US National Science Foundation says it is developing a programme to study research security scientifically – with data on the actual scale and scope of lab leaks
From Washington to Tokyo, governments are worrying about sensitive scientific research leaking to China or other powers. Now, US and UK science agencies are talking about possible funding to study the security problem scientifically – gathering hard evidence of its extent and possible solutions.
Planning is still in the early stages, but the US National Science Foundation confirmed it is considering setting up special funding for research into the security problem. To help shape the programme, it is planning a workshop on the issue – probably with UK Research and Innovation (UKRI), its UK counterpart. And it has gathered specific suggestions for the programme from JASON, an influential group of scientific advisers to the US defense and security agencies.
The idea of a using science to study a science problem – lab security leaks – may seem obvious; but it hasn’t got much political attention hitherto. Instead, in the US the former Trump administration rushed out a string of unsuccessful prosecutions against Chinese-American scientists for allegedly hiding collaboration with Beijing. And in the UK, Canada, Japan and Germany security agencies have been upping their scrutiny of international scientific cooperations they consider risky. But throughout, some research leaders have been calling the fears overblown or unfairly targeting Asian scientists.
‘Lack of data’, report warns
What’s needed, according to an unclassified report from the JASON group, is an “evidence-based” assessment of the nature and extent of the security risks at university or corporate labs. The group confirmed that it believes there is a real risk. But, it says, “there is a lack of data on the frequency of research security issues, and federal agencies continue to depend on references to individual cases or potentially biased measures.”
How big the NSF programme might be, or exactly what it would cover, is still being worked out, officials said. Rebecca Keiser, NSF security chief, said, “We are in the process of developing the description of a workshop that we will hold to further define the programme. We anticipate the workshop will be together with UKRI. But we do not have much more at this point. I think for us the importance of the report is that it reaffirms that research security issues are real and that the issues merit further research to better understand scope and scale.”
A UKRI spokesperson declined to comment, beyond pointing to prior UK government statements on research security.
Cold War survivor
The JASON report, however, spells out what’s under consideration in Washington. The group, an unusual survivor of the Cold War, was formed in 1960 in response to the Soviet Union’s launch of Sputnik, the first earth satellite. It brings together dozens of the country’s top scientists in a confidential advisory body to the Pentagon and security services. JASON’s logistics and grants are managed by Mitre Corp., a long-standing US defence contractor, and many of its reports are classified.
This report, however, was authorised for publication – and it urges the NSF and other federal funders to work openly with universities and scientific societies on the security problem, rather than acting on their own and doing more harm than good. It cites a 2021 survey of American Physical Society members that found nearly one in five American physicists withdrew, or were ordered to withdraw, from research collaborations with foreign partners – a trend that could jeopardise the attractiveness of the US as a place for foreign scientists to study and work. And it notes some scientists view research security preoccupations “as a setting for a racist policy toward certain ethnic groups in US society.”
Among the group’s suggestions is gathering hard data about security leaks – and figuring out a way to anonymise it so it can be statistically analysed without creating new security or privacy problems of its own. At present, it says, “the FBI releases limited data on completed cases, and the information that is shared has often revealed a lack of understanding of the norms of conduct of fundamental research at universities.”
It also urges the development of risk-assessment techniques, that draw on cost-benefit analysis, game theory and data on leaks in various scientific sectors. It notes, for instance, that there’s a huge difference between the way research data is developed, shared and potentially compromised in a huge, open discipline like synthetic biology, compared to a closely controlled field like quantum computing. It also suggests developing new risk-training programmes for scientists, and studying the impact of US security measures on its international scientific relations.