Appendix C
Overview of DOD-Sponsored Fundamental Research
A basic tenet of academic research has long been that fundamental basic science research plays a critical role in maintaining U.S. economic competitiveness and national security. As articulated in National Security Decision Directive 189 (NSDD-189) issued in 1985,1 and reaffirmed most recently in a memorandum issued by Under Secretary of Defense Ashton B. Carter in 2010,2 fundamental research is defined as “basic and applied research in science and engineering, the results of which ordinarily are published and shared broadly within the scientific community, as distinguished from proprietary research and from industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary or national security reasons.” NSDD-189 further states that the “products of fundamental research are to remain unrestricted to the maximum extent possible. When control is necessary for national security reasons, classification is the only appropriate mechanism.”
Introducing the concept of controlled unclassified information (CUI) has blurred the lines for fundamental research (Obama, 2010). The categories of CUI are broad and have created new challenges. A 2019 report to the National Science Foundation (NSF) discussed both the value of fundamental research to the United States and the impact of the introduction of CUI (JASON, 2019). The report concluded that “NSF should support reaffirmation of the principles of NSDD-189, which make clear that fundamental research should remain unrestricted to the fullest extent possible, and should discourage the use of new CUI definitions as a mechanism to erect intermediate-level boundaries around fundamental research
___________________
1 Available at https://irp.fas.org/offdocs/nsdd/nsdd-189.htm.
2 Available at https://fas.org/irp/doddir/dod/research.pdf.
areas.” This recommendation might apply equally to basic research funded by the Department of Defense (DOD), which has since created contractual mechanisms to ensure that it does not treat projects including CUI as fundamental research.
THE ROLE OF INSTITUTIONAL RESEARCH SECURITY PROGRAMS
National Security Presidential Memorandum – 33 (NSPM-33), issued on January 14, 2021,3 directs federal agencies to strengthen the protection of U.S. government-funded research from foreign influence and exploitation. The Office of Science and Technology Policy subsequently issued NSPM-33 implementation guidance to federal agencies in January 2022 (Subcommittee on Research Security Joint Committee on the Research Environment, 2022). This document includes processes for enhanced transparency in disclosure similar to those discussed above, along with the use of persistent digital identifiers. The implementation guidance requires institutions with $50 million dollars or more in annual federal research expenditures to establish formal research security programs to include cybersecurity measures and controls, foreign travel security, and research security and export control training, among other components (Trump, 2021).
The security requirements NSPM-33 imposes serve as a baseline, and additional protections may be required for research that includes generation or use of CUI, such as export-controlled research or research with restrictions on publication or participation. In these cases, the research institution would need to provide enhanced physical security and cybersecurity. For example, this work might require full compliance with NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,4 as well as physical security plans the academic institution monitors centrally (Ross et al., 2020). Classified research is subject to detailed security requirements outlined in the National Industrial Security Program Operating Manual.
___________________
3 Available at https://irp.fas.org/offdocs/nsdd/nsdd-189.htm.
4 Available at https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final.