European preparedness is the topic of the moment in Brussels. Academic institutions can find some guidance in a staff working document from the Commission.
In March, the European Parliament discussed the EU’s Preparedness to combat foreign interference. For research institutions, the current geopolitical situation leads to conflicting interests. The internationalisation of the education and research landscape is a development that is welcomed and encouraged by many Higher Education Institutions (HEIs) and Research Performing Organisations (RPOs). At the same time, international cooperation with countries outside the EU is associated with an increased risk of foreign interference. Accordingly, the phrase “as open as possible and as closed as necessary” is currently making the rounds, as stipulated in the Council Recommendation on enhancing research security from May 2024. However, the difficulty lies in how such a principle can be implemented. Against this background, the European Commission’s 2022 report “Tackling R&I foreign interference” is still highly relevant as it serves as a toolkit for HEIs and RPOs in dealing with the issue. The report includes a series of recommended practices to counter the risk of foreign interference – without limiting international collaboration.
The EU speaks of Foreign interference (FI) in case of activities “carried out by, or on behalf of, a foreign state-level actor, which are coercive, covert, deceptive, or corrupting and are contrary to the sovereignty, values, and interests of the European Union (EU)”. FI serves a foreign actor in pursuing political, socio-cultural, economic or technological objectives and may involve unlawful attempts to access information, influence decision-making, or undermine values. Accordingly, the report identifies various key areas that require particular attention from institutions: values, governance, partnerships and cybersecurity.
The protection of values, as a key area, requires the fundamental assessment of the situation of academic freedom in countries and institutions. Part of the suggested strategy involves the identification of countries and institutions at risk. The global Academic Freedom Index (AFI) can serve as a resource for this initial step as it makes country-specific data on the topic available. To secure academic freedom, the report also recommends a vulnerability assessment for one’s own institution regarding external pressures on academic freedom and integrity. Once these vulnerabilities are identified, they can be addressed on an institutional and individual level, for example by offering training for those, who are involved with institutions where academic freedom is at risk. However, the authors stress that cooperation with partners in repressive environments should continue and stigmatisation of researchers in such environments must be avoided.
Effective governance is crucial for HEIs and RPOs to protect their values and operate efficiently. For the second key area two measures are suggested: Firstly, the report suggests creating institution-wide Foreign Interference Committees (FI Committees). These committees could be integrated into existing structures to avoid bureaucracy, for example, they could be aligned with research integrity committees. The FI committee would cover activities such as awareness raising through education and training, risk monitoring and research data management in international collaborations. Integrating the committee into existing governance structures should be an effective way of reconciling risk management with open science and global partnerships. The second suggestion is the introduction of an institutional code of conduct to protect institutions from external interference. This may include various procedures like a disclosure procedure that protects the identity of individuals, the protection of whistleblowers, and the management of internal conflicts of interest.
International partnerships are essential to research and higher education. At the same time, they involve risks that institutions must minimise as part of their risk management strategies. Regarding partnerships as the third key area, the report first proposes developing general requirements for implementing a risk management system, overseen by the FI Committee. This includes, for example, defining red lines for cooperation. Secondly, the report also suggests monitoring the development of partnership agreements and establish sound procedures. For instance, during negotiations, special attention should be given to aspects such as a transparent delineation of responsibilities, including financial commitments, IPR, data management, and open science.
The final key area, cybersecurity, is a particularly urgent topic when it comes to FI. Cyber-attacks are typically carried out by state or state-sponsored entities that seek to infiltrate and control the digital infrastructure of target organisations. Measures against cybersecurity risks include – first of all – raising awareness, but also establishing “easy-to-follow escalation processes” for suspected cyberattacks. This includes making a central point of contact available for triaging reported incidents. Another suggested measure is to maintain a list of the organisation’s top 10 cybersecurity risks, to ensure that all users understand the different types of ransomware out there and are aware of cybersecurity defence strategies. In order to respond to and recover from cybersecurity attacks from foreign interferers, the report emphasises as valuable measures, among others, developing situational awareness capabilities of HEI and RPO communities by sharing lessons learnt and updating shared blacklists, reputation systems, and databases including external stakeholders.
We are likely to hear more about how academic institutions are, in fact, trying to navigate the complexities of continued international collaboration while protecting themselves from potential threats. After all, we can expect foreign interference to become an increasingly important concern.