A VISITING SCHOLAR from a Chinese university takes notice of your research. He invites you to visit his home country, all expenses paid. You accept and find yourself feted at a large, lavish banquet. At the end of a long evening, weary from jet lag, you're still being peppered with questions about your work.
Later, you worry that you might have revealed too many details. Your research, although not classified, is still proprietary to your university, and you had considered licensing or other commercialization options.
Welcome to 21st-century espionage. Spying is no longer good guy versus bad guy, classified versus unclassified, Soviet versus American. It's as much about economic impact as it is about weapons. And it's often aimed at academic scientists.
Although many countries target the U.S., China is particularly adept at such tactics, says Thomas J. Mahlik, chief of counterintelligence strategy at the Federal Bureau of Investigation. Chinese agents focus on the culture of science—the drive to publish, to connect, to be the best. By exploiting those traits, "we've seen unbelievable acceleration in how quickly an organized effort leads to a huge technical leap," Mahlik says. "What took U.S. researchers 10 years may take the Chinese two, and it happens because of a deliberate effort to collect nuggets of information from key people."
In a July 10 press release by the Chinese embassy in the U.S., officials said China has never tried to subvert foreign governments or undermine their security interests.
Mahlik notes that classified research usually starts off as unclassified, often in a university environment. Traditionally, the FBI and other law enforcement agencies have focused on classified information only and would react after a leak had occurred. "In that case, it's too late," Mahlik says. "The secret's gone."
In an effort to stem such losses, the FBI in 2005 launched the Counterintelligence Domain Program. The domain in question is research, information, and technologies that are not classified but still have potentially critical importance to U.S. economic and military power. The goal of the program is to reach out to researchers and build relationships, especially with an academic community historically wary of law enforcement.
"We know that a number of academic institutions are, in fact, of keen interest to foreign competitors around the world," Mahlik says. "These foreign competitors do not think twice about acquiring blueprints or data—prepublication, prepatent, prelicensing, preclassification—straight from research locations."
Thus, one component of the counterintelligence program is the Academic Alliance. Directed at U.S. colleges and universities, the goal is not to dictate to researchers what they should and should not do, but to foster communication between national security agencies and the researchers generating technology.
That communication is a two-way street. What the FBI and other agencies want to relay to schools is what the agencies know about potential threats to campus security, for example, foreign students, travel concerns, identity theft, and cyber intrusions. What those agencies would like to hear in return is about anything unusual: thefts of dual-use instruments such as fermenters, a foreign scientist taking proprietary documents when traveling home, or a student actively researching technology outside the scope of his or her research project.
THE STANDARDS of what's unusual may differ from campus to campus or even from lab to lab within an institution. The key is to identify what's anomalous within a particular context. For example, a foreign-born scientist at Los Alamos National Laboratory was flagged because he worked only late hours, without staff support, on a sensitive project using cutting-edge instrumentation. But an investigation revealed that his experiments needed extremely consistent water pressure—so he worked in the middle of the night when it was less likely someone would flush a toilet.
"Nine times out of 10, reports mean absolutely nothing, but there's the one out of 10 that does," says Chuck Fisher, a counterintelligence specialist in technology protection at the Department of Defense. By establishing relationships with academia, he adds, "what the Domain Program gives us is that ability to be a little more predictive and more proactive" rather than reactive.
"We want to break down all the barriers of the past," the FBI's Mahlik says. "We need to come to terms as to what's the right balancing mechanism to have information exchange that doesn't spike great paranoia. If we agree to disagree that's fine, but at least we're talking about it and not waiting for an incident to occur. The toughest time to build relationships is in a time of crisis."
The Academic Alliance has two parts: the National Security Higher Education Advisory Board (NSHEAB) and the College & University Security Effort (CAUSE). The advisory board is composed of representatives from national security agencies as well as leaders of 22 research universities across the U.S. Its role is to advise agencies like the FBI on how national security policy affects the culture of university research.
Gregory L. Geoffroy, a chemistry professor and president of Iowa State University, has been on the board for two years. There have been areas where national security agencies definitely needed a better understanding of the unique culture of higher education, he says.
One area in particular is a Department of Commerce regulation called "deemed exports," which involves the use and release of advanced technology to foreign nationals (C&EN, June 13, 2005, page 8). Because U.S. universities rely heavily on foreign-born students, postdocs, and even faculty, stricter rules on the information that could be shared with such researchers or the instruments they use would see some programs grind to a halt. The FBI and others "heard very loud and clear about the problems the original proposals would have caused," Geoffroy says.
James R. Greenwood, an adjunct professor of epidemiology and assistant vice chancellor for research administration at the University of California, Los Angeles, attended a board meeting in late 2006. The focus of the meeting was to see if the FBI and academia could come to an understanding of how better to work together. University representatives thought the agency could work best through existing channels, such as on-campus police for instrument thefts or environmental health and safety departments for issues concerning hazardous materials. "The academics did not want the bureau to just come in and start talking to people in hallways and laboratories," Greenwood says. "They felt that would be counterproductive."
ANOTHER CONCERN expressed by university leadership was the vague nature of what they were being asked to look for in terms of identifying security risks. "It would be better if the bureau could articulate what the threats are," Greenwood says. "There weren't any clear examples that the FBI was able to give the academics." Colleges and universities would be happy to watch out for specific concerns, but they're wary of starting fishing expeditions.
While the board is national in scope, the other component to the Academic Alliance—CAUSE—is deliberately local in nature. The FBI has 56 field offices around the U.S., and the agents in charge of those offices are directed to establish personal relationships with the administration of their local colleges and universities.
Notably, the FBI does not want to tell universities what to do. "We prefer to see universities on their own volition and on their own terms, in alignment with their own culture, develop some sense of risk management," Mahlik says.
The relationships do seem to be making headway. Iowa State President Geoffroy notes that he recently asked his local FBI contact for help with a faculty member's visa application. "Because I knew that person, I was able to make that call, and I know he followed through," Geoffroy says.
Marye Anne Fox is a professor of chemistry and chancellor of the University of California, San Diego, and also a member of NSHEAB. She says her school has benefited from a closer relationship with the FBI. When the bureau had a question about one of UCSD's graduate students, the matter was resolved with a simple phone call. "Other institutions around the country without that relationship would get subpoenas and agents would come onto campus, and it would be a big fuss over nothing," Fox says.
In addition to one-on-one meetings between university administration and local FBI agents, the bureau has designed a seminar program to educate faculty, staff, and students about counterintelligence. One such seminar was held at the University of Georgia in April.
Among the attendees was Harry A. Dailey, a professor of biochemistry and microbiology and the director of the university's Biomedical & Health Sciences Institute. He recalls an incident several years ago when agents from the Central Intelligence Agency showed up in his office questioning the number of Koreans employed in the microbiology department. "The thing I liked about the seminar," he says, "is that the FBI came to Georgia and made an expression of wanting to reach out and communicate with scientists, instead of sitting in offices and telling us what to do."
Michael Beck, executive director of University of Georgia's Center for International Trade & Security, helped organize the seminar. Beck is concerned that if there isn't better communication with federal counterintelligence agencies and a security breach results, more regulations and restrictions on universities will result. "The repercussions will be huge," he says, adding, "I think it's in the interest of the university community" to develop more of a security culture.
The Domain Program signals a culture shift on the part of federal law enforcement. Policies developed during the Cold War required academia and industry to report certain events. "As a result, you only received information that fell within those narrow constraints," thereby limiting cooperation between communities, DOD's Fisher says. Now, what the FBI and others are trying to establish is more of a needed communication. "Instead of responding because of compliance or contract, communities respond because it's the right thing to do," Fisher says. "That's been the greatest benefit we've received."