The Government Accountability Office (GAO) is calling on the National Institute of Standards and Technology (NIST) to improve its security to better protect against threats to federally funded research.
In a new report, GAO explains that some foreign governments try to acquire U.S. research and technology dishonestly. NIST collaborates with about 2,500 foreign and domestic researchers, and it requires them to disclose any potential conflicts of interest.
However, GAO said that NIST doesn’t require domestic researchers to disclose as much information as foreign researchers, and the agency has not fully implemented Federal disclosure requirements.
For instance, NIST does not require domestic researchers to disclose information on positions or appointments, participation in foreign talent recruitment programs, or current and pending research support – but it requires foreign researchers to disclose this information.
“While such collaborations are intended to benefit NIST, they may pose security risks,” the report says. “By not requiring domestic associates to disclose the same information as foreign national associates, NIST is missing opportunities to assess and mitigate risks.”
GAO said that NIST had not fully implemented Federal disclosure requirements because it was waiting on guidance from the White House’s Office of Science and Technology Policy (OSTP) in two areas: “uniform disclosure forms for extramural researchers” and “guidelines on foreign talent recruitment programs, which seek to recruit researchers – sometimes with malign intent.”
Separately, GAO said that NIST and the Department of Commerce train these researchers, but they have not evaluated the training program’s effectiveness – limiting its room for improvement.
“For example, NIST employees told GAO that NIST could provide more examples of risks that employees may encounter. Collecting and analyzing such feedback could help strengthen the agency’s training and improve research security,” the report says.
GAO is making three recommendations: one to OSTP to issue timely research security guidance; and two to NIST to strengthen disclosure requirements for domestic associates and evaluate its training program. OSTP and NIST agreed with the recommendations.
