Research Security

Research security refers to the practices, policies, and protections implemented to protect the integrity and confidentiality of research conducted at academic institutions, particularly when dealing with sensitive information and technologies. At WCM, this includes protecting sensitive health data, research efforts from threats such as foreign interference, theft of intellectual property, and breaches of ethical standards.

Why is research security important?

• Protecting Investments: It ensures that public and private research funding is safeguarded from theft, misuse, or exploitation.
• Securing Intellectual Property and Data: Strong security measures protect valuable research outputs and data from unauthorized access or breaches.
• Maintaining Academic Integrity: It helps prevent research misconduct, ensuring trustworthy and credible scientific work.
• Ensuring Researcher and Student Safety: Security protocols protect individuals, especially in international research contexts, from potential risks.
• Promoting Ethical International Collaboration: Research security supports responsible global partnerships by mitigating foreign interference and maintaining scientific integrity.

Benefits of Research Security

• Fosters international collaborations
• Protects intellectual property
• Protects sensitive research and individuals
• Minimizes foreign governments interference

To strengthen our research environment, we focus on the core pillars of research security:

1. Data Protection & Cybersecurity - Protects research systems and data from cyber threats (e.g., hacking, malware) through tools like encryption, strong passwords, and regular audits.

2. Export Controls - Regulates the sharing of sensitive technologies or information with foreign individuals or entities to prevent misuse.

3. Foreign Travel Security - Addresses risks tied to international travel by safeguarding research materials and educating travelers on local security practices.

4. Disclosure Requirements - Ensures researchers openly report potential conflicts of interest, financial ties, and foreign collaborations to maintain research integrity.

5. Foreign Talent Recruitment Programs - Recognizes the risks of knowledge transfer or exploitation through certain foreign recruitment efforts that may compromise security.

6. Research Security Training - Provides education for researchers and staff on recognizing threats and following best practices to protect research assets.

7. Risk Mitigation and Management - Involves identifying, assessing, and minimizing risks to secure research processes and outcomes.

8. Information Sharing - Promotes secure and controlled exchange of sensitive data to prevent unauthorized access or leaks.

9. International Collaborations - Encourages responsible global research partnerships with clear protocols to protect data, intellectual property, and research ethics.

Data Protection & Cybersecurity

Safeguarding digital assets is crucial for protecting sensitive research data, including clinical trial records, genomic datasets, and unpublished research findings. At Weill Cornell Medicine (WCM), we uphold strict ITS security policies that ensure data is securely stored, transmitted via encrypted channels, and accessible only to authorized personnel.

Key Data Security Practices

• Utilize WCM-Approved Cloud Storage: Store all research data exclusively on institution-approved cloud platforms.

• Keep Devices and Software Updated: Regularly install the latest updates and security patches to ensure optimal performance and protection.

• Protect Communication Channels: Do not use personal email accounts for the transmission or storage of research data.

Foreign Travel Security

Researchers traveling internationally should take proactive steps to secure data and devices:

• Pre-Travel Briefings: Receive risk assessments and security guidance before departure.

• Device Security Abroad: Utilize secure measures for laptops, mobile devices, and sensitive data while traveling.

• Travel Tracking: Document all research-related international travel for institutional records and compliance.

Research Security Training

WCM is committed to comprehensive security education:

• Cybersecurity Training: Learn best practices for protecting digital research assets against cyber threats.

• Foreign Travel Training: Prepare for the unique security risks that may be encountered abroad.

• Export Control Training: Understand the legal responsibilities when handling controlled technologies or sensitive data.

• Responsible Conduct of Research (RCR): Promote ethical research, integrity, and compliance with institutional and federal guidelines.

Export Controls

Certain research assets, including specific materials, software, or technologies, may be governed by U.S. export control laws, such as the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR). These regulations apply to both overseas activities and work conducted within the U.S., particularly when involving foreign nationals or international collaborators.

For more guidance on ensuring that research complies with export control laws and avoids unauthorized transfers, click here.

Other Essential Security Areas

• Insider Threat Awareness: Identify and mitigate risks posed by internal personnel.

• Conflict of Interest Management: Disclose and manage relationships or financial interests that may bias research.

• Foreign Talent Programs: Evaluate involvement in external programs to protect institutional research.

• Research Integrity: Uphold ethical research conduct and accurate reporting.

• Data Classification: Assign protection levels based on the sensitivity of the data.

Compliance Requirements

• Program Certification: Institutions must certify that their security programs meet federal and institutional standards.

• Access to Training & Resources: Ensure all researchers and staff have the necessary tools and training to maintain compliance.

Foreign Talent Recruitment Programs (FTRP) are initiatives sponsored by foreign governments or institutions aimed at attracting researchers and scientists. These programs often provide financial incentives, research support, or opportunities for collaboration, with the goal of enhancing a country’s research and development capabilities.

In contrast, Malign Foreign Talent Recruitment Programs are unethical or illegal versions of FTRPs. Participation in MFTRPs may involve undisclosed involvement with foreign entities, inappropriate or forced transfer of intellectual property (IP), or conflicts of interest with a researcher’s home institution. These activities present significant risks to research security and academic integrity.

U.S. Policy Guidance

U.S. federal policy requires researchers with federal funding to fully disclose any participation in FTRPs. Researchers are strictly prohibited from engaging in MFTRPs, particularly those sponsored by countries of concern, which currently include China, Iran, North Korea, and Russia.

WCM Policies & Compliance Resources

• Security During International Travel

• WCM Travel Registry

• Undue Foreign Influence on Research

Federal Directives:

• Jason Report (2019)—COI (NSF)
• National Security Presidential Memorandum-33 (NSPM-33) (2021)—RS program requirement
• CHIPS and Science Act (2022)—RECR training requirement, malign foreign talent recruitment programs
• NSPM RS Programs Guidelines (2024)— Cybersecurity & foreign travel security

Who is required to complete Research Security Training?

Research Security Training is mandatory for:

• All faculty members involved in externally and internally funded research activities.

• Any non-faculty individual who meets the definition of a “covered individual” as per 42 USC § 19237(1).

How is Research Security Training completed?

More information about how to complete the training, including links, will be available soon. 

Federally Funded Research/Proposals:

• Researchers engaged in federally funded research may face additional training requirements dictated by their sponsor. These requirements may include completing all four NSF research security modules.

• Some federal sponsors may also require additional training as part of a risk mitigation plan for specific research projects.

• Updates about policies, threats, case studies, or regulatory changes will be posted here.