Universities conduct research into a wide array of fields, from the arts to social sciences, medical breakthroughs to engineering and information technology. These research projects and discoveries carry great intellectual property value as well as strategic advantages to the commercial and government sectors.
Following a spate of state sponsored attacks against Australian universities, such as those against the ANU, the University Foreign Interference Taskforce has issued a set of Guidelines to help counter foreign interference.
Australian Universities now have to inform the government of any identified risk of foreign interference under the new Guidelines. Interference risks include: cyber attacks; attempts to direct research; intellectual property theft and moves to steal away researchers and academic staff.
The Guidelines also recommend universities develop conflict of interest policies around foreign affiliations and funding, and put more onus on researchers to identify risks in their own projects.
The Guidelines address the following key themes:
Governance and risk frameworks
* ensuring structures promote and strengthen a positive safety and security culture, which builds resilience to foreign interference.
* Including foreign interference risks in existing risk frameworks, policies and procedures and identifying capabilities in the university that contribute to the security of people, information and assets.
* Applying due diligence proportionate to the risk.
* making considered risk assessments based on the combined sensitivity of the research topic and potential research partner.
* In addition to internal governance requirements, university policies and procedures also ensure consideration is given to whether legislative frameworks like the Defence Trade Controls Act 2012 (DTCA) and the Foreign Influence Transparency Scheme Act 2018 apply.
* knowing your partner, research collaborators and staff by undertaking appropriate due diligence, supported by university processes, taking account of the potential foreign interference and reputational risks.
Communication and education
* communicating the risk of foreign interference, acknowledging that often the risk is low.
* communication strategies and education programs raise awareness of foreign interference risks, and arm decision makers with knowledge to enable levels of vigilance proportionate to the risk.
* communication strategies, education and professional development programs promote the university’s commitment to security culture, and raise awareness of risks and their implications.
* strengthening knowledge sharing mechanisms across the sector and between the sector and the commonwealth, about emerging risks and experiences of foreign interference.
* the need for security agencies to provide greater assistance to universities to identify risks and proportionate responses is acknowledged, noting significant information is already available to universities.
* Protecting information held on Ict systems through the development and implementation of robust cyber security strategies, engaging with commonwealth agencies, sharing best practice and cyber threat modelling.
Key themes and objectives are:
* underpinned by an objective statement to manage and engage risk to deepen resilience against foreign interference;
* supported by questions, which are not intended to be prescriptive, but designed to guide universities in addressing the range of emerging risks in global higher education arising from foreign interference appropriate to their own context; and
* intended to support an environment of trust and confidence across the university sector to guide decision-making based on proportionality of risks and an environment of continuous improvement.
The Guidelines can be found here.