UW-Madison prepares for federal research security requirements
Dear Research Colleagues,
International collaborations and engagement and open science are critical to our research success. Yet, the world isn’t always a safe and friendly place, and some world actors may seek advantage through deception and other nefarious means. As such, it is essential that we safeguard the intellectual work of our faculty, staff, and students, as well as meet the expectations of our many federal funding partners. Moreover, we must do this in a non-discriminatory way that values the contributions of all in our community. Toward this end, the Office of the Vice Chancellor for Research (OVCR) has established a Research Security Program.
On July 9, 2024, the federal government released final federal research security guidelines that apply to those receiving federal research funds. When in force these will have implications for both individuals (e.g., faculty senior staff, etc.) and the whole university. These federal requirements, outlined in National Security Presidential Memorandum-33 (NSPM-33) and certain provisions of the CHIPS and Science Act, cover four elements: (1) cybersecurity; (2) foreign travel security; (3) research security training; and (4) export control training. More on these below.
UW–Madison will need to certify compliance—at the earliest—18 months from now. The Research Security Program and campus partners, led by Interim Director John Miller, are working diligently to ensure UW-Madison safeguards our intellectual work and to certify compliance with the federal requirements while minimizing unnecessary administrative burden by the deadline.
Cybersecurity
UW–Madison has the right cybersecurity policies and a range of tools and platforms to meet the requirements. Work on federally funded projects will need to meet the federal requirements. The impact on individual research labs and programs will depend on their federal research portfolio and alignment with existing DoIT policies and technologies. OVCR will work closely with DoIT and the research and IT communities toward compliance.
Foreign Travel Security
Those covered by the policy will be required to complete foreign travel security once every six years. The training will focus on securing intellectual property and research data and information while traveling internationally.
Research Security Training
Researchers working on federal research projects will be required to complete research security training, not unlike many already do for responsible conduct of research either through coursework (NIH) or online (NSF and USDA). The NSF developed on-line training modules that meet the federal requirements, but UW-Madison and peer institutions are exploring alternatives that might achieve the same learning outcomes in less time.
Export Control Training
Federally funded researchers will also be required to complete Export Control training. Export controls are a series of federal requirements that span three federal departments (Commerce, Treasury, and State) that seek to protect US intellectual and economic interests. Like the training for security and travel, we will create relevant, timely, and efficient training programs.
Additional Agency Requirements
In addition to university policies and procedures, federal agencies may impose new requirements. We expect that all federal agencies will eventually require the use of ORCID, a persistent identifier, as the NIH and Department of Energy will do come May 2025. In addition, as part of travel security, certain federal research projects, at the determination of the funding agency, will entail additional reporting requirements related to foreign travel.
We will continue to update the community on these topics as we seek to safeguard the intellectual work of our community. If you have questions, concerns, or would like to discuss, please let me know.
Interim Associate Vice Chancellor for Research Policy and Integrity &
Professor of Forest and Wildlife Ecology