Research Security

 

What is Research Security?

Research security is a broad term that refers to national security concerns surrounding research involving certain types of sensitive information, intellectual property, export-controlled information and other risks, such as Foreign Influence. Recently, the Office of Science and Technology Policy (OSTP) released guidelines for Research Security Programs at Covered Institutions.  Simply stated, a “Covered Institution” is an institution of higher education, a federally funded research and development center (FFRDC), or a nonprofit research institution that receives in excess of $50 million per year in Federal R&D obligations.  Because Oklahoma State University surpasses this level of Federal R&D funding we are required to comply with these new regulations.

 

As pointed out by OSTP, the overarching purpose of the federal research security efforts “is to make sure that institution of higher education (IHE) and other research institutions recognize the altered global landscape and fulfill their responsibilities as the first line of defense against improper or illicit activity.”  Moreover, OSTP points out that “actions that researchers were encouraged to take a decade ago, including collaborations with the People’s Republic of China (PRC) are now recognized as presenting risks.”

 

Research security has emerged as a top priority for US institutions receiving sponsored project funds from federal sponsors. The NSPM-33 Implementation Guidance, released in January 2022, requires any institution receiving over $50 million in federal research funding to establish a Research Security Program touching on four main areas of focus: research security training, cybersecurity, foreign travel security and export control training. In response to this guidance, the Division of the Vice President for Research, in collaboration with several other campus units, including the Office of Information Technology Services, has established this page as a starting point in the development of our own Research Security Program.

 

Why is Research Security Important?

Due to our land grant mission, Oklahoma State University supports, and encourages, Open scientific and scholarly collaborations between scholars for all over the world as such collaboration is one of the cornerstones of innovation, technological advancement and creation of knowledge. While the vast majority of international affiliations do not present a security risk, the Federal government has increased its attention on research in foreign countries or/and with foreign entities. There have been cases at some universities in the United States where researchers have violated laws and policies aimed at preventing lapses in research security. Thus, it is critical for all faculty, staff, and students conducting scholarly activities to understand the changing global landscape and their role in defending against improper or illicit activities.

 

With the implementation of National Security Memorandum 33 (NSPM-33) and the Chips and Science Act, the Federal Government has placed considerable emphasis on protecting the security of U.S. research through the disclosure of Conflicts of Interest and Conflicts of Commitment, including relationships, collaborations, or affiliations with foreign entities and research support provided by those entities. Due to the increased scrutiny the Federal government is placing on Conflict of Interest and Conflict of Commitment, NSPM-33 requires the use of Digital Persistent Identifiers and more detailed disclosure information.

• Digital Persistent Identifiers

  In order to reduce administrative burden, researchers are required to have a Digital Persistent Identifier (DPIs). Moreover, DPIs make it easier for researchers to create and maintain a complete and up to date record of their publications and achievements in one locations, thereby streamlining the grant proposal process.   While neither NSPM-33 nor the Chips and Science Act stated which specific Digital Persistent Identifier should be used, at Oklahoma State University, we have chosen to use ORCID ID’s.  All individuals submitting a proposal to any agency (federal, state, local, private) will be required to have an ORCID ID.  If you need assistance setting up your ORCID ID please contact ???????

• Disclosures

  As mentioned above, the Federal Government has placed much more emphasis on the disclosure and transparency surrounding relationships with, and research support from, foreign entities are key to managing and protecting the security of U.S. research. Researchers are expected to disclose outside financial interests, relationships, collaborations though our Conflict of Interest and Commitment electronic system managed by the Office of University Research Compliance.  The URC and College Sponsored Programs Offices work together to support the disclosure process and are available to answer questions as needed.  See the following policies for additional information:

  • XXXXXXX
  • XXXXXXX

  As stated in NSPM-33, the failure to make or update disclosures may trigger a range of penalties, including:

  • Criminal liability for individual researchers,
  • Civil liability for research institutions under the False Claims Act,
  • Research Impediments, such as terminated or suspended grants, mandatory return of research funds, or exclusion of certain personnel from research activities.

 

What Has OSU Done to Comply with These New Regulations?

In fulfillment of the research security measures incorporated in the CHIPS and Science Act, the Division of the Vice President for Research conducted a review of campus practices and policies pertaining to foreign talent recruitment programs. As part of this review, policies have been updated to incorporate a prohibition from Oklahoma State University affiliated individuals from participating in a malign foreign talent recruitment program (MFTRP). A MFTRP is broadly defined as a foreign program, position or activity that includes compensation (defined broadly to include compensation, honorific titles, research funding, etc.) in return for certain actions (e.g. unauthorized transfer of intellectual property, recruitment of other to the programs, establishing a laboratory or a company in the foreign country, etc.) sponsored by or based in a country of concern.

 

In response to the new federal mandates surrounding Research Security, Oklahoma State University acquired the services of an outside entity to evaluate our current Research Security program and assist us in developing a road map to maturing our Research Security Program.  Based on this road map we:

• Constituted a Research Security Working group to evaluate and update policies and procedures related to the new regulations regarding Research Security. The Research Security Working Group has representation from the Office of the Vice President for Research, Provost Office, Academic Affairs, Graduate College, Human Resources, Office of Legal Counsel, OSU Police Department, Faculty Council, IT Security, GCFA, Library, International/Global Studies, College of Engineering, Architecture, and Technology, Division of Agriculture and Natural Resources, and The Innovation Foundation. This group will also bring in other relevant parties on campus to discuss Policies and Procedures, when relevant,
• Established the Office of Research Security and Regulatory Trade Compliance under the direction of the Senior Associate Vice President for Research,
• Hired an Assistant Vice President for Research Security and Regulatory Trade Compliance. This individual will co-Chair the Research Security Working Group along with the Senior Associate Vice President for Research.  Moreover, this individual’s primary responsibility is Regulatory Trade Compliance (Export Controls) for the OSU Stillwater campus.
• Requiring the use of ORCID as a Digital Persistent Identifier at the time of proposal submission to any external entity.
• Have updated questions asked on the Financial Conflict of Interest for Sponsored Programs Disclosure form; have centralized these disclosures under the Office of University Research Compliance; and have transitioned the Financial Conflict of Interest for Sponsored Program questionnaire to an electronic platform for great ease of use, updating and correcting this information.

---

Research Security Program at Oklahoma State University

By federal mandate through NSPM-33 and the Chips and Science Act, all universities receiving $50,000,000 or more in federal R&D funding must establish a research security program covering the following components: (1) Foreign Travel Security, (2) Cybersecurity, (3) Research Security Training, and (4) Export Control Training, as appropriate.

• Foreign Travel Security

  Faculty, staff and students traveling for University purpose (REGARDLESS OF THE SOURCE OF FUNDING) are required to request travel approval via OSU procedures (Policy 1-0134 EMPLOYEE DOMESTIC AND INTERNATIONAL TRAVEL).  For foreign travel, in addition to the information provided in Policy 1-0134, faculty, staff and students traveling internationally must contact Export Control Office to have a Restricted Parties Screening completed with regards to country, entities, and people that OSU personnel will be interacting with. For more information and assistance with planning and conducting international travel, please visit OSU Global website.

   

  International travel is often required for university students, faculty, and staff to attend organization business and conferences, fulfill teaching obligations, research purposes, and/or many other aspects of their duties. The university maintains a joint effort between the Departments, the Office of Research Security and Regulatory Trade Compliance, and Travel Services to maintain a safe and productive journey that is complaint with government regulations on foreign travel, exports of controlled equipment, technical data, software, and technology.

  
  As stated on the OSU Global International Travel section, all faculty, staff, guests, and students traveling outside of the United Stated on OSU related activity are required to register their travel before they initiate a request for travel authorization.

  
  Travelers should also follow travel standards stated by the Office of Research Security and Regulatory Trade Compliance as well as International Travel section that specifies the requirements needed before traveling. The Division of the Vice President for Research Technology Services has Guidelines for Travel to a Foreign Country Standards that are also specified.

• Cybersecurity

  Cybersecurity is an expansive and complex area and its scope extends well beyond research.  For the purposes of research security, there are 14 requirements for safeguarding information systems similar to FAR 52.204-21. It is important to note that research taking place under government contracts may be subject to additional security controls.  We have established a secure research environment (RISE) for these types of contracts.  Please contact Export Control Office if you have any questions or need this type of secure environment.

   

  Cybersecurity is an integral part of protecting US federally funded research. Federal initiatives such as NSPM-33, the CHIPS & Science Act, and CMMC are working to address the need for increased cybersecurity. Additionally, Oklahoma State University has, and is continually, investing in cybersecurity efforts to protect your research. Our professionals have experience with protecting Federal Contract Information (FCI), Controlled Unclassified Information (CUI), and Export Control EAR & ITAR.

  Our professionals can assist you in securing your research by providing the following:

  • Security consultations (both Proposals and Awards)
  • Technology solutions
  • Awareness and training
  • Compliance support
• Research Security Training

  Research Security training provides individuals with information on possible risks and threats to the global research ecosystem. The University’s Office of Research Security and Regulatory Trade Compliance shall furnish training to relevant faculty and administrative personnel whose work may be impacted by these regulations and provide technical assistance regarding compliance, as well as assisting with federal agency requests for export licensing as required.

  All University employees and others acting on the University’s behalf are responsible for ensuring that activities are conducted in compliance with U.S. export control laws and regulations.  OSU has available online training for the following topics.

  • Responsible Conduct in Research
  • NSF Module 1: “What is Research Security”
  • NSF Module 2: “Disclosure”
  • NSF Module 3: “Manage and Mitigate Risk”
  • NSF Module 4: “International Collaboration”
  • CITI Export Control Training
  • Export Compliance and Distance Education (ID 16811)
  • Export Compliance When Using Technology in Research (ID 16804)
  • Export Compliance for Researcher (ID 16801)
  • Export Compliance for Research Administrators (ID 16803)
  • Export Compliance for Biosafety (ID16805)
  • Export Compliance for Operational Department (ID 16806)
  • Export Compliance for International Shipping (ID 16807)
  • Export Compliance for Purchasing (ID 16808)
  • Export Compliance and International and Foreign Waters (ID 16809)
  • Export Compliance and Collaborations (ID 16810)
  • Export Compliance and the United States Sanctions Program (ID 16812)

  If you have any questions regarding which training modules you should take, or if you would like to schedule a group in person training, please contact Export Control.  If you are having difficulties with any of these modules, please contact Office of University Research Compliance.

• Export Control Training

  The Assistant Vice President for Research Security and Regulatory Trade Compliance maintains responsibility for establishing, implementing, and enforcing University-wide export compliance policies, procedures, and guidelines designed to meet or exceed the requirements of the various federal laws governing the export of goods, technology, and information, including compliance with ITAR, EAR, and OFAC regulations. For more information on a variety of topics, including training for Export Control please visit Export Control tab on the Research Security and Regulatory Trade Compliance Website.

The Research Security Program defines Countries of Concern as:

Burma

China

Cuba

Eritrea

Iran

North Korea

Pakistan

Russia

Saudi Arabia

Tajikistan

Turkmenistan

 

The CHIPS and Science Act (2022) defined Countries of Concern⁽¹⁾ as China, Iran, North Korea and Russia. The Secretary of Commerce can determine if additional countries fit into that definition. As noted in CHIPS, entities owned, controlled, or subject to the jurisdiction of a Country of Concern may also be subject to restriction.

 

 For Research Security reviews, Countries of Concern also include the Countries of Particular Concerns, as designated by the Secretary of State. In addition to the above countries, those countries include: Burma, People’s Republic of China, Cuba, Eritrea, Iran, the Democratic People’s Republic of Korea, Nicaragua, Pakistan, Russia, Saudi Arabia, Tajikistan, and Turkmenistan.

 

Designation as a Country of Concern assists the Research Security Program when reviewing requests for collaborations with individuals, visiting scholars, and/or prospective students from such countries. This designation is used by federal agencies and the Research Security Program as a risk indicator.

 

1. Source: 42 USC § 19221(a)(1)