Earlier this year, the chair of Harvard’s chemistry department was arrested and charged with lying to federal law-enforcement officials about secretly working for the Chinese government. While the story of nanotechnology pioneer Charles Lieber is shocking and dramatic, it is indicative of a broader challenge facing America’s leading scientific research institutions. We must secure the research we conduct on our campuses from foreign interference while at the same time protecting the openness and free flow of scientific knowledge that has made American universities the world’s leaders in research and higher education.
Fortunately, there are practical steps that America’s research universities and institutions are taking to ensure that we secure and protect the intellectual capital that U.S. universities generate through taxpayer-supported federal research.
Lieber, federal prosecutors allege, had received hundreds of thousands of dollars from China’s Wuhan University of Technology in exchange for leading a lab there while still tenured at Harvard. When confronted about this by authorities, court documents further allege, Lieber lied. Prosecutors say Lieber was recruited by China’s Thousand Talents Plan, a government strategy to bring the world’s top scientific and academic talent to the country.
Although less extreme than the Lieber story, there have been many more incidents in the news of American researchers failing to properly disclose relationships with foreign governments or otherwise secure their research from foreign intervention. These include incidents in which researchers may simply not have been aware that they were serving the interests of foreign governments to acquire U.S. science and technology illegally. In fact, officials with the National Institutes of Health (NIH) have reportedly begun inquiries into at least 200 NIH-funded researchers at more than 60 U.S. institutions for potentially violating NIH conflict-of-interest, conflict-of-commitment or research-integrity rules.
My association represents America’s most distinguished large research universities, and our institutions take threats to national security seriously. That is why we, in conjunction with our colleagues at the Association of Public and Land-grant Universities, surveyed our member campuses in 2018 and followed up last year to collect their most effective practices to combat these threats. Here’s what we found:
Universities are assessing and strengthening their policies, procedures and activities to prevent foreign interference in research and to protect against theft of intellectual property. Principally, this includes strengthening and vigorously enforcing current conflict-of-interest policies. For example, institutions once used forms that weren’t always clear or self-explanatory for faculty to disclose funding sources. Now universities are adding more targeted questions to these forms and providing faculty with case examples, scenarios and FAQs on what should be included. Some are also requiring much more detail from faculty about time they spend consulting with outside organizations, companies and universities outside of their home institution to protect against potential conflicts of interest.
Relatedly, university leaders are using new Web sites and direct communications to alert all their researchers about potential security threats and to clarify security protocols. In the past, these kinds of sites or communications were the exception rather than the rule. But now university leaders send campus-wide e-mails to faculty, staff, postdoctoral associates and graduate research assistants providing information on undue foreign influence as it relates to research security, initial actions researchers should take to protect their research, and whom to contact if there are concerns.
In addition, university research administrators are directly engaging faculty identified as having significant levels of foreign research engagement to ensure that they fully understand their responsibilities to disclose foreign funding arrangements and to comply properly with all federal laws, regulations and university policies governing such foreign collaborations.
In this same vein, universities are developing new training programs for both faculty and students to educate them about potential security risks and to make them aware of ethical research practices that must be followed (including what kinds of information can and cannot be taken or shared outside of the laboratory). Some institutions are now offering for-credit courses for graduate students on complex ethical decision-making and responsible conduct of research; these courses are specifically aimed at helping to preserve the integrity of research and protect against foreign intrusion.
Crucially, universities are also establishing stronger relationships with their local FBI offices and other federal law enforcement agencies. This strategy helps to ensure that university leaders are aware of emerging threats or novel efforts to take advantage of unsuspecting U.S. researchers. At the same time, the FBI is working to establish clear campus liaisons in their regional and local offices.
New processes are now commonplace for monitoring data systems and networks for cyber intrusions, reporting suspected breaches and improving data security. For example, institutions are now regularly adding IT security agreements that stipulate where data will be housed and how it will be protected to contracts used with third-party service providers.
Foreign travel by international or national visitors to research facilities can likewise make research vulnerable. Our members are addressing this potential threat by expanding required security screening to cover all visiting foreign scholars rather than those in visa categories where federal regulations already require such screening. Universities are also more closely monitoring visitors to campus-based laboratories and facilities.
Universities have put in place additional protections for research involving classified or otherwise sensitive or controlled information. For example, universities have established strenuous technology control plans and cybersecurity safeguards to appropriately secure and restrict access to such research, data and information. Additionally, research universities employ specific staff to secure and manage such research.
Universities have a responsibility to secure and protect research they conduct on behalf of the American taxpayer, and failure to take these actions will endanger our national security and national competitiveness. Another risk inherent in universities failing to police themselves adequately is the specter of more draconian reactions from lawmakers. Already several members of Congress and state legislatures are considering measures that could inhibit the legitimate international collaborations required to advance science.
But the good news is that AAU members and others are stepping up to the plate and taking actions to secure sensitive research. We hope all universities will follow our example. We in the scientific community owe it to ourselves to be proactive in pursuing constructive vigilance.