New DoD Requirements
On June 29, 2023, the Department of Defense (DoD) published new guidelines for assessing security risks associated with applications for fundamental research grants. Although previous National Defense Authorization Act (NDAA) requirements included some of the new procedures, these guidelines represent new minimum standards across DoD. The guidelines are the most specific procedural additions to previous guidance in the 2019 and 2020 NDAA related to addressing unclassified research risk from foreign exploitation.
DoD Basic Research
The purpose of the new guideline is to ensure the security of DoD-funded fundamental research, to warrant that covered individuals fully disclose information on potential conflicts of interest and commitment, and to encourage compliant behavior while making clear what is and is not acceptable behavior by those conducting fundamental research with DoD research funding. The broader objective is to “develop a consistent, all-of-government risk-based security review process” in accordance with the June 08, 2023, memorandum titled Policy for Risk-Based Security Reviews of Fundamental Research.[1]
The DoD basic research program exists to support fundamental research with the goal of enhancing the long-term capabilities of the U.S. military. The program is overseen by various agencies within the Department of Defense, such as the Defense Advanced Research Projects Agency (DARPA), the Office of Naval Research (ONR), and the Air Force Office of Scientific Research (AFOSR). These agencies collaborate with academic institutions, industry partners, and other government agencies.
All U.S. research and development contributes and is important, however, through research leading to military application DoD seeks to promote innovation that can specifically lead to advancements in defense capabilities and military readiness.
Protecting Research is a National Security Imperative
DoD research investment represents a substantial amount of funding, under DoD appropriated funding codes 6.1 and 6.3, according to the Congressional Research Service, was approximately 18.8 Billion in 2023. Basic research programs emphasize high-risk, high-reward research endeavors, many of which may not have immediate applications but have the potential to make significant breakthroughs in science and technology.
This potential is what makes this research appealing to foreign entities seeking to advance their own military research and development by exploiting other countries’ programs. As the Under Secretary of Defense for Research and Engineering and DoD Chief Technology Officer Heidi Shyu put it, "Protecting and maintaining the integrity of our research enterprise is integral to national security."
An all-of-government risk-based approach is an aspirational goal for federal research funding. As the U.S. federally funded research community awaits common standards for research security, the DoD guidelines, and the National Science Foundation (NSF) Research Security Analytics Summary provide insight into what those standards will include.[2] The fact that applicant organizations who seek DoD R&D funding are required to certify information in applications is complete and accurate will remain, along with these new requirements.
Summary of June 08, 2023, memorandum titled Policy for Risk-Based Security Reviews of Fundamental Research
All applications will now undergo an administrative review by the awarding component in accordance with the applicable risk-based security review consistent with Science and Technology Protection Guide, (March 31, 2021), Appendix B, “Fundamental Research Review Template.” The process of award remains merit based with the new security considerations only applied once a proposed institution is selected. It is important to recognize that even if an applicant organization complies with other requirements, including export controls, which does not mean it is complying with all DoD obligations.
Like all other recent attempts to harmonize award application requirements there is not a singular process across the entire DoD; each agency or department may include additional processes based on their priorities. It is important to continuously assess requirements by agency and type of award to ensure all requirements are met.
The DoD guidance identified Chinese, Russian, and Iranian institutions and universities posing greater risk. All applicant organizations should be proactively screening for restricted parties, unreported support, activities, and affiliations of risk. The guidelines provide a matrix to assist understanding of considerations in a research proposal. Several identified organizations of risk and other restricted parties’ lists are also noted.
Organizations are encouraged to consider future risk, based upon where an initial patent application is filed, particularly when application is made outside the U.S., in China, or Russia. The memorandum defines a “Confucius Institute” as a cultural institute funded by the Chinese Government and prohibits receipt of DoD funding by higher education institutions who host a “Confucius Institute” or other activity similar even if not specifically called a Confucius Institute.
As part of a proactive vetting process, awarded organizations are to provide the DoD with a covered individual’s contract for review and provide clarification on any identified relationships or associations of risk. Covered individuals are to complete insider risk awareness training and have an increased frequency of research performance progress reports. The guidelines point out that associations can include any academic, professional, or institutional appointments or positions with a foreign government or foreign government-connected entity with or without monetary reward, or other quid-pro-quo is involved. Awarded organizations must now take specific actions regarding individuals considered a security risk or who are in “problematic” positions by either removing them from fundamental research project proposals or from DoD funded positions.
What's Next
As of July 27, 2023, the NDAA passed in the Senate and is headed to the house for reconciliation. Senate amendments in the bill address Research Security in several ways. If the amendments survive reconciliation, U.S. based entities will be required to disclose investments in foreign companies working in advanced semiconductors, artificial intelligence, quantum science and technology, hypersonics, satellite-based communications, and networked laser scanning systems with dual-use applications. The Treasury Department will be required to provide Congress with an assessment of gifts and grants to U.S. institutions of higher education that are from companies listed as associated with the Chinese military-industrial complex.
Although previous National Defense Authorization Act (NDAA) requirements included some of the new procedures, these guidelines represent new minimum standards across DoD. They are the most specific procedural additions to previous guidance in the 2019 and 2020 NDAAs related to addressing unclassified research risk from foreign exploitation. These guidelines demand all applications for DoD contracts or grants to undergo an administrative review by the awarding component in accordance with the applicable risk-based security review. In addition to identifying Chinese, Russian, and Iranian institutions and universities posing greater risk, DoD expects awardees to proactively identify potential unreported affiliations. These affiliations include any academic, professional, or institutional appointments or positions with a foreign government or foreign government-connected entity with or without monetary reward, or other quid-pro-quo is involved.
Federal research security requirements continue to emerge and are not going away. IPTalons has kept their clients and subscribers aware and ahead of these changes. For example, we have consistently promoted building a research security review into the pre-award process. These new DoD guidelines now look for that level of review researcher’s support, activities, and affiliations prior to submission.
Fortunately, at IPTalons, inc., we have the tools and analytical expertise to do this without costly new positions and systems that struggle to meet these requirements. Our experience and expertise provide you with an unmatched ability to meet all guidelines, efficiently and effectively to remain compliant, stay ahead of changing requirements, right size your research security and due diligence program, and maintain the trusted research environment as openly as possible while being as secure, as necessary.
Sources