Safeguarding Our Researchers

What are the concerns?

Federal concerns about transfers of federally funded research, intellectual property, and other sensitive information from U.S. universities to foreign entities have escalated in recent years.  Higher education institutions and their employees may be a priority target for foreign intelligence services that seek information about U.S. technologies, federally funded research, intellectual property, export‐controlled information, financial data, or other sensitive information that could lead to a military, technological or economic advantage.

Importantly, the initial target of such efforts may not have access to sensitive information. Instead, the foreign adversaries may simply be seeking access to the network in order to gain access to other information-rich targets.

Foreign adversaries use a number of different tactics to target such information.  In addition to traditional cyber security methods, such as phishing or hacking research systems, the FBI and the Department of State have identified certain techniques or activities that have been used to access sensitive research information or intellectual property from university researchers:

Guarding our Researchers

 

  • Foreign conference or presentation opportunities
  • Talent recruitment programs
  • Gift or sponsored research funding
  • Publishing opportunities
  • Joint research opportunities
  • In-kind support including research lab access or research personnel

 

These techniques or activities may create opportunities for the inadvertent sharing or theft of intellectual property and sensitive or restricted information.  This can occur by adverse interests gaining access to university systems or research by leveraging normal academic and research collaborative scenarios for unintended purposes.  Likewise, researchers may unknowingly be subjected to cyber security theft in the course of conducting engagements with outside entities (ex. traveling abroad, connecting to unsecured networks, etc.).  

 

Safeguarding Our Researchers

Princeton’s Actions:

Under NSPM-33, “Insider Threat” refers to the potential for an individual connected with the University to use their authorized access to institutional resources either for unauthorized purposes, or to unknowingly facilitate malicious activity via their authorized access and/or activities. 

 The federal government requires all federal contractors (including grant recipients) to implement measures to prevent and counter potential targeting/espionage activities that could occur on campus.  Such required initiatives are known as “Insider Threat Prevention” programs. 

Princeton remains committed to international collaboration and an open research environment, while also safeguarding our researchers and remaining in compliance with federal laws and regulations.  In order to meet these often-competing objectives, the Office of Research Security has implemented certain key measures.  

At Princeton, the focus is on recognizing that, while academia has a unique mission and culture, risks remain.  As a result, we encourage reporting of anomalous behavior and reduction of risk in order to ensure the well-being of our people and our research. Importantly, it is not about monitoring people.  Instead, we strive to build systems and solutions that can detect, identify, assess and manage risks to the research enterprise.  And just as importantly, establish a protective, supportive, safe, and non-threatening environment. 

Typically, the University addresses these issues via a committee of stakeholders to collect, integrate, analyze, and respond to threats.  Often these committees conduct risk assessments to identify the most likely risks, as well as those likely to have the largest impact on the University.  For example, the University’s on-going Enterprise Risk Management program includes various risk mitigation measures to respond to such threats. 

In addition, through our research security awareness program, we help Princeton faculty, staff, and students identify the types of research, academic, and business activities which could potentially render the university vulnerable to foreign influence concerns.