Is your research at risk?
Do you have a healthy paranoia when it comes to protecting your research and data access from espionage? You should, according to the Police Intelligence Service (PET), who recently visited Health.
There were no dark glasses or Aston Martins, but a thorough and serious briefing on the espionage threat to Danish research.
On 23 August 2022, the Police Intelligence Service (PET) informed Health’s faculty management team, departmental managements, division managers and Information security committees concerning the risk of spying by foreign states and their intelligence agencies – and about possible preventive measures.
The threat picture has become more pronounced, so we need to take better care of our research, said the advisor from PET, who encouraged the participants to leave the briefing with “a healthy paranoia”.
Technical and administrative staff, academic staff and students can all be targets
The vast majority of international research collaborations are of benefit to Denmark, but through espionage, foreign states may acquire knowledge of, for example, technology and products that may be essential to Denmark’s economy in the long term, or which can have a negative impact on security policy if the research is used for purposes other than that intended.
PET has observed that foreign intelligence services are trying to build up contacts with students, researchers and companies who can provide information. This is particularly the case in the fields of energy technology, biotechnology, quantum technology, robotics, defence products and products subject to export controls.
In 2021, for the first time, PET published an assessment of the espionage threat. It states that the threat level of foreign intelligence activities against Denmark has increased, and this should make universities extra cautious.
Students, researchers, technical and administrative staff can all be the ‘first point of entry’, and may unknowingly contribute to the transfer of sensitive knowledge to foreign states.
Few of them are directly recruited – most are “useful idiots”, as the intelligence services say; they never themselves realise that they have helped a foreign power by giving access to people or data through, for example, the careless use of IT or blind trust in an outsider.
PET stresses the importance of holding staff wellbeing conversations and ensuring good relations with foreign employees, who may sometimes be under pressure from their home country.
Time to put on a tinfoil hat?
Foreign states carry out intelligence activities primarily to strengthen their political, military and economic position. There can be major consequences if research is used for unethical purposes, but a security breach can also damage the researcher’s reputation and his or her future funding opportunities.
As a researcher, it is absolutely essential to screen your own research and data sources, PET stresses. Some areas are completely unproblematic, but as a researcher, you can be a target if:
- Your research is likely to lead to a future commercial or patentable result.
- You make use of sensitive data or personally identifiable information such as genetic information or commercial test data.
- Your research could be useful to foreign military services, or may have both military and civilian applications (‘dual use’).
- Your research could potentially form the basis for international strategic policy negotiations or decisions.
- You use advanced laboratory equipment.
There are many grey areas – basic research, for example, can be difficult to assess. But Health is working to make it easier for researchers to map and assess areas deemed worthy of protection, says Hans Erik Bøtker, Vice-dean for Research.
“We are focusing on the issue, and we will follow up with concrete guidance,” stresses Hans Erik Bøtker, who encourages all staff members to read the leaflet Is your research at risk?, in which PET and the Ministry of Higher Education and Science provide concrete advice on how to prevent and deal with foreign interference and espionage.
“If you suspect or experience irregularities, you should raise the matter with your immediate supervisor,” he says.
Some of the points in PET’s advice may seem like excessive caution when you have grown up in a Danish culture of trust – is it really necessary, for example, to keep an eye on whether foreign partners are taking an unusual amount of photos and videos when they visit? Dean Anne-Mette Hvas knows that suspicion of other countries and nationalities is at odds with Denmark’s open and free research culture:
“At Health, we have a tradition of openness and broad international collaboration. This is positive, and we should continue this tradition while taking the information from PET seriously. But throughout the debate, we must be very careful to avoid stigmatisation. One way to do this is by following PET’s advice to look at behaviour rather than nationality,” says Anne-Mette Hvas.
On the basis of PET's briefing, the dean's office will discuss the need for and the extent of initiatives at Health and present concrete proposals.
On 17 November 2021, a Russian citizen was sentenced to three years’ imprisonment by the Western High Court for espionage (Article 108(1) of the Criminal Code) and deported with a permanent re-entry ban. The person concerned had been spying on the Technical University of Denmark (DTU) and the Aalborg-based energy company SerEnergy A/S, and for several years he had been passing information to a Russian intelligence service in return for payment. SerEnergy A/S develops, amongst other things, fuel cells that can convert hydrogen into sustainable energy.
In June 2021, German authorities arrested a Russian citizen accused of spying for a Russian intelligence service. The arrested man, who worked as an academic staff member at a scientific technical institute in a German university, was accused of having met at least three times with a Russian intelligence officer and of having provided information at two of these meetings in return for payment.
In spring 2020, two researchers, originally from Iran, were charged with providing unauthorised access to the data system at the Norwegian University of Science and Technology, NTNU, in Trondheim. When the data breach occurred, the research duo was hosting a group of visiting researchers from Iran. The question is whether the research at the Institute could contribute to the production of weapons of mass destruction. The researchers were suspended, and the case is still under investigation.
WHAT CAN YOU DO YOURSELF?
Guidance from PET and the Ministry of Higher Education and Science on how to prevent and deal with foreign interference and espionage: Read more here.
According to PET, the threat of cyber espionage is now at the highest level of the scale. For this reason, you should use your IT equipment wisely – read the Advice on mobile device security and Cyber security while travelling