NSPM-2 Insights and Recommendations for Research Organizations
On February 4, 2025, President Donald Trump issued an executive order titled National Security Presidential Memorandum/ NSPM-2, intent on applying additional pressure toward Iran, including a renewed focus on denying Iran nuclear weapons and countering Iran’s extensive malign influence operations against the United States. Like NSPM-33, research organizations and institutions with export capabilities have been called upon to play a critical role in securing American innovation and ensuring the security of the United States. NSPM-2 reinforces the need for research and development organizations, both public and private, to ensure they can surface and respond to research security risks from all countries of concern, including Iran.
President Trump’s executive order to counter Iran’s malign influence operations against the United States is reminiscent of actions taken during Trump’s first term, including ordering sanctions on over 1,000 individuals and organizations and an increased focus on Iran’s influence in the U.S.
NSPM-2 Sec. 2. (iv) requires the Secretary of the Treasury to issue “updated guidance to all relevant business sectors, including shipping, insurance, and port operators, about the risks to any person that knowingly violates United States sanctions with respect to Iran or an Iranian terror proxy.” While the specific guidance will eventually be released by the Treasury Department, the quickest way research organizations can mitigate accidental or purposeful violations of the sanctions would be to ensure employees have access to training to mitigate potential consequences. Additionally, the executive order highlights the importance of organizations having access to research security capabilities to detect employees who might have a disclosed or undisclosed relationship with countries of concern, including Iran. Significantly, NSPM2 mandates efforts to prevent maligned activity but without limiting compliance requirements above 50 Million in science and engineering funding.
For any organization that has international collaborations or customers, Sec. 2. (a) (v) of the executive order makes it more apparent than ever before that, notwithstanding portfolio amounts, organizations need the ability to ensure your research data or products go exactly where intended and that there are no nefarious actors or actions. The inability to do so significantly increases the chances that your transaction could violate Iran-related sanctions or other research compliance requirements.
Research and development organizations should expect increased consequences for having known or unknown collaborations or export control violations with Iranian entities or individuals. According to Sec. 2. (b) (d) of the executive order, President Trump has ordered the Secretary of Commerce to conduct an export control enforcement campaign to restrict the flow of technology and components used for military purposes to Iran. While vague, the direct increase in attention to export control violations means that organizations must know who they are working with or who their employees are working with and have the capability to develop actionable plans based on research security insights to prevent export control violations.
In the executive order, President Trump has charged the Attorney General with “pursuing all available legal steps to identify Iranian governmental assets in the United States.” (Sec. 2. (e) (iii)). The charge to identify assets should be particularly worrisome for research and development organizations that do not have a robust and confident research security program that can accurately identify employees that have known or unknown collaborations or other ties to the government or entities of Iran. Institutions that cannot identify employees with collaborations or connections to Iran will likely face additional consequences and risk the potential of losing funding.
Finally, (Sec. 2. (e) (v) of the executive order mandates that the Attorney General shall use all authorities and tools to disrupt efforts by the Iranian government to obtain sensitive information, evade sanctions and export controls, and exert foreign malign influence. Once again, this section highlights the importance of research and development organizations to prevent malign influence within their organization. Organizations can best prevent maligned influence by ensuring they have the proper research security tools, information, and expertise to prevent any employee from knowingly or unknowingly collaborating with a country of concern, including Iran. The executive order confirms that the executive branch has renewed its attention to foreign influence, theft of American innovation, and export control violations. Furthermore, according to the language, the executive branch plans to pursue and prosecute any export control or research security violation to the fullest extent possible. Any organization that wants to avoid executive inquiries and retain funding and support must have a mature and capable research security program.
Recommendations
In response to President Trump's executive order, a mature and capable research security program that can prevent malign foreign influence and export control violations is critical. Research organizations and research security programs need the capability to surface potential risks from all countries of concern, including Iran. They should also employ training requirements to ensure employees understand export control violations and potential attempts of malign influence conducted by Iran and others toward them. Research security programs need fast, reliable, and up-to-date intelligence to make actionable recommendations to prevent foreign malign influence operations.
IPTalons’ Redbook can help ensure your research security program has the necessary information to accurately judge your researcher's collaborations or hidden relationships. By leveraging Redbook's proprietary A.I. capabilities, your research security program can ensure your organization is preventing unnecessary risks while complying with the executive order’s mandate, ensuring continued funding, and avoiding executive inquiries.
Purposeful and accidental research security and export control violations often start with a lack of understanding and training. IPTalons offers training and certification programs to ensure your employees, managers, and leaders all have accurate knowledge of malign influence operations targeting them and an understanding of export control violations.
This is likely not the last of the added emphasis requirements related to protecting U.S. research and innovation information. By leveraging tools like Redbook and training through the Innovation Defense Academy, you can ensure you have taken the first steps in preventing the loss of innovation to malign influence operations and are compliant with this and other executive orders.
