The new policy will shape research safety standards for federally funded institutions as scientists navigate an increasingly tense geopolitical environment.
The White House released a long-awaited statement guidelines A law is set to be passed this month that will govern efforts to ensure that research institutions funded by federal agencies take appropriate steps to protect their work from theft or misappropriation.
The guidelines will require institutions that receive $50 million or more per year in federal research and development funding to operate research security programs that meet certain standards regarding staff training and cybersecurity.
Programs should cover four main areas:
- Research Security Training: Covered institutions must certify that they have implemented a comprehensive security training program for researchers, in which individuals must take the course training modules Developed by the National Science Foundation, future training programs developed by federal agencies, or internally developed training. Training should include examples of “known improper or illegal transfers” of R&D, while conveying the value of international research collaboration.
- Safety when travelling abroad: Covered institutions must implement regular training for researchers who travel abroad. Institutions must also disclose where researchers travel in cases where agencies believe the security risks of overseas travel warrant oversight. The government has not yet created a training resource for international travel, but plans to do so.
- Export Control Training: Researchers participating in projects involving export-controlled technologies must complete training developed by the Department of Commerce’s Bureau of Industry and Security or internally developed training covering specific topics.
- Cybersecurity:Covered higher education institutions must implement a cybersecurity program consistent with a future resource Developed by the National Institute of Standards and Technology. Other covered institutions must certify that their programs are compatible with relevant cybersecurity guidelines published by NIST or another federal research agency.
The guidelines are intended to help researchers navigate a world characterized by “fierce military and economic competition,” White House Office of Science and Technology Policy Director Arati Prabhakar said in a preamble to the document, highlighting the Chinese government’s actions as particularly concerning. Prabhakar said the guidelines aim to ensure that research institutions “recognize the altered global landscape and meet their responsibilities as the first line of defense against improper or illicit activity.”
“We know that members of the R&D community are still getting used to changes in geopolitics,” Prabhakar added. “Many of the actions that researchers were encouraged to undertake just a decade ago, including collaborations with the People’s Republic of China, are now being recognized for the risks they may present. That’s why we need to be clear with the research community about how the world has changed; how the policies and practices of foreign countries we are concerned about differ from those of the American R&D enterprise and the values that underpin our system; and the ways in which some of the results of American R&D may contribute to human rights abuses, surveillance, and military aggression.”
Federal agencies now have six months to submit their implementation plans to OSTP and the Office of Management and Budget, with their final policies taking effect no later than six months later. Institutions will have up to 18 months to comply with the rules.
OSTP developed the guidelines in response to a presidential memorandum on research security issued at the end of the Trump administration and continued by the Biden administration. The guidelines also address certain requirements of the CHIPS Act and the Science.
OSTP received criticism from Congress for the length of time it took to produce the final guidance, given that it published the preview version in February 2023. Prabhakar explained to Congress earlier this year that the delay was due to a desire to consider public comments on the draft that raised concerns that the initially proposed requirements would overburden administrators and researchers.
The final guidance removes some requirements included in the draft version. For example, the draft would have directed institutions to implement a “clearance” process for foreign travel. The final version also adds flexibility to research security and export control training requirements.
Tobin Smith, senior vice president for government relations and public policy at the Association of American Universities, said the final guidelines are much better than the draft, but he still worries there may be a lack of uniformity in how federal agencies implement the guidelines.
“This is much better than what we saw in February 2023, we have much fewer concerns. It provides a great deal of flexibility to our institutions, which we appreciate,” Smith said in an interview. “My only concern is that instead, agencies will now use that flexibility to add their own additional requirements, and that will make it harder for our institutions to comply and more costly and burdensome if we end up in a situation where there is no harmonization.”
The guidelines allow for additional security requirements to be implemented in cases involving “agency-specific compelling reasons,” among other situations. OSTP asks agencies to consider whether the additions would address “an observed or known improper or unlawful transfer of U.S. government-supported R&D to foreign countries of concern,” defined by the CHIPS and Science Act as China, Russia, Iran, and North Korea. It also asks them to assess whether the additional requirements would be “substantially burdensome to the covered institution, particularly less well-resourced covered institutions,” and whether they would require supplemental funding to implement.
JOBs Apply News
For the Latest JOBs Apply News, Follow ©JOBs Apply News on Twitter Page.
