Image: State Farm [CC BY 2.0], via Flickr
Research institutions encouraged to implement security measures, but Commission stresses guidelines are non-binding
The European Commission has finally published its guidelines to help research institutions tackle foreign interference, about a year and a half after drafts were circulated among the community.
“Raising awareness and implementing preventive measures is key to tackle threats of foreign intrusion,” said research commissioner Mariya Gabriel as the guidelines were published on 18 January.
The Commission stressed that the guidelines are not binding, billing them as a ‘toolkit’ to help universities and research institutions develop their own strategies for tackling potential threats from foreign actors, such as theft of intellectual property or reputation damage by association.
In December, a Commission official involved in drawing up the guidelines said that they were designed to not put “a lot of additional burden” on organisations, and the guidelines state that recommendations should be integrated “as much as possible in existing structures”.
“There is no one-size-fits-all approach; and each organisation needs to tailor their own set of measures,” the guidelines state.
Identifying risks
As expected, the guidelines encourage specific ways for institutions to shore up their awareness and prevention of foreign interference. In particular, they recommend a “vulnerability assessment” to understand pressures on academic freedom and integrity, as well as the creation of a foreign-interference committee.
Institutions are also advised to identify particularly risky countries and institutions, although the guidelines do not give details of any specific countries that are considered to be of higher risk, and institutions are encouraged to “continue to cooperate with partners in repressive settings”.
EU action on foreign interference comes as other countries have moved to tighten up research security. Earlier this month, the White House science policy office in the United States published its own guidance on how government-funded researchers should report ties to foreign powers, explicitly mentioning threats from China.
The EU guidelines place a strong emphasis on cybersecurity as one of four areas—along with values, governance and partnerships—that demand attention. Institutions are encouraged to raise awareness of cybersecurity risks through training and develop robust measures to detect, prevent and recover from cyberattacks.