The head of Britain’s domestic intelligence agency warned the country’s leading research universities on Thursday that foreign states are targeting their institutions and imperiling national security.
“We know that our universities are being actively targeted by hostile actors and need to guard against the threat posed to frontier research in the most sensitive sectors,” said the deputy prime minister Oliver Dowden, who also attended the briefing.
The threat requires “further measures,” said the deputy PM, who announced that the government was launching a consultation with the sector so it could “do more to support our universities and put the right security in place to protect their cutting-edge research.”
The briefing was delivered by Ken McCallum, the director general of MI5, alongside Dowden and the National Cyber Security Centre’s interim chief executive, Felicity Oswald. It was made to the vice-chancellors of the Russell Group, a collective of the country’s 24 leading universities.
Among the range of measures being considered is having MI5, the domestic security agency, carry out security vetting on key researchers involved in a “small proportion of academic work, with a particular focus on research with potential dual uses in civilian and military life.”
The move may make it possible for senior officials to receive intelligence briefings from the security services to help them keep their institutions safe.
Although no foreign states were identified in the government’s press release, numerous Western security agencies have expressed concerns about espionage from China intending to acquire intellectual property both for domestic commercial exploitation and for its military.
The warnings follow an internal security services review of the threats facing the higher education sector. The review concluded that countries such as China were deploying both “overt and covert mechanisms” to “acquire intellectual property and steal advantage.”
The options being considered by the government include increasing funding for universities to develop their own research security capabilities, and to increase the transparency of funding flows going into academic institutions.
A similar program is in place in the United States, where the National Counterintelligence and Security Center’s Safeguarding Science initiative attempts to help the research community “design measures to guard against the potential misuse or theft” of key technologies.
Research security
Following the Russian invasion of Ukraine, experts warned Western companies to be on “full alert” for cyberattacks from Moscow’s intelligence services engaging in industrial espionage.
At the time, Keir Giles, a senior consulting fellow at Chatham House’s Russia and Eurasia Programme — who was himself the target of an attempted hack-and-leak attack conducted by a group attributed to the Russian security services — said there was a sense the West has forgotten how active the Russian intelligence services used to be in this space.
Speaking to Recorded Future News on Friday, Neil Ashdown, a PhD candidate at Royal Holloway University of London, studying public-private intelligence collaboration, noted the geopolitical changes since the fall of the Soviet Union.
“In the Cold War, the focus of research security was on science and technology espionage by the Soviet Union. However, the context was very different. That was a period of competition between two largely separate blocs – whereas today the issue is about competition within collaboration,” said Ashdown.
“Universities benefitted hugely from the expansion of international research collaboration since the end of the Cold War, but there has not been a comparable level of investment in ensuring that research collaboration occurs securely.
“Seeking to develop that capacity now is like trying to fit new brakes onto a speeding car. And as that analogy suggests, tougher security measures also threaten to slow down research collaboration which, importantly, is of enormous benefit to the UK and internationally,” he added.
Espionage against the academic sector is often more complex than traditional threats, partially due to the challenges of identifying what research is of national security interest. Earlier this week in Germany, China-linked agents were arrested for allegedly exporting a “special laser” that was already covered by European Union export controls. However emerging technologies, from AI algorithms through to innovations in materials science, are rarely covered by these laws.
“The first challenge in research security is understanding the threat – discovering which areas of research adversaries are targeting and how they are going about trying to steal or influence these areas of research. This task, while challenging, is probably familiar to the intelligence services,” explained Ashdown.
“The second challenge is identifying what needs to be protected, now and in the future. This is what is distinctive about research security – the thing you are seeking to protect is hard to define and it is fragile.
“Beyond a relatively small core of clearly sensitive subjects, it can be challenging to determine whether a particular research project has implications for national security. The gray area of projects that are not obviously sensitive, but which might have unforeseen impacts, is expanding. Research in AI is a prime example,” noted Ashdown.
Dowden, the deputy prime minister, referenced “frontier research” in his statement, but Ashdown said at the cutting-edge, “research depends on the ability to work collaboratively, to innovate, to move quickly. Overly stringent security controls could therefore undermine precisely the work that they are intended to protect.”
“I believe that universities are on the front lines of a battle for information,” said Michelle Donelan, the secretary of state for the Department for Science, Innovation and Technology. “Maintaining the UK’s world-leading reputation as an academic superpower relies on having strong safeguards to protect research from those who wish to do us harm.”
Universities in the United Kingdom currently work with the government through a number of bodies to address these threats, including the Higher Education Export Control Association and the Research Collaboration Advice Team.
Tim Bradshaw, the chief executive of the Russell Group, said: “Boosting support for the Research Collaboration Advice Team would be a really positive move that will make it easier for universities to identify risks when exploring new research partnership opportunities.
“Extending security clearance to key university personnel would be another step forward, and extra resources to boost capabilities through a Research Security Fund or alternative arrangements would help universities understand and respond at pace to new and emerging threats,” Brashdaw added.
‘Not about erecting fences’
Ashdown said there was “a critical challenge around resources and expertise. Universities cannot be expected to tackle the first challenge [of understanding the threat] alone – they do not have the resources or the expertise.
“Governments in turn do not always have the expertise to assess the potential implications of specific research projects. The two sides need to work together, but there is also a need to develop more capacity across the ecosystem to identify both threats and key areas of research,” said Ashdown.
Potential additional controls on academic research may prove controversial due to the open culture of the sector. Dowden acknowledged these tensions, stating: “For a millennium, our universities have thrived on being open. Open to ideas, open to innovation, open to being independent of government.”
But he stressed: “This is not about erecting fences, this is about balancing evolving threats and protecting the integrity and security of our great institutions.”
Professor Dame Ottoline Leyser, the chief executive of UK Research and Innovation — a public body that directs government funding — said: “In an increasingly complex geopolitical context it’s really important to find ways to enable high quality collaboration while also protecting national interests. This consultation is an important step towards achieving this goal.”
Ashdown noted the language in the MI5 briefing was “reminiscent of the US approach to research security, and it is to be expected that the U.S. and U.K. would be closely aligned on this issue,” but that the United States tended to be “more legalistic in its approach to collaboration between government and other entities.
“In the U.S. there is a push for a formalized information sharing organization for universities and other research institutions. This would act as a clearinghouse for information and to share best practices around research security. In the U.K., one option we might see is a more informal approach to reach the same goal – an informal coalition around research security spanning industry, academia, and government.”
