Research Security Program

Harvard University, as an institution that conducts fundamental research [as defined by the National Security Decision Directive 189 (NSDD-189), National Policy on the Transfer of Scientific, Technical, and Engineering Information] is committed to preserving and protecting the freedom of research and to maintaining a teaching and research environment that is open and that promotes the free exchange of research results. Adherence to the principle of openness in research generally requires that:

• Harvard University will not undertake classified research,
• Harvard University will not accept publication restrictions or terms and conditions that require sponsor approval of publications,
• Foreign faculty, students, and scholars will not be singled out for restriction in access to Harvard University’s educational and research facilities and activities.

In some cases, statutory or funding agency mandates may impose:

• publication restrictions;
• citizenship restrictions;
• access restrictions with respect to confidential, proprietary, or restricted information, software code, or technology; or
• otherwise restrict the sharing or transfer of such information or the uses to which it may be put.

Rare exceptions may be made to the principle of openness regarding publication, classification, and access by foreign students and scholars in accordance with the Harvard University Openness in Research Policy.  Such exceptions must be limited in scope to those circumstances where the area of research is crucially important to Harvard University’s educational and research mission. All exemptions are granted by the Office of the Vice Provost for Research who, in consultation with other institutional officials, will make the final determination.

Related Policies

Publications Policy
Openness in Research Policy

• Memo: ByteDance, TikTok and Other Entities Presenting Elevated Risks (Harvard PDF)
• Federal Acquisition Regulation (FAR): Prohibition on a ByteDance Covered Application
  • Attestation of Compliance with FAR 52.204-27
    
• Export Controls
  
• Foreign Talent Recruitment Programs
  
• Financial Conflicts of Interest
  
• NASA China Funding Restriction
  • In accordance with Public Law 112-10 and Section 1340(a) of the DoD Appropriations Act of 2011, NASA proposals involving bilateral participation, collaboration, or coordination in any way with China or any Chinese-owned company, whether funded or performed under a no-exchange-of-funds arrangement, may be ineligible for award.  The statute does not restrict individual involvement based on citizenship or nationality. Rather, individuals are subject to the restriction if they are affiliated with institutions of the People’s Republic of China or Chinese-owned companies incorporated under the laws of China. Thus, a team member who is a Chinese citizen may work on a NASA project, but an individual affiliated with an institution of the Chinese state will be subject to the statutory restriction
    
• Telecommunications Equipment
  • Section 889 of the 2019 National Defense Authorization Act prohibits recipients of federal funding awards from using or procuring certain covered telecommunications equipment or services.  Section 889 regulations apply to grants, contracts and cooperative agreements, including subcontracts and subawards.  Covered telecommunications equipment includes equipment produced by Huawei Technologies Company or ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities).
    
• Faculty Disclosure

• Memo: Collaborations with Institutions on the Federal Restricted Parties List (Harvard PDF)
• Appointments with Restricted Party Affiliations Guidance: Procedures for Identifying and Managing Risk (Harvard PDF)
• Due Diligence Review Guidance for Funding from Foreign Sources (Harvard PDF)
• Researcher Departure Checklist – Harvard Data and Material Approval (non-public SharePoint)
• International Travel Guidance for those Arriving at U.S. Airports (Harvard PDF)
• Guidance on Identifying Malign Foreign Talent Recruitment Programs (Harvard provided PDF)
• FTRP Policy Guidance Presentation (Harvard provided PPT)

The NSPM-33 directs Federal funding agencies to require federally funded researchers to use researchers a digital persistent identifier (DPI) to disambiguate and identify the researcher. A DPI, such as ORCiD, is globally unique, persistent, machine resolvable and processable, and has an associated metadata schema.

Bringing laptops or telephones when traveling heightens the risk of data and identity theft.  To support productivity and increase security, HUIT has launched a service providing loaner devices for travel to high cyber risk countries.

National Science Foundation (NSF):

In October 2018, the National Science Board (NSB) released a Statement of the National Science Board on Security and Science, reaffirming the principle behind National Security Decision Directive 189 that “our leadership position in science and technology is an essential element in our economic and physical security. The strength of American science requires a research environment conducive to creativity, an environment in which the free exchange of ideas is a vital importance.”  The NSB statement also emphasizes that “U.S. universities and colleges must help promote scientific openness and integrity and safeguard information that impacts national security and economic competitiveness.”

In July 2019, The Director of the NSF released a Dear Colleague Letter on Research Protection which notes that our science and engineering enterprise is put at risk when another government endeavors to benefit from the global research ecosystem without upholding the values of openness, transparency, and reciprocal collaboration. The letter states that, since 1978, NSF has required senior project personnel on proposals to disclose all sources of support, both foreign and domestic and the 2019 letter proposed a streamline process for submitting these disclosures, such as the use of electronic format.

In March, 2024, the NSF released the latest report by JASON, an independent science advisory group, Safeguarding the Research Enterprise. Building on the Fundamental Research Security report released in 2019, which studied the best balance between openness and security of science, NSF commissioned this new study to satisfy legislative requirements in Section 10339 of the “CHIPS and Science Act of 2022” and the Fiscal Year 2023 Appropriations bill. JASON was asked to comment on specific steps NSF might take to identify sensitive areas of research and describe processes to address security in those areas.

See Research Security at the National Science Foundation for more on the JASON studies, NSF’s efforts in securing the nation’s research enterprise, case studies, and training for the research community.

National Institutes of Health (NIH):

In August 2018, the Director of NIH released a Dear Colleagues letter to grantees and published a Statement on Protecting the Integrity of U.S. Biomedical Research which both highlighted the following three areas of concern:

1. Diversion of intellectual property (IP) in grant applications or produced by NIH-supported biomedical research to other entities, including other countries;
2. Sharing of confidential information by peer reviewers with others, including with foreign entities, or otherwise attempting to influence funding decisions; and
3. Failure by some researchers at NIH-funded institutions in the U.S. to disclose substantial contributions of resources from other organizations, including foreign governments, which threatens to distort decisions about the appropriate use of NIH funds.

The NIH Advisory Committee to the Director Working Group on Foreign Influences on Research Integrity has noted some foreign governments have taken advantage of our highly productive and interactive research community by mounting systematic programs to unduly influence and capitalize on NIH-conducted and NIH-supported research activities. This has typically taken the form of providing generous monetary support to targeted investigators, allowing them to conduct research either in U.S.-based laboratories or in foreign-based laboratories, but with expectations that the foreign entity will benefit. While it is possible that such forms of support can be proper if fully disclosed and reviewed, the potential for breaches of long-standing NIH policies and principles is significant, and failure to disclose other support to NIH is a serious violation of NIH policy.

On July 10, 2019, the Director of NIH issued Reminders of NIH Policies on Other Support and on Policies related to Financial Conflicts of Interest and Foreign Components to remind the extramural community about the need to report foreign activities through documentation of other support, foreign components, and financial conflict of interest to prevent scientific, budgetary, or commitment overlap.

NIH has released a webpage regarding Foreign Interference stating, “NIH and the biomedical research enterprise have a long history of international collaborations with rules of engagement that allow science to advance while assuring honesty, transparency, integrity, fair merit-based competition, and protection of intellectual capital and proprietary information. These rules of engagement also are designed to limit bias in the design, conduct, and reporting of NIH-supported research. This page describes actions that NIH, institutions, and researchers can take to protect against inappropriate foreign interference. The principles described here align with those announced by the White House Office and Science and Technology Policy in June 2020 and in the NSPM-33 implementation guidance.”

On May 25, 2023, the Director of NIH published a Safeguarding Integrity and Collaborations letter in Science which summarizes NIH efforts to address long-standing foreign interference threats, many stemming from foreign malign talent recruitment programs. One main point in the letter notes, “Proper collaborations do not entail stealth employment, duplicative funding, undisclosed financial conflicts of interest, or the repeated recitation of lies to institutional or government officials.” These behaviors, which deny funding to scientists who act with integrity, have often occurred at the instigation of foreign talent recruitment programs.

Department of Energy (DoE):

In January 2019, the Deputy Secretary at DOE issued a Memorandum for Heads of Departmental Elements that contains a policy prohibiting DOE personnel from participating in foreign talent recruitment programs. DOE provided further guidance to their employees and contractors in Order 486.1A and clarifications in the FAQs for DOE O 486.1A. The FAQs indicate that working at a DOE site, to include university staff who visit DOE sites to perform R&D work, requires compliance with the prohibition on participating in a foreign government-sponsored talent recruitment program. DOE also released Order 142.3B which relates to their agency’s unclassified foreign national access program. Inclusion of Order 142.3B in a contract may necessitate additional procedures. Refer to the FAQs for DOE O 486.1A for more detailed information related to university faculty, staff, affiliated postdocs and students.

On June 1, 2022, the DoE issued a Financial Assistance Letter (FAL) related to DoE Current and Pending Support Disclosure Requirements for Financial Assistance in accordance with NSPM-33 and Section 223 of the FY 2021 National Defense Authorization Act. The FAL provides current and pending support requirements for applicants and recipients and includes definitions for current and pending support, foreign government-sponsored talent recruitment program, senior/key personnel.

Department of Defense (DoD):

On March 19, 2019, the Department of Defense (DoD) Under Secretary of Defense for Acquisition and Sustainment issued a Memorandum titled “Actions for the Protection of Intellectual Property, controlled Information, Key Personnel and Critical Technologies“.  This memorandum, citing Section 1286 (pp 443-445) of the 2019 National Defense Authorization Act (NDAA) (U.S. Congress provided PDF), outlined disclosure requirements for research and research-related educational activities supported by DoD grants, cooperative agreements, and Technology Investment Agreements (TIAs).  Included among the requirements is the obligation for proposers to submit a list of all current projects and future support key personnel have or have applied to receive. 

In October 2019, The DoD also issued a Dear Academic Colleagues letter to universities and research centers noting that research integrity is jeopardized through foreign governments’ exploitation that intentionally target U.S. and allied partner research and intellectual capital.  The DoD letter describes their efforts to protect the integrity of the U.S. research enterprise and asks for support in identifying and taking action against illegal activities and unethical practices across our research enterprise.

On June 8, 2023, the DoD Under Secretary of Research and Engineering issued a Memorandum titled, “Policy for Risk-Based Security Reviews of Fundamental Research”. This memorandum, citing National Security Presidential Memorandum-33 (NSPM-33), “United States Government-Supported Research and Development National Security Policy,” January 14, 2021, provides policy for the risk-based security reviews mandated by section 1286 of the NDAA for FY 2019 and NSPM-33. The overall intent of this policy is to ensure consistent application of risk-based security reviews for fundamental research project proposals across the DoD. This policy is accompanied by a Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions which is used by program managers and DoD Components to guide their reviews of fundamental research proposals for potential conflicts of interest. The decision matrix also describes conditions under which mitigation is required or recommended, depending on the type of conflict and the timeframe in which it occurs.

Office of Science and Technology Policy (OSTP):

In September 2019, the Director of OSTP sent a Letter to the United States Research Community in which he emphasizes the importance of protecting the integrity of our nation’s research enterprise and the steps planned via the Joint Committee on the Research Environment (JCORE).

In June 2020, OSTP released a presentation on Enhancing the Security and Integrity of America’s Research Enterprise. This presentation highlights some specific cases and areas of ongoing concern related to risks to research security and stresses that individuals, institutions, and governments share responsibility for integrity in the research enterprise. In January 2021, the White House issued the National Security Presidential Memorandum-33 (NSPM-33), which directed federal research agencies to require principal investigators and other senior/key personnel to disclose appropriate information that “will enable reliable determinations of whether and where conflicts of interest and commitment exist.” Also, Section 223 of the FY 2021 NDAA, codified as 42 U.S.C. § 6605, was enacted, which requires all federal research agencies collect current and pending support disclosures as part of the application process. To ensure consistent implementation of NSPM-33 and Section 223 of the FY 2021 NDAA, on January 4, 2022, the OSTP issued Guidance for Implementing NSPM-33 on National Security Strategy for US Government-Supported Research and Development, which addressed five key areas, including “Disclosure Requirements and Standardization.”

In July 2024, OSTP released a memorandum on Guidelines for Research Security Programs at Covered Institutions to address risks posed by strategic competitors to the U.S. research and development enterprise by implementing several measures to improve research security while preserving the openness that has long enabled U.S. research and development leadership throughout the world and without exacerbating xenophobia, prejudice, or discrimination.  The guidelines are issued in accordance with NSPM-33 and certain provisions of Public Law 117-167 (the CHIPS and Science Act). Specifically, federal research agencies must require certain research institutions (“covered institutions”) to certify to the funding agency that the institution has established and operates a research security program.

Research Security Training is an integral component of a Research Security Program, to raise awareness and ensure that risks are identified, raised, and addressed by the appropriate offices. Federal agencies suggest the following components of a Research Security Training Program:

• Cyber and Data Security
  • Information Security Awareness Training Initial (University-Wide)
  • Harvard University Research Data Security Training (For PIs and Admins)
  • IT & Data Security
  • Keeping Your Data Safe Abroad
  • Prepare for Travel to a Cyber High-Risk Country
  • Data Storage and Transmission
  • International Travel Loaner Devices | Harvard University Information Technology
  • International Travel and Electronic Device Searches
    
• International Travel
  • Safety and Security Abroad
  • Registration of Foreign Travel (GSS)
  • International Shipping Guidance and Sanctions, Screening Process and Monitoring 
    
• International Collaboration
  • Openness in Research
  • International Collaborations and Activities
  • The benefits of international collaborations (NSF)
  • Appointments with Restricted Party Affiliations: Procedures for Identifying and Managing Risk (Harvard PDF)
  • Due Diligence Review Guidance for Funding from Foreign Sources (Harvard PDF)
    
• Disclosures (Conflict of Commitment and Conflict of Interest)
  • OAIR Training and Education Information
  • Disclosing Other Support: Guidance for Faculty and Key Personnel
    
• Malign Foreign Talent Recruitment Program Risks
  • Enhancing the Security and Integrity of America’s Research Enterprise
  • Guidance on Identifying Malign Foreign Talent Recruitment Programs (Harvard provided PDF)
  • FTRP Policy Guidance Presentation (Harvard provided PPT)
    
• Export Controls
  
• Financial Conflicts of Interest

Conflict of commitment – Situation in which an individual accepts or incurs conflicting obligations between or among multiple employers or other entities. Many organizational policies define conflicts of commitment as conflicting commitments of time and effort, including obligations to dedicate time in excess of organizational or research agency policies or commitments. Other types of conflicting obligations, including obligations to improperly share information with, or to withhold information from, an employer or research agency, can also threaten research security and integrity, and are an element of a broader concept of conflicts of commitment used in this document.

Conflict of interest – Situation in which an individual, or the individual’s spouse or dependent children, has a significant financial interest, or financial relationship that could directly and significantly affect the design, conduct, reporting, or funding of research.

Covered Individual – for purposes of the Harvard Foreign Talent Recruitment Program Policy, a Covered Individual is defined (revised from the CHIPS and Science Act to include non-Federally funded awards) as an individual who:

1. contributes, in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from any sponsor (Federally and non-Federally funded); or
2. is designated as a Covered Individual by a Federal research funding agency.

Note: The definition of a Covered Individual is based on their contribution to the project as defined above and is not related to the title of the individual. At Harvard, a Covered Individual could be a faculty member, research scientist, researcher, visiting scientist, student (undergraduate or graduate), post-doctoral fellow, etc., regardless of whether they are paid or unpaid. Similarly, Congressional Legislation and Federal Agencies use different terms such as PI, Co-PI, Investigator, Project Director, Project Co-Director, “Key performer”, “Key personnel”, “Senior personnel”, “Named Researcher”, “Named Individuals”, “Sponsored Researcher”, etc.

Current and pending research support – (a) All resources made available, or expected to be made available, to an individual in support of the individual’s research and development efforts, regardless of (i) whether the source is foreign or domestic; (ii) whether the resource is made available through the entity applying for a research and development award or directly to the individual; or (iii) whether the resource has monetary value; and (b) includes in-kind contributions requiring a commitment of time and directly supporting the individual’s research and development efforts, such as the provision of office or laboratory space, equipment, supplies, employees, or students. This term has the same meaning as the term Other Support as applied to researchers in NSPM-33: For researchers, Other Support includes all resources made available to a researcher in support of and/or related to all of their professional R&D efforts, including resources provided directly to the individual rather than through the research organization, and regardless of whether or not they have monetary value (e.g., even if the support received is only in-kind, such as office/laboratory space, equipment, supplies, or employees). This includes resource and/or financial support from all foreign and domestic entities, including but not limited to, gifts provided with terms or conditions, financial support for laboratory personnel, and participation of student and visiting researchers supported by other sources of funding.

Digital persistent identifier (DPI or digital PID) – A digital identifier that is globally unique, persistent, machine resolvable and processable, and has an associated metadata schema. Consistent with NSPM-33, digital persistent identifiers for individuals are used to disambiguate and identify an individual person.

Foreign Country of Concern – the term “foreign country of concern” for the purpose of this Policy is as defined in Section 10638(2) of CHIPS and Science Act of 2022 and currently includes the People’s Republic of China, the Democratic People’s Republic of Korea, the Russian Federation, the Islamic Republic of Iran. Under the legislation, the Secretary of State may designate other countries as such.

Research Organization – An entity that has applied for or received an R&D award from a Federal research agency. This term has the same meaning as “entity” as defined in Section 223 of the NDAA for 2021.

Gift – Includes any gratuity, favor, discount, entertainment, hospitality, loan, forbearance, license, special access, equipment time, samples, research data, or other item having monetary value. A gift also includes services as well gifts of training, transportation, local travel, lodging, meals, research hours, whether provided in-kind, by purchase of a ticket, payment in advance, or reimbursement after the expense has occurred. A gift by definition is given without expectation of anything in return.

Honorarium – A payment of money or anything of value for an appearance, speech, article, or other form of compensation or award.

Insider threat – The potential for an insider to use their authorized access or understanding of an organization to harm that organization. This harm can include malicious, complacent, or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.

Research and development (R&D) – Incudes basic research, applied research, and experimental development. Basic research is experimental or theoretical work undertaken primarily to acquire new knowledge of the underlying foundations of phenomena and observable facts. Applied research is original investigation undertaken in order to acquire new knowledge, and directed primarily towards a specific practical aim or objective. Experimental development is creative and systematic work, drawing on knowledge gained from research and practical experience, which is directed at producing new products or processes or improving existing products or processes. Like research, experimental development will result in gaining additional knowledge. Experimental development includes the production of materials, devices, and systems or methods, including the design, construction, and testing of experimental prototypes. Experimental development also includes technology demonstrations in cases where a system or component is being demonstrated at scale for the first time, and it is realistic to expect additional refinements to the design (feedback R&D) following the demonstration.

Research integrity – The use of honest and verifiable methods in proposing, performing, and evaluating research; reporting research results with particular attention to adherence to rules, regulations, and guidelines; and following commonly accepted professional codes or norms. 

Research security (NSPM-33) – Safeguarding the research enterprise against the misappropriation of research and development to the detriment of national or economic security, related violations of research integrity, and foreign government interference.

Research security (JASON’s Report) – Protecting the means, know-how, and products of research until they are ready to be shared, by approval of the leader(s) of the research program and other stakeholders in their security.

• Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Fund (U.S. Public Law 117-167)
• National Security Presidential Memorandum – 33 (NSPM-33): Presidential Memorandum on United States Government-Supported Research and Development National Security Policy
• Guidance For Implementing National Security Presidential Memorandum-33 (NSPM-33) On National Security Strategy For United States Government-Supported Research And Development; Joint Committee on the Research Environment (JCORE) Report
• National Science Foundation (NSF) Proposal and Award Policies and Procedures Guide; Disclosure Requirements. Research Security at the National Science Foundation.
• Threats to the U.S. Research Enterprise: China’s Talent Recruitment Plans, U.S. Senate, Permanent Subcommittee on Investigations, Committee on Homeland Security and Governmental Affairs, 2019.
• Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research Enterprise, Subcommittee on Research Security, Joint Committee on the Research Environment of the National Science & Technology Council, January 2021.
• The JASON Report (Research Program on Research Security) for the National Science Foundation (NSF), March 2023.
• The JASON Report (Safeguarding the Research Enterprise) for the NSF, building on the 2019 JASON report on (Fundamental Research Security).
• DoD memo (Countering Unwanted Influence in Department-Funded Research at Institutions of Higher Education), June 2023