness of our world-class universities.

We have observed, however, some obstacles to productive engagement. Significant help is needed, for example, from various federal agencies to ease confusing visa restrictions on foreign students, to facilitate legitimate foreign talent in joining the U.S. research enterprise, and to prevent harassment of our foreign-born students and faculty travelers during border interrogations. The protection and advancement of U.S. research, a core national security asset, should warrant a whole-of-government approach.

We also have observed formidable challenges within the international research community itself. The vast expansion of that community over the past 40 years, resulting in part from extensive nation-state scientific progress and information technology (IT)–driven globalization, has included many illiberal or authoritarian governments that cynically exploit openness and violate norms to their competitive advantage. China is only one of many governments that do not share our democratic values or play by agreed-upon rules. The United States and some of our democratic allies have taken note of this growing problem and have taken some initiatives to address it. But it will take a major coordinated and sustained effort to restore and reinvigorate the U.S.-inspired rules-based system of open research that brought such immense prosperity through the Cold War years and beyond—a system requiring commitment to shared values of research integrity, objectivity, openness, and reciprocity.

The China Threat

China is the most powerful adversary America has faced in more than a hundred years—with considerable military, diplomatic, political, economic, and scientific resources. The research community today generally accepts that China has developed significant capacity in scientific research and development. The NSTSR’s dialogue revealed that the U.S. response to China’s ascent comes up short in two important ways. First, the emphasis on the counterintelligence threat tends to eclipse the more serious threat to U.S. leadership arising from our failure to invest adequately in critical emerging technologies and in the fundamental science that underlays them. It is in science, not counterintelligence, that China threatens to outperform the United States. Second, evolving U.S. strategy on China should reflect a balance among three components: reciprocal collaboration where possible;

vigorous, well-funded economic and scientific competition where necessary; and strong military deterrence to prevent an unwanted war. A strategy to develop the necessary balance, especially in science, was not clear from our deliberations.

Engaging the Private Sector

The NSTSR’s focus on universities reflects, in part, the federal government’s capacity as a major funder to exercise some control over university research. In recent years, however, the private sector has played an increasing role in fundamental research both as a source of funds and as a research performer, resulting in less government involvement in such work.² In some fields (e.g., artificial intelligence [AI] and biotechnology) research by the private sector bears a strong connection to national and economic security, which means there should be much deeper engagement with the private sector in threat mitigation, information sharing, and protection of fundamental research from foreign interference.

Risk Management

We found strong agreement that state-of-the-art risk management is an imperative across the U.S. research enterprise, and that foreign research collaboration must be reciprocal and based on thoughtful risk-return analysis. We conclude, however, that this model of rigorous, technology-based risk assessment is still a work in progress in most research entities. A strengthened process would weigh both the threat to economic or national security arising from openness and the risk to research competitiveness and advance by constraining openness. The aim should be to structure a good-faith evaluation of legitimate interests of science and security, guided by objective data from all relevant sources. The bottom line, though still largely aspirational, is that science and security need to be together at the table from the beginning.

___________________

² Although the federal government is the largest funder of basic research (40 percent in 2021), the federal government’s share of basic research funding is now only slightly larger than that funded by the business sector, which increased its support from 20 percent in 2011 to 36 percent in 2021. While universities are the most significant performer of basic research (46 percent), business performs 35 percent of such work. For further information, see https://ncses.nsf.gov/pubs/nsb20243/discovery-u-s-and-global-r-d.

THE CRITICAL ROLE OF OPEN SCIENCE

U.S. global leadership in scientific research arose at the end of World War II when the government made substantial investments to harness and build on major wartime scientific advances. In 1947, the first federally funded research and development centers (FFRDCs) were launched. These include national laboratories established by a variety of departments to pursue research related to agency missions; FFRDCs are typically operated by corporations or universities. Perhaps the most wide-reaching change arose from the issuance of Science, The Endless Frontier, authored by Vannevar Bush in 1945 and delivered to President Truman. It resulted in an alteration of the entire landscape for the conduct of basic research. Guided by the transformative effect of science on our wartime capabilities, it became national policy to provide significant federal support for fundamental science in universities, thereby generating a synergistic coupling of scientific advance with the training of scientists and engineers. This ultimately resulted in the creation of research universities throughout the United States and led to a flowering in scientific and technical capability. An essential element of the new paradigm was the recognition of the value of open research—a perspective repeatedly underscored by representatives of the scientific community in their interactions with the NSTSR.

Science and technology have been the critical means by which the United States has enhanced security, grown our economy, and nurtured improvements in our way of life. The new markets, industries, companies, and military capabilities that emerged from our science and technology capacity have combined to make the United States the most secure and economically prosperous nation on Earth. Remarkable changes in the way we live and work are the product of science and technology—in defense, agriculture, health care, communications, energy, and on and on.

Advances in science and technology have enabled the United States to generate more than 20 percent of global gross domestic product with only about 4 percent of the world’s population.

In the twenty-first century, however, the U.S. research enterprise faces a rapidly changing world that requires much stronger efforts to safeguard the results of scientific research from foreign interference. The challenges include the following:

• China has become a peer competitor with a steadily advancing science and technology (S&T) innovation ecosystem and immense

• capacity to pursue its goals to develop a world-class cadre of scientists and to lead in the discovery of path-breaking technologies.
• Other countries that have long been sources of talent at U.S. research universities have invested in science for economic gain and to keep top-achieving students at home.
• IT-driven globalization of R&D—exponentially enhanced by AI and machine learning—has intensified both the competitiveness and the interconnectedness of international research. It is arguably harder than ever to protect intellectual property.

The more complex and competitive international environment has changed perceptions of risks, threats, and opportunities and has increased concern that individuals and institutions in other countries are using illicit means to exploit research openness in ways that jeopardize U.S. security and economic competitiveness. This concern is warranted, but in some cases has produced actions that arguably sacrifice the advantages of openness in the name of increased security against perceived security threats.

We can no longer assume that the United States is and will remain uniquely preeminent in all fields of science and technology. Other countries have observed the strength that has resulted from our past investments and are seeking to emulate the path we have followed. China, in particular, has a declared national goal of becoming the world leader in certain critical fields—for example, quantum computing, artificial intelligence and machine learning, biotechnology, microelectronics, and advanced manufacturing. It is making large investments, greater in some of these areas than the United States is making. It has a well-educated and growing labor force in science and technology. China now awards more than twice as many first degrees (roughly equivalent to a bachelor’s degree) in science and engineering than the United States and recently exceeded the United States in the award of Ph.D.’s. China has been the top producer in the world of Ph.D.’s in the natural sciences since 2007.³ In some fields, China may well have obtained peer status or even attained preeminence compared with the United States. This is evidenced by the fact that the output of published

___________________

³ NSB, NSF (National Science Board, National Science Foundation). 2024. Science and Engineering Indicators 2024: The State of U.S. Science and Engineering. NSB-2024-3. Alexandria, VA. https://ncses.nsf.gov/pubs/nsb20243/talent-u-s-and-global-stem-education-and-labor-force.

articles in science and engineering by Chinese researchers is almost double the output of the United States.⁴

Based on the briefings we have received from the law enforcement and intelligence communities, it is clear that the Chinese Communist Party has engaged in illegal or duplicitous means to obtain knowledge on scientific and technical matters from research in the United States and around the world. These include extensive cybersecurity intrusions to obtain access to information and solicitation of inappropriate assistance from some U.S.-based researchers that conflict with their commitments to their U.S. employers and federal funding agencies.

One obvious possible means to respond to the threat of illicit appropriation of fundamental research is to seek to constrain access by researchers from countries of concern. The NSTSR heard near-universal recognition that such a strategy, if applied broadly, would entail risk to our own scientific capabilities. Indeed, as recognized by the NDAA 2020 itself, openness, including open interaction with the international community, is an essential characteristic of fundamental research and should be constrained only in narrow areas and/or specific projects where the risks are great. There are several reasons for this:

• Open communication is the engine that facilitates scientific progress and restricting it risks loss for all contributors.
• Foreign-born researchers in the United States are important contributors to our research enterprise and the loyalty of most to the United States is not in question. We would hobble U.S. advance if any significant part of our scientific community is discouraged from full and effective participation. The National Science Foundation (NSF) reports:

___________________

⁴ NSB, NSF (National Science Board, National Science Foundation). 2023. Publications Output: U.S. Trends and International Comparisons. Science and Engineering Indicators 2024, figure PBS-2. NSB-2023-33. Alexandria, VA. https://ncses.nsf.gov/pubs/nsb202333/.
Note: The analysis does not include an assessment of the comparative significance of the articles.

• There are areas in which researchers in other countries, including China, are making pathbreaking discoveries and U.S. researchers benefit from access to their work. Indeed, global collaboration in research has become the norm, and actions that limit interaction with the global community will ultimately be counterproductive to the vitality of the U.S. research enterprise.⁶ The key requirements are openness, compliance with rules, and reciprocity so that the various parties to an international collaboration fully share and benefit from the results.

In sum, openness is an essential characteristic of the fundamental research that underlies our national and economic security and should only be constrained where the risks of openness clearly exceed the benefits.

Particular concern has been expressed about the large numbers of foreign scientists and engineers who are trained at U.S. universities and who may return to countries of concern with skills that facilitate technical advance in worrisome areas. The data show that a significant portion of the foreign students who obtain Ph.D.’s or pursue postdoctoral appointments in the United States remain here as productive members of the U.S. scientific workforce. The NSF reports that the 10-year stay rate for engineering, the most common S&E doctoral field of temporary visa holders, was 72 percent. S&E doctorate recipients with Chinese citizenship at graduation had average 5-year and 10-year stay rates of 88 percent and

___________________

⁵ NSB, NSF, Science and Engineering Indicators 2024. https://ncses.nsf.gov/pubs/nsb20243/talent-u-s-and-global-stem-education-and-labor-force.

⁶ American Academy of Arts and Sciences. 2020. America and the International Future of Science, Cambridge, MA. https://www.amacad.org/publication/interntional-science.

81 percent, respectively.⁷ Although concern may appropriately arise that a small percentage of the students in fact are collection agents, actions that discourage the inflow of scientific talent will weaken our long-term capability. This is particularly the case because U.S. citizens are not available in sufficient numbers to fulfill the staffing needs of the U.S. S&T enterprise. Although not in the purview of the NSTSR, it is clear that the United States should redouble its efforts to increase the pool of domestic STEM talent.

If the results of fundamental research are customarily published and available to all, one might appropriately ask why there is concern about illicit efforts to obtain that information. The reasons arise from the advantages that can accrue from some aspects of open research. For example, although scientists customarily provide details of their methodology in publications, there is often considerable “know-how” that is developed by a researcher in the conduct of the work. Luring a researcher to establish duplicative facilities in China or to train scientists abroad on laboratory skills enables the transfer of the full capability to undertake the research and even to gain insights as to productive new directions. Another example relates to applications for federal grants. Proposals to federal agencies are subject to peer review but are held confidential until grants are awarded. Early access to research proposals or perhaps even pre-publications can provide a means to determine future research directions and to jump-start research projects.

Moreover, if the foreign efforts of a U.S. researcher are concealed, federal funds may be squandered on duplicative research. This is ultimately unfair to other applicants who otherwise might legitimately obtain funding.

The United States has confronted issues arising from the openness of fundamental research before. There was warranted concern about a sustained effort by the Soviet Union to steal U.S. technology for military advantage during the Cold War. Guided by a careful review of the issues

___________________

⁷ NSF, The State of U.S. Science and Engineering 2024. https://ncses.nsf.gov/pubs/nsb20243/talent-u-s-and-global-stem-education-and-labor-force. See also J. Corrigan, J. Dunham, and R. Zwetsloot, 2022, The Long-Term Stay Rates of International STEM PhD Graduates, Center for Security and Emerging Technology. https://cset.georgetown.edu/publication/the-long-term-stay-rates-of-international-stem-phd-graduates/

by the National Academies,⁸ the Reagan administration issued National Security Decision Directive 189 (NSDD-189),⁹ which declared:

The policy concluded:

The policy was reaffirmed in 2001 and 2010. Nonetheless, it may be argued that there have been significant changes in the research enterprise that justify a different approach. The gap between research and application in some important fields has closed and, unlike times past, commercial products play an increasingly important role in national security systems. The need for protection of unclassified work has thus arguably grown.

The control of unclassified information arising from scientific research has expanded over recent years by designating it as Controlled Unclassified Information (CUI).¹⁰ The question thus arises again as to the extent to

___________________

⁸ Institute of Medicine, National Academy of Sciences, and National Academy of Engineering. 1982. Scientific Communication and National Security. Washington, DC: The National Academies Press. https://doi.org/10.17226/253.

⁹ The White House. 1985. “National Policy on the Transfer of Scientific, Technical and Engineering Information.” National Security Decision Directive 189 (NSDD-189), September 21, 1985.

¹⁰ There is common agreement that some types of unclassified information should be restricted. These include trade secret and proprietary commercial or financial information, medical records providing patient identity, other information that would invade personal privacy, information relating to pre-decisional deliberations within federal agencies, and law enforcement information and legally privileged communications. The concern about CUI relates to the expansion of its scope over time to encompass the results of all manner of unclassified material without formal justification. See National Archives, Controlled Unclassified Information: CUI Categories. https://www.archives.gov/cui/registry/category-list.

which restrictions on dissemination of the results of fundamental research should encompass not only classified information, as provided by NSDD189, but also should be expanded to encompass unclassified research that could negatively affect national or economic security. Some have expressed concerns that restrictions on fundamental research beyond the scope of NSDD-189 would have a serious inhibiting effect by increasing the cost of research, slowing the development of new technologies, and discouraging some individuals or institutions from engaging in research in the restricted fields. There is a concern that risk-averse officials with responsibility for federal grants and contracts have incentives to be protective and could impose needless and counterproductive limitations that will erode the benefits of openness. Moreover, the proliferation of CUI restrictions has been unevenly applied, creating particular confusion among those who pursue research supported by multiple agencies. There are thus many who disagree with the application of CUI limitations beyond those required by statute (e.g., export controls). Indeed, some departments do not believe CUI limitations are necessary because the federal government controls what it funds and can simply conduct sensitive work in a non-open environment, such as at an FFRDC.

Some others see a need for control of dissemination of fundamental research using CUI restrictions in sensitive “gray areas” that fall short of classification. That is, they believe that limiting controls on dissemination to just classification and statutorily defined constraints is insufficient. But there is general agreement that the federal government should justify the imposition of any restrictions guided, in our view, by careful risk assessment.

ROUNDUP OF THE ROUNDTABLE’S 4-YEAR JOURNEY

The following narrative describes the progress and challenges encountered by the NSTSR during its 4-year tenure. It is structured to respond to the five tasks defined in the Statement of Task and in NDAA 2020.

First Task: Explore Critical Issues Related to Protecting U.S. National and Economic Security While Ensuring the Open Exchange of Ideas

The NSTSR’s membership consists of past and present senior leaders of scientific or national security entities, along with ex officio representatives from government agencies and the private sector. Among this group, there was no shared perception of the foreign threat across the research

enterprise at the time of the NSTSR’s first formal meeting in November 2020. The Department of Justice’s China Initiative of 2018, which targeted and unsettled the research community—especially scholars of Chinese origin (including U.S. citizens)—was in full operation. Distrust between academia and law enforcement existed in varying degrees, which inhibited collaboration in many instances.

There was confusion and anxiety, especially in research universities committed to open science, about the scale and scope of foreign interference—especially from the Chinese Communist Party—and about the potentially adverse effect of stronger regulation on time-tested research practices, on essential international engagement, and on the research enterprise’s reliance on foreign talent. These concerns and others were reflected in questions during a 2020 webinar sponsored by the Office of Science and Technology Policy (OSTP).¹¹ Many participants asked whether the alleged prevalence of security breaches involved isolated incidents or the whole research enterprise. Others expressed growing fear of racial profiling in investigations.

In our first year, the NSTSR conducted fact finding, including interaction with funding agencies, congressional staff, OSTP and the Joint Committee on the Research Environment, various universities and labs, and multiple research associations. In particular, we met with senior staff at the National Institutes of Health (NIH) and National Science Foundation to hear directly how breaches were identified and managed, and to explore the relationship with law enforcement. We also reviewed key studies focused on our issues, including the 2019 JASON study Fundamental Research Security, which explored the value of open science, international engagement, and foreign talent, while warning against new restrictions on fundamental research and recommending that conflicts of interest and disclosure breaches be handled within the framework of rule-based research integrity.¹²

JASON had seen some concerning evidence on Chinese Communist Party interference, but concluded that “the scale and scope of the problem remain poorly defined and academic leadership, faculty, and front-line government agencies lack a common understanding of foreign influence in U.S. fundamental research, the possible risks derived from it, and the possible detrimental effects of restrictions on it that might be enacted in

___________________

¹¹ Office of Science and Technology Policy. n.d. “OSTP Regional Webinar on Research Security: Consolidated Questions.” Undated document provided to the roundtable in 2020.

¹² JASON. 2019. Fundamental Research Security. JSR-19-2I. https://www.nsf.gov/news/special_reports/jasonsecurity/JSR-19-2IFundamentalResearchSecurity_12062019FINAL.pdf.

response.”¹³ This stands in contrast to the views 4 years later of both JASON and the NSTSR regarding both the China risk and the response of academia, both of which developed a keener understanding of the risks posed by the intentions of the Chinese Communist Party.¹⁴

Second Task: Identify Foreign Threats and Risks

The NSTSR’s grasp of the foreign threat, unclear at the start, became sharper as we interacted with academia, think tanks, and the Intelligence Community. Think tank input reinforced the description of China as a powerful U.S. peer competitor, inextricably linked economically to the United States, but openly determined to surpass our global reputation for technology innovation—and with the capacity to keep closing the gaps through licit and illicit means.

The NSTSR concluded that “threat and risk” must pertain both to the counterintelligence challenge of containing foreign interference and the growing research challenge of competing with China’s formidable S&T innovation ecosystem. The NSTSR also came to recognize that the threat to U.S. scientific research comes not only from major state adversaries but also from smaller states and transnational bad actors empowered by advanced technologies in an electronically borderless world.

National Security Presidential Memorandum–33 (NSPM-33)¹⁵ specified the obligations of various federal agencies in responding to the threat of foreign interference, issued in January 2021. But guidance as to the obligations of universities was not defined at that time, with the result that the NSTSR continued to hear concerns from university administrators, faculty, and bench scientists. Some academics forcefully argued that greater local initiatives in upholding research integrity were far preferable to more law enforcement on campuses.

___________________

¹³ JASON, Fundamental Research Security, p. 2.

¹⁴ JASON. 2024. Safeguarding the Research Enterprise. https://nsf-gov-resources.nsf.gov/files/JSR-23-12-Safeguarding-the-Research-Enterprise-final.pdf?VersionId=ZVhvRaTIrxMsdZql6E_yz5pN6Ssw0fSl. The 2024 report cites major global changes complicating the research landscape, including “the continuing rise of the PRC as a peer competitor to the United States, together with concerns about the PRC’s policies of military-civil fusion,” p. 10.

¹⁵ The White House. 2021. “Presidential Memorandum on United States Government-Supported Research and Development National Security Policy.” National Security Presidential Memorandum – 33 (NSPM-33), January 14, 2021.

Calls came for more reliable information about the specific implications of the foreign threat against universities. On October 5, 2021, NSTSR co-chair Maria Zuber in testimony to the U.S. House Committee on Science, Space, and Technology, provided a defense of open science coupled with a recommendation for more rigorous risk management of collaboration with China. She stated that the NSTSR was working with law enforcement to get “information needed to evaluate what percentage of faculty that may be engaging in improper activities, and how big of a threat they represent.”¹⁶

The NSTSR co-chairs, in consultation with staff and responding to the oft-asked question about the precise threat posed by the Chinese Communist Party to academia, decided on a work plan that would initially concentrate on universities, where the vulnerability of open science to foreign interference seemed greater than in the private-sector research community, where protection of intellectual property was the norm.

The NSTSR’s own research, backed up by Intelligence Community and academic briefings, confirmed the need for greater intelligence support for academia amidst a growing Chinese Communist Party threat, but not a high number of recorded incidents of successful Chinese intelligence operations against U.S. universities. The Washington-based think tank CSIS (Center for Strategic and International Studies), reported fewer than 10 university-related incidents among 224 cases of Chinese illicit operations since 2000.¹⁷ Most such operations were directed against U.S. military, commercial, or political targets. This, of course, does not account for all illicit foreign intelligence activity against academia. Moreover, many of the collection efforts directed at academia are not through traditional intelligence techniques, but through nontraditional methods. According to the FBI, the number of cyber “hits” on research entities remains high, in part because the Chinese Communist Party is increasingly seeking sensitive data from research universities. Most academic targets, however, are select faculty and postdocs, not the bulk of foreign-born faculty and students in our universities.

___________________

¹⁶ Zuber, M. T. 2021. Testimony to the House Committee on Science, Space, and Technology, October 5, 2021. https://www.congress.gov/117/meeting/house/114100/witnesses/HHRG-117-SY21-Wstate-ZuberM-20211005.pdf.

¹⁷ Center for Strategic and International Studies. 2023. Survey of Chinese Espionage in the United States Since 2000. https://www.csis.org/programs/strategic-technologies-program/survey-chinese-espionage-united-states-2000.

According to the FBI assessment, China: The Risk to Academia:

The large majority of foreign science researchers are recognized by U.S. law enforcement as integral to the U.S. research community.

The FBI engaged with the NSTSR from the outset of its work. We received initial briefings from the Director of National Intelligence (DNI) and FBI officers on July 7, 2021, which focused heavily on China. The FBI’s counterintelligence chief brought a veteran team to the Keck Center on January 26, 2022, for further briefings, which improved our understanding of China’s particular threat to academia. Special agents at Northwestern and Stanford Universities briefed on counterintelligence issues and the foreign threat to universities. On September 15, 2022, the Central Intelligence Agency provided detailed classified briefings at the Keck Center, including a focus on China, Russia, and the challenge of emerging technologies, from a senior team from the agency’s Transnational and Technology Mission Center, the China Mission Center, the Counterintelligence Mission Center, and the Directorate of Science and Technology. It was clear that intelligence support would be helpful to the research enterprise in assessing the evolving China threat, and also in tracking the trajectory of emerging technologies as adversaries might see them.

The 2024 Annual Threat Assessment of the U.S. Intelligence Community focused on the familiar four principal state threats to the United States, directly or indirectly affecting U.S.-sponsored S&T research, although lesser state and nonstate risks abound in the acutely interconnected world of

___________________

¹⁸ FBI (Federal Bureau of Investigation). 2019. China: The Risk to Academia. https://www.fbi.gov/file-repository/china-risk-to-academia-2019.pdf/view.

scientific R&D.¹⁹ This current Intelligence Community assessment is consistent with the picture presented in the NSTSR’s briefings, consultations, and discussions over the past few years.

The four states named by the DNI are China, Russia, Iran, and North Korea. China, the only U.S. peer competitor, is investing heavily in indigenous innovation, prioritizing advance power and energy, AI and machine learning, quantum information science, and semiconductors—while it aggressively acquires foreign IP partly through theft. Russia, a distant but menacing second, uses its considerable espionage and cyber capabilities as principal instruments of foreign policy. For example, it is the main suspect in the SolarWinds breach of NIH in December 2020.²⁰ Both Iran and North Korea are declared U.S. adversaries whose cyber operations repeatedly threaten U.S. and allied networks and data. Both countries have conducted multiple cyber operations against the United States, with North Korea launching a major attack on the U.S. movie industry in 2014.

The foreign threat assessment directly affecting the research enterprise includes many other less prominent states, international organizations, and networks that are empowered by cyber and AI capabilities, as well as by their extensive collaboration with better-connected players in the increasingly interconnected world of global R&D. Technology-empowered transnational threats are raising concerns about increasing hostile military capabilities and rising global conflict, about competition in space, about the security implications of climate change, and about the potential dual-use trajectory of emerging technologies. According to the DNI, “New technologies—particularly in the fields of AI and biotechnology—are being developed and are proliferating at a rate that makes it challenging for companies and governments to shape norms regarding civil liberties, privacy, and ethics. The convergence of these emerging technologies is likely to create breakthroughs, which could lead to the rapid development of asymmetric threats.”²¹

The NSTSR’s early decision to explore the case for fundamental research culminated in a 2-day workshop on openness, November 15–16, 2022, which convened six strategically focused panels to build on prelimi-

___________________

¹⁹ DNI (Office of the Director of National Intelligence). 2024. Annual Threat Assessment of the U.S. Intelligence Community, February 5, 2024. https://www.dni.gov/files/ODNI/documents/assessments/ATA-2024-Unclassified-Report.pdf.

²⁰ See, for example, https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic.

²¹ See DNI, Annual Threat Assessment, p. 30, for discussion of disruptive technologies.

nary findings from four previous NSTSR meetings held over the previous 18 months. The foreign threat was a thread that ran through the sessions, but the focus, as intended, was on open science. The data-based presentations from experienced speakers from relevant disciplines made the case for

• scientific research as a core national security asset and key driver of U.S. economic competitiveness;
• the existential U.S. requirement for international engagement in open research to capture fresh ideas and stimulate innovation;
• our vital dependence on recruitment of foreign STEM talent to increase our competitiveness;
• our growing requirement for state-of-the-art risk management both to protect research and to contain foreign threats to it; and
• our continuing need for closer collaboration between the national security agencies and the scientific research community in developing rigorous risk management to counter foreign interference.

As reported in the workshop proceedings, keynote speaker Ernest Moniz, former U.S. secretary of energy and MIT professor, “noted that while the current focus on China is both appropriate and helpful, the United States should neither overestimate China’s abilities nor underestimate China’s determination to overtake the United States. He underscored the sustainable advantage created by the U.S. approach to scientific advancement based on openness and international collaboration, as compared to the Chinese Communist Party’s renewed penchant for control.”²²

Third Task: Identify Effective Approaches to Communicating Threats and Risks

Over the course of the NSTSR’s work, numerous approaches to communicating threats and risks were suggested, but their effectiveness is mixed. Communication is challenging because the culture in law enforcement is distinctively different from that in academia and because of limitations in the nature of information exchange. More success in communication has been achieved among the intelligence community and academia, owing to

___________________

²² National Academies of Sciences, Engineering, and Medicine. 2023. Openness, International Engagement, and the Federally Funded Science and Technology Research Enterprise: Proceedings of a Workshop – in Brief. Washington, DC: The National Academies Press. https://doi.org/10.17226/27091, pp. 4-5.

their shared analytical perspective. Among academics, awareness and appreciation of the threat is greater among those with more access to information on foreign influence.

There have been numerous instances of troubling foreign interactions, often dating from times when formal guidance on reporting was nonexistent or vague. However, the reporting of university breaches has been limited to repetition of a small number of high-profile cases.

Because of limited information exchange, the most serious threats are not always conveyed. This is at least in part because law enforcement is unable to discuss investigations in progress or those with national security sensitivities. But the initial take-away of the academic community, given the paucity of information, was that there was little evidence of substantive concerns. Even after the wind-down of the China Initiative, the Asian-origin community of U.S. researchers, both international scholars and U.S. citizens, continue to believe they are subject to ethnic profiling by the U.S. government.

Numerous convenings and small-group or individual discussions have resulted in improved communication. There is a growing acceptance that federal actions are needed to increase research security, with motivations ranging from genuine appreciation for the increased threat to recognition of the necessity to comply with such actions in order to continue to do research in cutting-edge science and technology; an increasingly frequent reaction from faculty to senior research officers is, “Just tell me what I need to do.” There are additional steps that would further help inform “the why.” Leaders in all sectors should reaffirm the core values of the United States and the U.S. S&T system, drawing distinction between the U.S. open system and the People’s Republic of China’s autocratic control. As part of this, the United States should promote a fundamental cultural change in how the U.S. research community views research security issues—recognizing the threats as well as the benefits of international engagement. It is essential to reinforce the value of contributions made by foreign talent, including international students, scholars, and collaborators.

Fourth Task: Share Best Practices for Mitigating Risks

We understand “best practices” to relate principally to the achievement of closer collaboration between science and security in countering foreign interference while simultaneously preserving our deeply rooted commitment to openness in fundamental research to the extent possible. The single-best business practice, in our view, was OSTP’s year-long

development of the NSPM-33 Implementation Guidance, which was undertaken in collaboration with research entities, funding agencies, other stakeholders, and in episodic consultation with the NSTSR. The Implementation Guidance has given administrators, faculty, and bench scientists greater understanding of new security regulations and provided practical tools for compliance.²³

In our regional meetings at universities in the Northeast, Midwest, Pacific, and South of the country, we sought to engage with labs, the private sector, and the larger research community and to test the reaction of multiple universities to the NSPM-33 Implementation Guidance.

• On May 22, 2022, in Boston, we met with the FBI, the U.S. Attorney, and the MIT Strategy Group that produced a thoughtful report to guide MIT’s actions.²⁴ The MIT report argues for a comprehensive approach to risk management involving new concrete initiatives from Congress, the executive branch, and the research universities—as well as much greater information sharing and collaboration across the universities—a classic whole-of-government approach. The MIT report provides a particularly strong example of a university taking responsibility for rigorous risk management. Relations with the FBI at MIT, unfortunately, were complicated by lingering ill feelings over the prolonged, eventually dropped prosecution of MIT professor Gang Chen. Interactions between MIT and the Department of Justice subsequent to the NSTSR convening have been more positive.
• At the October 11–12, 2023, Midwest Regional Meeting, the NSTSR heard from the Central Midwest Research Security

___________________

²³ NSTC (National Science and Technology Council). 2022. Guidance for Implementing National Security Presidential Memorandum 33 (NSPM-33) on National Security Strategy for United States Government-Supported Research and Development. A Report by the Subcommittee on Research Security and the Joint Committee on the Research Environment, January 2022. https://www.whitehouse.gov/wp-content/uploads/2022/01/010422-NSPM-33-Implementation-Guidance.pdf.

²⁴ MIT (Massachusetts Institute of Technology). 2022. University Engagement with China: An MIT Approach. https://global.mit.edu/wp-content/uploads/2022/11/FINALUniversity-Engagement-with-China_An-MIT-Approach-Nov2022.pdf.
Note: Roundtable Co-Chair Zuber of MIT recused herself from the development of the MIT China report. As a current co-chair of the President’s Council of Advisors on Science and Technology, she sought to avoid any potential conflict between report recommendations and Biden administration policy on China.

• Forum (University of Cincinnati, Purdue University, University of Michigan, Northwestern University) and from vice presidents of research (Georgia Tech, Michigan, University of Illinois Urbana-Champaign, and Notre Dame University). In contrast to the sentiments expressed in the Northeastern meeting, academic participants rendered enthusiastic reports about excellent relations with the FBI and progress with NSPM-33-mandated compliance.
• On March 6–7, 2024, at our Southern Regional Meeting at Texas A&M, we heard highly positive reports on FBI collaboration from representatives of Texas A&M, Tulane University, Alabama A&M, and Prairie View A&M. The FBI was described as not just accessible but proactively helpful in providing information and advice about security issues.

The NSTSR’s good-news account of science-security collaboration captures data from only a small percentage of U.S. research entities, but it is enough to show an encouraging improvement in collaboration between academia and law enforcement.

Fifth Task: Assess the Foreign Threat Responses of Research-Enterprise Stakeholders

Today the full research community, including academia, has a more sophisticated grasp of the threats and risks, especially from the People’s Republic of China. The restricted research community in government and industry have hardened their defenses, and universities, labs, and funding agencies all have responded to NSPM-33’s welcome Implementation Guidance. The termination of the China Initiative in February 2022 has demonstrably lessened, but did not fully expunge, the chill felt by ethnic Chinese and other Asian and Asian American students and faculty. The NSTSR’s meetings suggest that, while progress has been made, more needs to be done to reassure this community. Press reports continue to reveal discouraging problems that Chinese students are having with U.S. visa policies and with clearing immigration at U.S. airports, even when in possession of valid visas.²⁵

___________________

²⁵ Kuo, L., and C. Cadell. 2024. “Chinese Students, Academics Say They’re Facing Extra Scrutiny Entering U.S.” The Washington Post, March 14, 2024. https://www.washingtonpost.com/world/2024/03/14/china-united-states-university-studentsborder/.

Within research organizations, stakeholders have implemented a variety of steps to mitigate and address risks associated with foreign threats. The most active and best-resourced research organizations are most cognizant of risks and have done the most to address the problem. Less-resourced organizations, including R-02 research facilities and smaller universities and colleges, do not have the resources to invest in enhancing research security and risk being shut out of the educational and entrepreneurial benefits associated with participation in the vibrant U.S. open research enterprise.

Near-Term Responses

In the short term, the implementation of NSPM-33 is mitigating inadvertent noncompliance. Actions such as standardization of forms across agencies, the use of digital CVs, reporting of all sources of funding (not limited to federal grants), and reporting international collaborations whether there is funding involved or not, lead to transparency about research support and should make it more straightforward for institutions and individuals to comply. The Implementation Guidance also calls for universities with a substantial research base to develop research security plans that include training, enhanced export control support and increased cyber controls. The establishment of NSF’s SECURE (Safeguarding the Entire Community in the U.S. Research Ecosystem) Center is an example of a resource to help the community understand and navigate research security risks. Even with NSPM-33’s much-appreciated standardization, new compliance requirements continue to make U.S. researchers less efficient. As discussed previously, the CUI designation is a particular burden and should be revisited by the U.S. government with the objective of limiting its scope, achieving consistency in application, and providing clear guidance on how to handle such information. Authority to designate CUI should require training and a relatively high level of authority and not be within the purview of a program manager.

Long-Term Responses

Federal agencies have been considering a variety of means to enhance security surrounding sensitive research topics. The Department of Energy, for example, has pursued a focus on the identification of critical technologies. The Department of Defense has alternatively developed a plan for certain high-risk researchers to potentially face exclusion from working

on certain federal grants. A second report by JASON recommended a project-specific approach to assessing research security risk that considers Technology Readiness Level, or TRL, where appropriate.²⁶

Research security vulnerabilities in industry merit scrutiny, particularly foreign investments in start-ups. Although universities may be a party to licenses that derive from research on their campuses, they have neither transparency into nor authority regarding investors in subsequent start-ups. There may be an expanded role for the interagency Committee on Foreign Investment in the United States.

According to NSTSR discussions, federal agencies should monitor which actions appear to be most effective in reducing the risk of foreign influences, while preserving openness to the extent possible. Agencies should also share best practices. In addition, the government should consult with international partners with similar cultures and norms as the United States who are experiencing similar challenges. Given the global nature of research, international cooperation is necessary; a research program is only as secure as the security level of its least secure collaborator.

In the view of many speakers at NSTSR sessions, if all we do is impose costly and time-consuming restrictions on U.S. researchers while adversaries are increasing their investments in research, the United States will not maintain preeminence. The passage of the bipartisan CHIPS and Science Act (P.L. 117-167) represents important recognition of this reality. However, unfortunately the “Science” part of the bill was authorized but not appropriated. And the FY 2024 budget was generally devastating for science agencies despite broad recognition of the importance of science investment to maintain security and economic competitiveness. Investment in science that includes attraction and training of an enhanced domestic talent pool will represent a critical component of the longer-term strategy.

FINAL THOUGHTS – BUILDING AN OFFENSE

Defense clearly is not enough! Bolstering counterintelligence, by itself, will not guarantee the protection of U.S. research integrity and competitiveness. The NSTSR experience makes clear that a far more comprehensive effort is required to outpace China’s maturing S&T ecosystem. The research

___________________

²⁶ JASON. 2024. Safeguarding the Research Enterprise. https://nsf-gov-resources.nsf.gov/files/JSR-23-12-Safeguarding-the-Research-Enterprise-Final.pdf?VersionId=ZVhvRaTIrxMsdZql6E_yz5pN6Ssw0fSl.

community’s commendable efforts thus far must be aligned with a much broader and deeper whole-of-government strategy, as recommended by the FBI, MIT’s University Engagement with China study, the recent JASON report, the congressionally directed Cyberspace Solarium Commission report of 2020, and the National Security Commission on Artificial Intelligence in 2021.²⁷

The FBI’s public statements support this broader approach:

Based on observations made by outside experts and members of the NSTSR over the past 4 years, this much broader, integrated effort would include the following:

• Working with allies to restore and strengthen the international U.S.-inspired rules-and-compliance-based open-research system.
• Increasing U.S. investment in cutting-edge science and innovative technologies—the key to a U.S. strategy to maintain and strengthen our S&T enterprise.
• Developing serious and sustained efforts to restructure U.S. government research contracting and business practices through consultation among government officials, research administrators, and bench scientists so as to achieve greater efficiency and

___________________

²⁷ See Cyberspace Solarium Commission, htps://www.solarium.gov/report, and National Security Commission on Artificial Intelligence, https://reports.nscai.gov/final-report/.

²⁸ FBI, Risk to Academia, p. 1.

• effectiveness. The development of the Implementation Guidance for NSPM-33 should be a model.
• Increasing university liaison with the FBI by establishing a well-resourced executive-level office for academic relations with leadership committed to improved communication and collaboration.
• Starting science-security collaboration at the start of policy formulation. When the national security community concludes that elevated threats require stronger security policies relating to science and technology, working scientists and university administrators should be involved in policy formulation to identify effective solutions and, at the same time, to push back against measures likely to damage the U.S. research enterprise.
• Engaging much deeper with the private sector. Given the private sector’s growing role as a funder and performer of research in critical fields, the engagement with the private sector should encompass threat mitigation, information sharing, and, where appropriate, protection of fundamental research.
• Reconsidering the controversial CUI marking, now useful to some, but confusing to many others, and disruptive to open science. The federal government should justify CUI restrictions, guided by careful risk assessment. If CUI restrictions are to be imposed, they should be in limited technical areas in which the threat to national or economic security is substantial and the risks from openness can be convincingly shown to exceed the benefits. At the least, the CUI designation should be revisited by the government with the objective of limiting its scope, achieving consistency in application, and providing clear guidance as to how to handle such information. In cases where restrictions are imposed, open research should be allowed to proceed if the researcher and the funding agency reach agreement on measures to mitigate risk, such as agreement to restrict dissemination of information relating to limited aspects of the work. A study of the usage of the CUI marking is warranted.
• Removal of visa impediments and other immigration obstacles to legitimate and value-added foreign participation in our research activities. It is in the United States’ interest to recruit foreign STEM talent and to welcome continued involvement in our S&T enterprise. This does not lessen the necessity of expanding the pool of domestic STEM talent.

• Stronger efforts by both government officials and universities to reassure foreign-born researchers that their contributions to the U.S. scientific enterprise are welcome and valued. The U.S. government also should respond forcefully to continuing reports of discrimination and alleged border harassment of traveling foreign students and faculty from our universities.
• Promotion of science at all levels of the U.S. education system and society to produce increased numbers of young scientists and engineers ready and eager to excel in U.S. scientific and technical advance.

These suggestions, drawn from the 4-year NSTSR dialogue, would bolster a needed enhancement of a U.S. research enterprise essential to our national and economic security.

ADDENDUM
NATIONAL DEFENSE AUTHORIZATION ACT FOR
FISCAL YEAR 2020
PUBLIC LAW 116-92
SEC. 1746. SECURING AMERICAN
SCIENCE AND TECHNOLOGY

(b) National Academies Science, Technology and Security Roundtable.—

(1) IN GENERAL.—The National Science Foundation, the Department of Energy, and the Department of Defense, and any other agencies as determined by the Director of the Office of Science and Technology Policy, shall enter into a joint agreement with the Academies to create a new “National Science, Technology, and Security Roundtable” (hereinafter in this subsection referred to as the “roundtable”).

(2) PARTICIPANTS.—The roundtable shall include senior representatives and practitioners from 4 Federal science, intelligence, and national security agencies, law enforcement, as well as key stakeholders in the United States scientific enterprise including institutions of higher education, Federal research laboratories, industry, and non-profit research organizations.

(3) PURPOSE.—The purpose of the roundtable is to facilitate among participants—

(A) exploration of critical issues related to protecting United States national and economic security while ensuring the open exchange of ideas and international talent required for scientific progress and American leadership in science and technology;

(B) identification and consideration of security threats and risks involving federally funded research and development, including foreign interference, cyber attacks, theft, or espionage;

(C) identification of effective approaches for communicating the threats and risks identified in subparagraph (b) to the academic and scientific community, including through the sharing of unclassified data and relevant case studies;

(D) sharing of best practices for addressing and mitigating the threats and risks identified in subparagraph (B); and

(E) examination of potential near- and long-term responses by the Government and the academic and scientific community to mitigate and address the risks associated with foreign threats.

(4) REPORT AND BRIEFING.—The joint agreement under paragraph (1) shall specify that—

(A) the roundtable shall periodically organize workshops and issue publicly available reports on the topics described in paragraph (3) and the activities of the roundtable;

(B) not later than March 1, 2020, the Academies shall provide a briefing to the relevant committees on the progress and activities of the roundtable; and

(C) the Academies shall issue a final report on its activities to the relevant committees before the end of fiscal year 2024.

(5) TERMINATION.—The roundtable shall terminate on September 30, 2024.