Knowledge security is a current issue. But what exactly do we mean by knowledge security? Miriam Roelofs, senior policy officer at the NWO-I office and Coordinator of Knowledge Security, explains what knowledge security stands for: ‘Knowledge security first and foremost concerns preventing the undesired transfer of knowledge and technology that is important for our defence and knowledge economy, and which is sensitive. Transfer is undesirable if this harms the national security of our country. In addition, knowledge security concerns the covert influencing of education and research by other countries, the so called state actors. This interference puts academic freedom and public safety at risk. Finally, it concerns ethical questions that can play a role in the collaboration with countries that do not respect our constitutional rights.’ The national security services constantly investigate the level of threat for the Netherlands, and based on this, they name these “state actors” who are known to be involved in the aforementioned actions. These are currently China, Russia, Iran and North Korea. The Netherlands takes measures to safeguard both its military and economic security.
Knowledge Security at NWO-I
In January 2022, the Dutch knowledge sector and the Dutch government published a guideline on knowledge security [in Dutch]. This functions as a policy framework that can be used by people at knowledge institutions involved in international collaboration and who need to weigh up opportunities and (security) risks against each other. The Advisory Council for science, technology and innovation (Awti) also published an advisory report [in Dutch] about how the Netherlands should deal with the risks of international collaboration for knowledge development at Dutch knowledge institutions, including higher education. Roelofs states that based on the guidelines, NWO-I has produced an implementation plan with concrete rules for how things are to be done at NWO-I. This plan contains several sections with specific actions: 1) protection measures, 2) knowledge acquisition and recording who in the organisation bears administrative responsibility, and 3) awareness of the importance of knowledge security, privacy and information security so that employees know what they should do to work safely. As an example, Roelofs states that employees must always consider whether it is safe to log in to a different network or share their knowledge at congresses. And what do you show during an apparently innocent tour of an institute? Do you ask visitors to hand in their smartphones, for example? Are visitors to an institute always supervised?
The crown jewels
Which crown jewels should the institutes and the NWO-I office protect? Roelofs says the institutes have performed a risk analysis: what knowledge do they possess and which knowledge has a distinctive value for the institute or is part of the institute’s reputation? Roelofs: ‘This concerns sensitive, possibly dual-use technology that could be deployed for both military and civil purposes. In the latter case, an example is technology that is decisive for our leading economic position, such as AI (artificial intelligence) or technology in the area of semiconductors.’ The results from the risk analysis have been used to develop policy measures. She says that these measures will soon take effect. Roelofs: ‘Examples are measures to protect the physical access to NWO Institutes, and cyber access via the networks of our organisation. Roelofs: ‘You must prevent malicious visitors from gaining access to data or to sensitive equipment. You can achieve that by, for example, ensuring that the servers are equipped with sufficient firewalls and that access is only granted to authorised persons. Screening can be part of the procedure for recruiting new personnel. Group leaders play a key role in hiring new staff. And for business trips to risk countries, a separate policy applies: researchers who visit China take an empty laptop with them.’
Roelofs acknowledges that the movement in science towards more Open Science and Open Access is at odds with the stated restrictions on transferring knowledge. However, she states that the proportion of knowledge subject to restrictions is far smaller than the proportion of knowledge that can still be openly shared. The goal is: open if possible, protected if necessary. Roelofs: ‘Scientific progress is partly realised through collaboration across national borders. This collaboration often arises in a bottom-up fashion between researchers who like each other and inspire one another. The aim is not to restrict this freedom. However, now researchers need to consider far more than in the past whether that exchange of knowledge is indeed desirable and whether their cooperation partners are not coming under pressure from their own governments or secret services, and thus are at risk. A green listing is planned to make such choices easier. This will identify research areas where you can collaborate without any limitations.’
The measures are definitely not aimed at a generic exclusion of researchers from risk countries. Stigmatising groups on the basis of nationality is not done in the international research community. Roelofs admits that it is a delicate issue because many different nationalities work at the institutes. This is definitely not a matter of discrimination and NWO-I continues to employ new PhDs and postdocs from the countries stated. However, it does perform extra checks if the CV of the person concerned gives cause to do so. In the case of China, a distinction can be made between civil universities and other institutions that are known as “defence universities”. Some civil universities also have military labs. When NWO-I is considering a partnership, it examines the possible links that the collaborating partner has with the government and assesses whether the collaboration is truly reciprocal. Will the partners make an equal contribution or whether there is merely providing or taking knowledge? ‘The person who enters into the collaboration makes a risk assessment. Dependent on the risk, a decision from the management of the institute or NWO-I board can be required,’ says Roelofs.
Within NWO-I, an advisory team Knowledge Security has been established, which contains members from the office, each institute and representation from institute managers, P&O and ICT, so that there is a connection with each functional consultation. The advantage of this representation is that it is possible to change gears quickly in the case of dilemmas. The team meets once every six weeks and more often when dilemmas arise. Such a dilemma could be, for example: “In our recruitment procedure for a system manager, we have a good candidate who comes from a risk country.” Or: “As an ancillary activity, an employee wants to work at a company from a risk country.” Or: “We will soon have a delegation visiting us from a university with a defence lab. They would like us to tell them more about AI.” Roelofs says that the advisory team learns a lot from the mutual exchange and experiences about such dilemmas. She says that more insights surface during the meeting than you would have expected beforehand: ‘Institutes sometimes say, “We have no crown jewels that are at risk”, but then they forget that an institute’s reputation is effectively a crown jewel as well. That reputation opens doors, gives researcher status and must therefore be protected.’ In addition to the advisory team, confidential advisers who can deal with academic freedom and integrity issues are appointed at institutes in consultation with P&O.
Knowledge Security Desk
Knowledge security is a key issue for the Dutch government, and it takes corresponding action. In 2022, a Knowledge Security Desk was established that knowledge institutions can approach for advice. Since its opening, it has received 148 questions, stated Minister Robbert Dijkgraaf in a letter to the Dutch House of Representatives on 23 December 2022. He observed that there is considerable international interest in the desk. The minister indicated that the United States and a number of other countries are busy setting up similar policy initiatives. The parties behind this Knowledge Security Desk are the national security services and government departments that may provide information that is not accessible to other bodies. The desk feeds the network and is also a source of information. Another initiative from OCW is its efforts to realise a national screening framework for people outside of the European Union, for disciplines with sensitive technology that is important for the military and economic position of the Netherlands. This assessment framework is expected to be implemented by law in 2025.
Would you like to know more about PKI (Privacy, Knowledge security and Information security) within NWO-I? Then take a look at the NWO-I website. There is also a lot of attention to Knowledge Security in journalism. For example, VPRO radio program Argos recently made a podcast about this topic (only in Dutch).
Who is Miriam Roelofs?
Lawyer Miriam Roelofs (1966) is a sports enthusiast. She lives in Santpoort-Zuid and enjoys the dunes and the beach. Her three children (18, 22 and 23) have left home, so she has time to read, go to the theatre and visit museums. And she takes boxing lessons to keep her back straight. In 2006, she started working at NWO Legal Affairs. After two years, she transferred to the cluster institutes, which is now NWO-I. She has worked on many different dossiers, such as data management and public-private partnerships, and she is the contact person for ARCNL. The central thread of her career is her work in the field of the governance of large projects such as SKA, KM3net, JIVE, LOFAR and now the Einstein Telescope.
Dutch government is taking a lot of action in new policy area
Text: Anita van Stel
Newsletter Inside NWO-I, May 2023
You can find the archive of the newsletter Inside NWO-I on the NWO-I website.