Research at risk: Global challenges,international perspectives,and Canadian solutions

Legal challenges

Research security faces three legal considerations. First, as leaders in global R&D, industrialized economies attract millions of foreign researchers and students who seek to work or study at domestic research institutes. This has been an incredible benefit to host countries, who reap the academic windfall of securing top foreign talent and the budgetary gains of international student fees. ¹⁴ However, the percentage of foreign students and researchers remaining within their host country upon graduation appears to be declining. ¹⁵ Many return to their native countries, driven by newly emerging economic opportunities, increasing difficulties in securing work or study permits, and surging levels of suspicion against foreign researchers. ¹⁶ The result is a version of brain drain, with research expertise flowing back into emerging markets and states. The trend poses a challenge to the long-term viability of some Western research institutes dependent on international students and researchers. Second, the open nature of academic publishing comes with the risk that malicious actors (and adversaries) may use research findings to advance their own goals. China has publicly stated that it will, for instance, “absorb” global scholarship to further its own domestic priorities. ¹⁷ By all standards of academia, it is free to do so. The RS challenge, however, relates to dual-use technologies that have both civilian and military/security applications. Some forms of open scholarship may inadvertently invite strategic competition. ¹⁸ Third, and relatedly, the open nature of the global research community allows foreign researchers to gain access to sensitive research of interest to hostile governments. ¹⁹ The risk arises in partnerships and joint ventures between research organizations. By working in Western labs and institutions, foreign researchers can build expertise that can later be exploited by their home countries upon their return. ²⁰ Alternatively, foreign researchers may inadvertently engage in the IP theft of ideas gained during a partnership. ²¹

Extralegal challenges

Three extralegal concerns challenge contemporary RS. First, though institutional research partnerships are increasingly commonplace in academia, they can nonetheless jeopardize domestic RS. Some ostensibly civilian research institutes are, in fact, either fused or directly linked to foreign military R&D efforts. ²² When Canadian researchers collaborate with these foreign institutions and/or with foreign military-linked researchers, for instance, there is a risk that the product of their collaboration will be exploited by a foreign government or military. Second, foreign talent acquisition programs are often used to access foreign research. These programs recruit individual researchers in the West to conduct research for a foreign actor, often within their own domestic facilities. ²³ While these collaborative programs are not usually illegal per se, the contracts of many talent recruitment programs directly designate what is to be researched (generally dual-use technologies) and provide the foreign state with access to (or outright ownership of) IP. Frequently, these contracts also contain non-disclosure agreements, forcing domestic researchers to refrain from discussing their involvement in the programs. ²⁴ As such, dual-use research conducted in the West can unknowingly be exported to foreign states. Finally, some extralegal RS challenges stem from conflicts of interest and failures to disclose. These concerns arise when principal investigators on domestically funded research projects simultaneously conduct related research for, and/or are funded by, another country. In cases where research projects are linked, it is likely that information generated by a domestic project will find its way into a foreign one; findings seamlessly flow between them. ²⁵ By failing to disclose that a researcher is receiving foreign funding in a related area of research, domestic research grants may intentionally or unintentionally be used to fund research that is ultimately provided to foreign and hostile actors. ²⁶

Illegal challenges

Illegal activities are usually the most evident and well-understood RS challenge; three types stand out. First, adversaries will exploit the access domestic researchers have to classified or sensitive information in order to misappropriate it. At times domestic citizens are recruited by hostile states and paid in cash for information or IP that can be relatively easily stolen. ²⁷ While this type of insider threat is particularly salient with military related research, it occurs in other avenues of research as well. Moreover, hostile states may use leverage gained over domestic researchers, monetary or otherwise, through talent acquisition programs to coerce them into providing research of interest. ²⁸ In related fashion, adversaries might also use their vast network of foreign students and researchers studying and working in the West to gain access to sensitive research. By appealing to nationalism, using bribes, or coercing through threats to an individual or their family’s safety, foreign researchers and students are encouraged to gather information and bring it back with them when they return home. ²⁹ While gathering this sort of information can take the form of regular theft, it can also involve preying on the openness of the research community and asking researchers to share their work under the guise of academic collaboration. ³⁰ Second, hostile states frequently use their intelligence services to conduct espionage operations and gain access to research. Some intelligence services will embed agents within universities to establish connections with students and researchers who have access to privileged or classified information; these contacts can later be recruited to steal information. ³¹ Finally, due to the relatively low costs of using cyberspace to illegally gain access to domestic research, cyberattacks remain a major and growing area of RS concern. ³²

Domestic and structural challenges

Other RS challenges stem from domestic (i.e., Canadian) considerations. First, although CSIS has explicitly warned of the rising threat to Canadian research, Canada still lacks an overarching RS policy. ³³ Canada’s approach largely entails raising awareness among researchers and institutions, piecemeal: Innovation, Science and Economic Development (ISED) launched the Safeguarding your Research Portal to consolidate public information about RS; Public Safety leads workshops for researchers highlighting the risks and threats to, and best practices for, conducting safe and secure research; and facing an onslaught of pandemic-related challenges, CSIS, the Communications Security Establishment (CSE), and the Public Health Agency of Canada have each become more active and vocal in highlighting threats to researchers operating in specific areas of concern. ³⁴ Moreover, Canada regularly updates its cybersecurity awareness resources. ³⁵ While many of these recent initiatives suggest an interest within the Government of Canada to approach RS in a coordinated manner, much more still needs to be done. The RS mitigation measures currently in place, for instance, are generally legacy policies spread across and between various federal departments (including members of the security and foreign policy apparatus and inward-looking departments and grant-giving agencies) most often hyper-focused on specific issues that fall within a specific organization’s mandate. While it might be difficult, if not impossible, for a single institution to address fully all RS challenges, the range of actors involved in Canada’s current approach leads to a diffuse response, replete with competing departmental interests and (at times) contradictory approaches. ³⁶ Moreover, Canadian research security goes well beyond the federal government. Canadian universities—which fall within provincial jurisdiction—are on the front line and have an integral role to play. But they also clearly need support: not only have Canadian universities explicitly asked for more guidance from Canadian governments, the pandemic and associated rise in the number and sophistication of cyberattacks and data thefts have strained their ability to respond effectively on their own. ³⁷ Canadian university RS responses are guided by each individual institution; accordingly, they manifest themselves differently. ³⁸ Additionally, Canadian universities do not have a formalized mechanism to review threats to research at their institutions. While a coordinated approach to university RS policy could be undertaken through collaboration with provincial governments, the framing of RS as a national security consideration has unintentionally sidelined provincial authorities from RS discussions altogether. All of this came to a head in May 2021 when the Government of Alberta took a role in managing RS within the province, taking unilateral action to limit foreign university partnerships while calling on the federal government to manage better the file from Ottawa. ³⁹

Second, contemporary Canadian RS policy faces an inherent tension with the competing priorities and principles of open science. In Canada, OS is defined as “the practice of making scientific inputs, outputs and processes freely available to all with minimal restrictions.” ⁴⁰ Strengthening RS may jeopardize or restrict OS and might unintentionally be self-defeating if it affects Canadian researchers’ capacity to cooperate and innovate internationally. Researchers themselves are dubious of government attempts to regulate science, highlighting the paradox that the security benefits derived from regulating knowledge-sharing might weaken national security by hindering scientific advancement. ⁴¹ Yet for all the benefits of OS, failing to adequately protect Canadian research could eventually lead to increased hesitation on the part of Canadian research institutes to engage in foreign cooperation out of fear of inadvertently putting their IP at risk. This, too, would be detrimental to Canadian R&D, as foreign collaboration is increasingly integral to competitive science. Accordingly, active collaboration on RS between government stakeholders, research institutes, and scholars is a key component of developing proportional policies and strategies relevant to the current state of OS.

Third, the predominance of Chinese nationals in high-profile and public espionage cases in Canada raises legitimate concerns that some foreign researchers are being unfairly and unduly accused because of their nationality or ethnic background. Recent cases of misguided prosecution of Chinese nationals have led some to fear an emerging environment where it is a crime to be “researching while Asian.” ⁴² These concerns are especially relevant in Canada, which has experienced a spike of anti-Asian racism and hatred since 2019. ⁴³ Targeted RS measures run the risk of wrongly affecting certain minority communities and could discredit legitimate RS policy, yet Canadian governments cannot simply avoid creating RS policies out of fear of appeasing racism; a lack of leadership might encourage disparate jurisdictions and institutions to self-regulate in an inconsistent and harmful way. ⁴⁴ To complicate matters, foreign states have exploited Canadian concerns over institutionalized racism in order to foster Canadian opposition to certain policies. ⁴⁵ As such, balancing a robust RS approach with the risks of stigmatizing a minority community is crucial to the effective protection of Canadian research.

Finally, international students are central to the Canadian post-secondary landscape. Pre-pandemic, international students accounted for 40 percent of all tuition fees (equivalent to $4 billion) in 2018/2019. ⁴⁶ And, as over 28 percent of international students in Canada are Chinese nationals, financial experts have warned that three of Canada’s largest universities could face a cash crunch if China was to restrict unilaterally its students from studying in Canada. ⁴⁷ In the absence of federal guidance, universities may have a disincentive to implement strict RS policies if doing so means jeopardizing their own economic viability.

United States

The American position on the current state of US research security is clear: it is a widely and publicly held position by US officials, across party lines, that China poses the greatest long-term challenge to American research. This challenge is viewed as both an economic and security concern. ⁴⁸ From an economic perspective, the US estimates that Chinese IP theft leads to $600 billion in annual lost revenue. This challenge is exacerbated because the theft itself largely targets dual-use research, which may provide China an eventual military advantage. ⁴⁹ Since Washington views Beijing as a strategic competitor, any action taken by China to steal technology or information to improve its military capability translates into a direct US national security threat. ⁵⁰ Some Americans go so far as to call it an existential concern, fearing eventual Chinese technological and scientific supremacy over the US. ⁵¹ Appreciating these economic, security, and geostrategic concerns help explain American RS policy.

Of primary concern for the US is that its domestic research and IP might be directed or transferred, legally, illegally, or extralegally, to China, especially through talent recruitment programs. A steadily rising number of American researchers are being enrolled into Chinese talent recruitment programs to conduct research on behalf of China within American laboratories. ⁵² While this contracting of research is a concern to the US in and of itself, there have also been numerous cases of researchers failing to disclose their connections to Chinese recruitment programs when applying for US government funding. ⁵³ This adds to the risk that research and IP may accidentally be shared internationally between projects and could allow foreign actors to gain access to research they might not otherwise have had access to. Additionally, there have also been high-profile cases in which researchers have expressly used funding provided by the US government to co-fund their projects in foreign countries through talent recruitment plans. ⁵⁴

A second area of major concern is the disconnect between and among the US research community, regulators, and investigators. Historically, American responses to RS have been spread among different departments with no central authority. The result has been an empowerment of certain actors with narrow control over RS, a lack of information sharing between stakeholders, and no consensus on the efficacy of the current approach. ⁵⁵ That has intensified the divide between researchers and government regulators and investigators, with the former holding negative views of the government’s efforts to regulate science and research. ⁵⁶ Yet, paradoxically, the research community has expressed confusion regarding current RS approaches, and has called for more guidance from federal authorities, especially around disclosure and talent recruitment programs. ⁵⁷ Other poles within the research community question the integrity and purpose of current RS practices altogether. ⁵⁸

Although criticized for its sluggish response to emerging RS concerns, the US has recently implemented new measures that seek to strengthen its position. Washington has become increasingly aggressive in its response to recruitment programs and insider threats, including by taking steps to bar members of federal agencies from joining foreign programs. It has also empowered its federal grant-giving agencies to be more assertive in monitoring grant recipients for failures to disclose participation in foreign talent recruitment programs. The National Institutes of Health (NIH)’s use of a dedicated compliance team, for illustration, that investigates undisclosed conflicts of interest has been specifically highlighted for its efficacy in uncovering grant violations. ⁵⁹ Finally, the US has taken measures to mitigate perceived insider threats from Chinese foreign researchers and students, including by limiting the length of visas issued to researchers working with dual-use technologies, and otherwise suspending entry to the US entirely. ⁶⁰ On the latter, President Donald Trump’s Proclamation 10043 (2020)—since upheld by President Joe Biden—bars entry of Chinese researchers (on F or J visas) who have past associations with Chinese institutions that support the country’s “military-civil fusion strategy.” ⁶¹ Through the FBI, the US has also begun focusing on RS outreach to American academic institutions. The FBI’s Office of the Private Sector has liaisons embedded within FBI field offices in each state, tasked to engage with universities, highlight RS threats, and assist in developing local solutions.

To highlight these recent (and hardline) developments on US research security, consider National Security Presidential Memorandum 33 (NSPM-33) issued under the Trump administration in January 2020. The document ordered decisive action be taken to protect American research by centralizing the authority of the Office of Science and Technology Policy in future RS policy development. Through the Office, NSPM-33 calls for closer coordination between federal agencies’ disclosure mandates, increased information sharing between departments, and raising awareness among at-risk institutions and researchers. Moreover, and of importance to Canada, it calls for further international engagement with allies on the issue of RS to coordinate best practices across borders. Although NSPM-33’s status under the Biden administration is still unclear, the president has nonetheless signalled his intention to uphold some of its key elements, including on enhanced disclosure and coordination. Accordingly, the document provides a window into the evolving nature of American RS policy. ⁶²

Australia

Deep cooperation between Australia and the US on civilian, dual-use, and military research has long made the former a prime target of foreign espionage. While Australia has historically interpreted research espionage and IP theft as matters of institutional oversight, today the emerging consensus is that these challenges are a matter of foreign interference and national security. ⁶³ Of specific concern to Australia, given its proximity to China, is the level of cooperation between domestic and PLA-linked universities. ⁶⁴ Moreover, high-profile instances of Australian researchers being recruited by Chinese acquisition programs have raised concerns that Australian-funded research risks being misappropriated by China or used in ways that contravene Australian values (notably, in relation to China’s abuse of its Uyghur minorities, which some Australian leaders, alongside French, Dutch, and Canadian parliamentarians, have called a genocide). ⁶⁵

Assessing Australia’s evolving RS approach must take place within its larger context, however. Since 2017, for instance, Australia’s relationship with China has soured due to a series of events unrelated to RS, that have nonetheless facilitated bi-partisan support for major new RS initiatives. ⁶⁶ Notably, the government created the National Counter Foreign Interference Coordinator to synchronize Australia’s response to foreign interference, including in RS. ⁶⁷ Australia’s current focus is on better managing RS policies across stakeholders. In August 2019, it established the University Foreign Interference Taskforce (UFIT), which stakes a holistic, whole-of-government perspective on RS subsumed within the larger umbrella of foreign interference. It successfully integrated the government and university sectors within a horizontal and vertical policy response mechanism. While UFIT is led by a steering group comprised of government departments, it is supported by subject matter experts responsible for leading further development and providing advice on cybersecurity, research and IP, foreign collaboration, and culture and communication. ⁶⁸ UFIT has published guidelines that provide institutions a way to account for foreign interference in their research risk frameworks, and has (re)emphasized “knowing your partner” concepts providing individual researcher RS tools and support. ⁶⁹ Further, UFIT engages with the Australian Research Council, a national granting agency, in updating Conflict of Interest and Confidentiality Policy guidelines for researchers. ⁷⁰

Besides UFIT, the Australian government has itself taken other steps to protect its domestic research. It has sought to better coordinate cybersecurity with states, territories, and the private sector, including by providing A$1.6 million over ten years to enhance university cybersecurity, develop threat intelligence-sharing networks and sector-wide threat modelling, and a national cybersecurity forum. ⁷¹ And, in adopting Australia’s Foreign Relations (State and Territory Arrangements) Act, the government established a general legislative scheme for all arrangements between Australian public actors and foreign governments, providing the minister for foreign affairs a veto on arrangements between public universities, local councils, state governments, and foreign entities, ensuring they are “not inconsistent with Australia’s foreign policy.” ⁷²

The Act was criticized for increasing the burden of compliance and jeopardizing collaborative opportunities, and because it regulates agreements negotiated by public institutions but not those pursued by private universities. Nor is there currently a process for appealing vetoed deals. ⁷³ As in the US and elsewhere, researchers have likewise criticized the heavy-handedness of Australia’s emerging RS approach, juxtaposing it against the virtues of open science; university administrators regularly dismiss public concerns as fearmongering. ⁷⁴ And, as in Canada, Australian universities’ budgets rely on Chinese foreign student fees. ⁷⁵ Following pressure from the education sector, an amendment was added to the Act specifying that university-to-university arrangements will only require notification if the foreign institution in question does not have “institutional autonomy,” defined as governance, research, and/or teaching independence from foreign government control.

Japan

Japanese RS is marked by two interesting (and interrelated) characteristics: it is almost exclusively focused on China and shadows the American approach. Geopolitical and regional factors play an oversized role in framing Japanese RS. Japan has identified particular areas of research China is known and/or suspected of having sought access to—including dual-use research in quantum computing, AI, and semiconductor manufacturing—through illegal technological transfers and espionage. ⁷⁶ Japan’s response, though unhurried, measured, and piecemeal in nature, is modelled after the American one. While Japan traditionally approached RS as a matter of economic security, like the US (and Australia), it is increasingly applying a national security lens to the topic. Tokyo’s primary concern is that a failure to mitigate threats to research will create a perception among Japan’s core ally (the US), other international security partners (within the G7, Quadrilateral Security Dialogue, and NATO, for instance), and key trading partners (including Canada, Australia, and the EU) that it is a weak link in regard to RS, leaving it isolated from Western partnerships. ⁷⁷ The state minister of foreign affairs warned, for instance, that if Japan does not strengthen its counterintelligence capabilities, close partners will be reluctant to work with it. ⁷⁸ As such, Japanese RS is as much about reassuring friends as it is about countering threats.

Japan’s focus on China stems from its oversized role in domestic higher education. Japanese universities heavily engage with Chinese universities, including forty-five partnerships with PLA-linked institutions in areas of dual-use technology. ⁷⁹ Additionally, Japanese universities, like those in Australia, are dependent on Chinese students, who represent 40 percent of all foreign students. ⁸⁰ And it is estimated that the Chinese government operates forty-six talent recruitment stations in Japan. ⁸¹ The Australian Strategic Policy Institute (ASPI) has warned that some Chinese institutions leverage their privileged access to acquire sensitive Japanese information and technology, which they then relay to the Ministry of State Security. ⁸²

Japan’s response has been two-pronged: fostering better communication and coordination among government agencies and creating stricter visa requirements. In response to China’s growing economic regional power, for instance, the government established an Economic Statecraft Division within its National Security Secretariat in April 2020, with a mandate that includes protecting Japanese technologies. ⁸³ The move corrects a perceived shortfall of Japan’s previous RS strategy which was restrained to specific ministries controlling specific responses, leading to a generally disjointed approach. ⁸⁴ Japan also amended its Foreign Exchange and Foreign Trade Act to include regulations on foreign investments, curbing research espionage in sectors critical to Japan’s national security. ⁸⁵

To counter espionage in higher education in particular, since 2019 Japan has launched a number of distinct measures. It strengthened visa processes; the Japanese foreign ministry requested ¥220 million to expand student visa evaluations with an emphasis on preventing technology theft. Japan also tightened restrictions on Japanese researchers who are identified to be under “strong influence of foreign governments.” Controversially, the label carries with it a requirement to gain a Ministry of Economy, Trade and Industry license to work with dual-use technologies. ⁸⁶ The government likewise approved an innovation strategy which obliges government agencies and research institutes to strengthen their guidelines around research integrity and conflicts of interest in order to prevent the outflow of technologies linked to national security. This is in conjunction with the planned increase of export controls on suspicious foreign research. The government also considered a proposal, also controversial, that would allow them to withhold funding to universities that fail to declare conflicts of interests and foreign partnerships. ⁸⁷ Finally, the Ministry of Economy, Trade and Industry established a project with a budget equivalent to C$17 million to help equip universities and small businesses with stronger frameworks better able to prevent the transfers of sensitive research and technology. ⁸⁸

Israel

Israel’s approach to RS is an outlier among the four examples explored. Though a global leader in research—spending the highest proportion of GDP on R&D—it has staked a starkly different approach to RS than the US, Australia, and Japan. ⁸⁹ Israeli R&D is both a matter of existential national security and economic interest. Israel’s perception of geostrategic vulnerability has compelled it to invest massively in developing military, cyber, and defence capabilities that ensure national security. To that end, government and public entities are some the primary funders of R&D, providing financial support for well over half of the country’s research activities in advanced electronics, cybersecurity, pharmaceuticals, and medicine. ⁹⁰ Additionally, given its small size and domestic market, technological exports, which accounted for nearly 60 percent of Israeli manufactured exports in 2019, help ensure its economic prosperity. ⁹¹

Because research is paramount in Israel, it has favoured policies that encourage open science that pose few restrictions. Indeed, Israel has not adopted RS terminology; nor has it taken any extensive effort to safeguard its domestic research, other than in certain niches (like biosecurity). For the most part, the perceived economic benefits of OS have limited Israeli calls for the creation of a RS framework. And Israel does not openly perceive China as a significant threat to its research. Israel-China ties significantly expanded in 2013 when Prime Minister Benjamin Netanyahu welcomed and encouraged Chinese investment in the hopes of increasing economic and diplomatic ties between the two countries. Government resolutions, directives, and incentives were provided to various Israeli ministries to increase collaboration with Chinese entities. ⁹² It is estimated that Chinese investments in Israel’s technology sector, including in dual-use technologies like AI and satellite communications, amounted to US$5.7 billion between 2011 and 2018. Additionally, Israel-China academic partnerships have expanded with new exchange programs and scholarships. ⁹³ Although Israeli and American national security organizations occasionally raise concerns about Israel’s encouragement of open collaboration, the government has, to date, largely avoided regulating its research sector in ways that might mitigate perceived Chinese challenges. ⁹⁴ Instead, the focus of Israeli RS is squarely placed on biosecurity and cybersecurity.

On biosecurity, Israel created the Regulation of Research into Biological Disease Agents Law (2008), with an eye on preventing biological terrorism and controlling dangerous pathogens. The framework is praised in RS literature as an effective tool to mitigate challenges associated with research involving dual-use goods. This is due to the overarching centralization of relevant stakeholders to establish clear policy guidelines, as well as extensive engagement and oversight mechanisms within universities. ⁹⁵ The law requires that institutions using dangerous pathogens obtain approval from a council regulating research on disease pathogens, which may dictate terms to be respected throughout the research project. Approved projects must be reported to the General Manager of the Health Ministry, and researchers and institutions who do not follow the law may be subject to imprisonment and fines. ⁹⁶

On cybersecurity, Israel has developed a vertically integrated cyber strategy which helps mitigate the impacts of cyberattacks, including those linked to IP theft and RS. The Ministry of Science and Technology cites the introduction of science and its accessibility to the research community as one of its primary goals. ⁹⁷ To achieve this objective, cybersecurity training is integrated into school and university curricula. Further, the government’s Nation Cyber Security Research Center Program established six cybersecurity research centres within universities, with a goal of ensuring multi-disciplinary research. ⁹⁸ The Israel National Cyber Directorate (INCD) provides guidance, creates policies, and publishes reports and statements specific to cybersecurity. These reports are rather specific: they discuss trends in cyberattacks, name actors as potential threats, and provide detailed unclassified information about cyberattack methods. Furthermore, within the INCD, the Israeli Cyber Emergency Response Team (CERT) is staffed at all times to help civilians and organizations deal with cyber incidents. The CERT also raises awareness around preventive practices, ensures information sharing, issues public alerts, and develops new mechanisms for dealing with emerging threats. To carry out these various functions, it maintains working relationships with private companies, academia, other government organizations, as well as CERT sub-centres which provide support on sector-specific threats. ⁹⁹

On China, as mentioned, Israel takes a notably laissez-faire approach. Policymakers have been primarily interested in the economic benefits Israel receives from partnering with China, rather than on the threats, and have largely disregarded warnings from the national security community. However, following extensive American pressure, increased criticism from Israeli intelligence, and the identification of Chinese involvement in areas essential to Israeli national security, including in the energy, military, and transport sectors, the situation has recently garnered more attention. ¹⁰⁰ As a result, Israel announced the creation of a new mechanism for screening foreign investments, an advisory committee that assesses the national security implications of foreign involvement in certain sectors. Yet, the committee’s decisions are non-binding; they only assist regulators and provide opinions. Considering the extent of investment and involvement of China in different spheres of Israeli R&D, domestic RS strategies and policies—if and when they are developed or strengthened—will likely have to strike a careful balance between appeasing the US and not aggravating China.

Centralization

Without a designated authority for policy centralization, RS responses have traditionally been diffuse, disconnected, and inconsistently applied between various government departments and related stakeholders. In response, a process of RS centralization is currently taking place across each case. Although Israel does not interpret RS in the same way as the US, Australia, and Japan, its council for the regulation of research with disease pathogens has, nonetheless, been in use for years, offering an example of bringing together relevant departments over specific issues of concern. Centralization is built into that process. Similarly, Australia created the National Counter Foreign Interference Coordinator to oversee the government departments involved in RS policy development and response. And the US and Japan have also begun establishing centralized RS authorities tasked with policy harmonization, interdepartmental communication, and coordination, though they are still nascent.

Improving communication between government departments alone is not enough, however. The cases suggest a need for clear and effective communication with other non-government RS stakeholders. As discussed above, some Canadian universities have already voiced concern over confusing and conflicting RS requirements, calling for more government support and precise information on emerging threats and proper responses. To this end, the case studies reveal a concerted effort to foster better relationships with, and provide more direct guidance to, RS stakeholders. One model from the US entails integrating FBI liaisons at the local level, each tasked with working with specific institutions to identify threats and responses. Lessons therein are then fed back into the national strategy. Other models from Japan and Australia focus on providing federal training to institutes on preventing espionage and tech transfers and countering foreign influence. In all cases, when communicating with stakeholders, governments should clearly reiterate their commitment to the principles of OS and RS. By championing OS, governments help reinforce RS by securing academic and institutional buy-in, easing tensions with particular research communities, and improving relationships between researchers and authorities. Publicly expressing these ideas also demonstrates commitment to democratic values and OS at the international level, allowing countries to benefit from the continued flow of scientific cooperation, collaboration, and discovery. Finally, defining the guiding principles of OS will further ensure that regulators have a concrete reference point for RS policy development, ensuring that they, too, avoid over-securitizing research.

For Canada, next steps entail concretely centralizing its RS policy leadership within a designated authority—existing or newly established—allowing for better communication and outreach with stakeholders. ¹⁰¹ This could include working with universities at the local level to address challenges specific to their institutions, as well as challenges facing universities and researchers writ large. This authority can likewise publicly outline Canada’s commitment to open science and to foreign researchers, positioning these commitments within the larger context of research security.

Collaboration

While overwhelmingly beneficial to the global scientific community, collaboration with foreign researchers, students, and research institutes has nonetheless emerged as a chief RS concern. Illustrations from the four cases abound, with particular attention paid to PLA-linked universities and talent recruitment programs. While some countries have reacted to this particular challenge with hardline (and even aggressive) responses, it is nonetheless important that Canada first debates and then finds the right balance between addressing the challenges of foreign collaboration and deriving benefit from it, which includes supporting OS, countering racism and stigmatization in research, and fostering innovation, excellence, and economic opportunities. From the case studies, we find a range of responses regarding foreign collaboration. America’s assertive approach includes better vetting of foreigners, changes to visa policies, cracking down on talent recruitment plans through the use of conflict-of-interest clauses, threats of sanctions, and entry bans. By contrast, Australia has been working with its universities to better recognize PLA-affiliated entities, while developing a culture of awareness about the potential risk of foreign collaboration. Japan’s approach, still under development, sits somewhere between these two poles. Only Israel stands as the outlier: it actively pursues collaboration with China despite American (and some domestic) protest.

Our research also illustrates the importance of competing considerations in developing an RS policy response to foreign collaboration. Of greatest importance, open science generates international collaboration which feeds scientific innovation. This is a good, in and of itself. Further, many universities are reliant on international tuition fees paid by foreign (mostly Chinese) students. Should vetting make it more difficult for foreign students to study abroad—a trend already taking shape—the effects will be largely felt on universities’ budgets and domestic tuition fees. And finally, RS responses must consider the real and/or perceived nature of racial bias unduly and unfairly targeting certain nationals. US Presidential Proclamation 10043, for illustration, has been strongly rebuked for its effect on Chinese students and researchers. ¹⁰²

Taken together, Canada must look to its own visa policies and processes to ensure they remain effective at deterring contemporary research theft. Canada should mitigate risks from foreign institutions with direct military ties by establishing lists of particular institutions of concern—as some Canadian allies have already done—and working with domestic stakeholders in developing a more nuanced review process when exploring collaborative opportunities with researchers who have active links to these institutions. And finally, Canada might draw from American and Australian efforts to foster a know-your-collaborator culture among domestic researchers, mitigating RS challenges at the frontline of collaboration.

Controls

Traditionally, export controls have entailed safeguarding the foreign transfer of goods that could be used in military settings, including weapons, dual-use technologies, nuclear capabilities, and other related goods. More recently, however, countries like Japan and the US have taken measures to broaden their export controls to protect economic interests or to altogether reframe them as national security concerns. But while these countries move towards securitizing their economies, civil society actors and researchers alike have become wary of this approach because it risks undermining OS, international collaboration, and the free flow of scientific information. Moreover, focusing on export controls may not be the most effective way to mitigate threats to research; ASPI has found that export control lists are not updated frequently enough to adapt to evolving technological developments. Furthermore, only rarely do countries deny export control applications; in 2019, for instance, Canada denied just 0.02 percent of applications. ¹⁰³ Export controls can, however, be used to regulate the transfer of goods, services, and technologies regardless of their means of delivery, including the electronic transfer of information. But the low rate of denial and the high volume of electronic transfers of information, especially in the context of COVID-19 research, demonstrates that it is unlikely that all researchers are applying for export control permits, even though they may be required to do so under evolving considerations. These issues are of particular concern when conducting research with dual-use technologies and goods. The definition of dual-use is generally too broad to be of much operational utility. Israel’s case highlights, for example, a blurring between technology that is of purely civilian use and technology that may have military or security applications. Given the flexible and evolving definition and scope of dual-use, researchers may be working with these technologies without being aware of it.

While export controls should not function as the primary mechanism for contemporary RS, they can and do have a supporting role. Accordingly, Canada should conduct an analysis regarding the impacts of broadening its export controls to other sectors considered integral to Canada’s economic security. Additionally, the creation of a standing committee with relevant technological expertise, perhaps built along the lines of Israel’s lauded council for the regulation of research with disease pathogens, could be established to support the evolving decision-making process as to what goods and technologies should be included in export controls. The committee could likewise assist in the development of clear guidelines for researchers working with dual-use technologies. Finally, Canada might consider further emulating Israel’s council by establishing a centralized body and requiring universities to create institutional committees which regularly review projects in military and dual-use areas. This will ensure better regulation of dual-use technology and support universities and researchers.

Cybersecurity

Many governments, Canada’s included, have taken recent measures to raise public awareness about the linkages between cybersecurity and RS. However, researchers’ interest in, and concern for, cybersecurity remain thin; British studies have found that hackers were able to obtain high-value data from university researchers with just 2 hours of effort, and that human error remains a key determinant of data breaches. ¹⁰⁴ For contemporary RS, ensuring relevant stakeholders buy into cybersecurity is critical. Crafting an effective cybersecurity strategy to protect research will require a flexible and engaging approach in which researchers are compelled to better ensure the protection of their information. The Israeli case study provides interesting insights on this theme, as it promotes a whole-of-society resilience to cyberattacks. The vertically integrated strategy wherein the government continuously reiterates its commitment to cybersecurity contributes to increased public awareness and ensures that the general population—including targeted researchers—has a high level of technological literacy. The CERT provides direct support to civilians who are suspected to have been the victim of a cyberattack. It also provides tools and resources to civilians to help them address potential cyber threats directly.

Canada should continue to work with universities to develop cybersecurity training that resonates with researchers; universities might consider making cybersecurity training mandatory for all publicly funded researchers, as they already do with other forms of training (e.g., research ethics, physical safety, and mental health). Researchers working on subjects that are particularly threatened by RS should be tested frequently on their knowledge and compliance with cybersecurity best practices. Canada’s Cyber Centre might likewise increase the support it provides directly to researchers (and civilians more broadly) who have been, or suspect they have been, the victim of a cyberattack. Moreover, the government as a whole could provide direct cybersecurity support to universities and research institutions, including by circulating timely and tailored information about specific threat actors, the means they employ, and the targets they may be after, in order to better augment RS and cybersecurity awareness among researchers. Finally, Canada should conduct continual network penetration operations, similar to those conducted in the UK, to identify weaknesses in cyber infrastructure and raise awareness among at-risk actors.