Executive Summary

Most U.S. research and development (R&D) takes place in the private sector. This contributes to three problems that undermine the U.S. government’s current research security initiatives.

• The first is a problem of authority: the government has little or no authority to regulate research that it does not perform or fund, or to advise researchers on security issues that do not implicate federal laws or funds.
• The second is a problem of information: because they are not typically involved in research, government officials (especially in federal law enforcement agencies such as the FBI and Department of Justice) often lack the situational awareness and expertise needed to protect that research.
• The third is a problem of trust: many, if not most, American researchers are unfamiliar with law enforcement, skeptical of their motives, and wary of restrictions on scientific openness and collaboration. Because of this, researchers are often unwilling to proactively collaborate with the government, including but not limited to law enforcement, to improve research security.

Today, as China challenges the United States for technological leadership and works to extract technology, data, and know-how from U.S. research institutions, the U.S. government is pursuing an ambitious effort to improve research security throughout the country. This effort seems focused on enforcing conditions for federally funded research related to transparency and conflicts of interest, prosecuting researchers accused of violating these conditions, working with research institutions’ leaders and administrators to improve awareness of security threats, and preventing some Chinese nationals from physically entering or participating in research in the United States.

These measures are useful in some cases, but they face the core problems of authority, information and trust outlined above. As a result, any strategy that emphasizes them will inadequately protect the approximately 75 percent of U.S. R&D that is not federally funded.

To better defend U.S. science and innovation from the serious threats it faces, federal officials should rethink their approach—and the role of the government within it. Funding conditions, prosecutions, and the other familiar tools in the federal arsenal have their value. But to truly protect U.S. R&D, the government needs to empower frontline researchers as true partners. That means investing more in supporting security-informed decision making in business, philanthropy, and academia, and relying less on mandates and punitive tactics. Most of all, it means understanding that although the government has a crucial role to play, it cannot and should not dominate U.S. research security efforts.

To achieve these goals, we propose a new, public-private research security clearinghouse, with leadership from academia, business, philanthropy, and government and a presence in the most active R&D hubs across the United States. Building on promising real-world examples in cybersecurity and other critical domains, this institution would provide researchers on the frontlines, and their funders and managers, with open source information, security-related education and training, decision support resources, and a non-punitive interface with federal partners (when needed). It would conserve limited federal resources by equipping scientists to make security-informed decisions independently, and it would strengthen the government’s other research security initiatives by facilitating communication and mutual understanding among researchers, their institutions, and the public sector.

Protecting the United States’ R&D advantage demands new infrastructure, built with the needs of researchers and their institutions in mind, and organized to sustain a unique American strength—our dynamic, bottom-up research ecosystem. To ensure that the United States remains the world’s science and technology leader for decades to come, federal law enforcement, research funders and oversight agencies should start laying the groundwork for this infrastructure today.