Research Security Program

The University of Miami's Research Security Program (RSP) is designed to safeguard the integrity and security of our faculty, staff, trainees and research activities. The RSP provides comprehensive guidelines, resources, and training materials to support our researchers in maintaining the highest standards of research security and compliance.

Our program covers essential topics of cybersecurity, foreign travel security, research security training, and export control training. By participating in the RSP, The university community and its stakeholders will be equipped with the knowledge and tools needed to protect University research and contribute to the university's commitment to excellence and integrity. 

Ensuring the safety and integrity of research involves raising awareness about potential domestic and international threats and establishing protocols and safeguards to mitigate those risks. UM’s RSP in the Office of the Vice-Provost for Research + Scholarship also adheres to the guidelines outlined in National Security Presidential Memorandum-33, which are mandatory for federal research funding recipients. As new resources become available, this webpage will be regularly updated. Details for each of the four broad pillars of UM’s Research Security Program are below.

National Security Presidential Memorandum (NSPM)-33 Directive to Federal Agencies

Federal agencies should require the following from research organizations:

  • Provide regular cybersecurity awareness training for authorized users of information systems, including in recognizing and responding to social engineering threats and cyber breaches.
  • Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
  • Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
  • Verify and control/limit connections to and use of external information systems.
  • Control any non-public information posted or processed on publicly accessible information systems.
  • Identify information system users, processes acting on behalf of users, or devices.
  • Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
  • Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
  • Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
  • Provide protection of scientific data from ransomware and other data integrity attack mechanisms.
  • Identify, report, and correct information and information system flaws in a timely manner.
  • Provide protection from malicious code at appropriate locations within organizational information systems.
  • Update malicious code protection mechanisms when new releases are available.
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

UM's Implementation

For researchers, it is essential to uphold strong cybersecurity practices and grasp the appropriate security level to safeguard their research.

UM’s Information Security Office (ISO) protects the confidentiality, integrity, and availability of the University's data and information systems by providing proactive security expertise, creating and maintaining a resilient and secure infrastructure and fostering a culture of security awareness and compliance.

Training: UM Cybersecurity Awareness and Training

Resources:

NSPM-33 Directive to Federal Agencies

Federal agencies should require the following from research organizations:

  • Maintain international travel policies for faculty and staff traveling for organization business, teaching, conference attendance, research purposes, or any offers of sponsored travel that would put a person at risk.
  • Foreign Travel Security Training: Each Covered Institution must certify it provides periodic foreign travel security training to "Covered Individuals" engaged in international travel for business, teaching, conferences, or research. This training must begin within one year after a federal agency provides a "foreign travel security training resource," and then at least once every six years.
  • Foreign Travel Reporting Program: Covered Institutions must implement a travel reporting program that includes an organizational record of international travel for covered individuals participating in R&D awards when a federal research agency determines security risks warrant travel reporting per the award terms.

The reporting program requirement applies to persons who (a) meet the definition of “Covered Individual”; and (b) are participating in an R&D award that the federal research agency has determined presents security risks that warrant travel reporting and includes this requirement in the award terms.

UM's Implementation

Before embarking on foreign travel, researchers should examine the following resources and policies to prevent data loss or theft and ascertain whether any documents or licenses are necessary.

Resources:

NSPM-33 Directive to Federal Agencies

Agencies should mandate that research organizations include training for relevant personnel on research security threat awareness and identification as part of their research security programs. This training should cover insider threat awareness where applicable. Additionally, research organizations should integrate pertinent aspects of research security into existing training programs focused on responsible and ethical research conduct for both faculty and students. In the event of a research security incident, tailored training sessions should be conducted.

UM's Implementation

Research security training is a critical component in safeguarding our institution's intellectual property, ensuring compliance with regulations, and maintaining the integrity of our research endeavors.

By administering this training through the UDisclose System, we aim to streamline the process, reducing the administrative burden on our faculty, researchers, and staff. This centralized approach not only fosters a more efficient and user-friendly experience but also ensures that UM’s Covered Persons are adequately informed and equipped to address security concerns. Ultimately, this initiative supports our commitment to excellence and innovation in research by protecting our valuable resources and intellectual contributions. 

UM’s Research Security training is accessed on the 1st page of a user’s Disclosure Profile smart form in the UDisclose System along with the annual training on UM’s COI Policy.

Resources:

The National Science Foundation (NSF) offers four interactive online research security training modules designed to help researchers and institutions safeguard the integrity of their work. This modular training, available here, is intended to enhance awareness and to provide recipients of federal research funding with online training on the existing and emerging risks and threats to the global research ecosystem — and the knowledge and resources necessary to protect against such risks and threats. 

NSPM-33 Directive to Federal Agencies

Agencies should mandate that research organizations engaged in R&D subject to export control restrictions provide training to relevant personnel. This training should cover the requirements and procedures for evaluating foreign sponsors, collaborators, and partnerships, as well as ensuring adherence to Federal export control requirements and restricted entities lists.

UM's Implementation

The University of Miami engages in targeted research to propel knowledge forward, enrich student learning encounters, and bolster its standing within scientific and technical circles. Simultaneously, the university adheres to the principles of free inquiry and open knowledge exchange. However, it remains vigilant about federal laws and regulations that oversee the exchange of research materials and results subject to export controls.

UM’s Export Control Compliance Policy

Resources: 

UM Contacts regarding Export Control:

Should you have more questions or require additional details, please feel free to reach out to the following:
  •  Have general questions? Please contact DSAM@miami.edu, or review our 2RISE and ORA pages for additional contact details

Ensuring that researchers provide thorough and transparent disclosures of international collaborations (scholarly presentations, publishing written materials regarding scientific information not otherwise controlled, participation in international conferences/exchanges, writing a recommendation letter for a foreign student, etc) rely heavily on submitting accurate, complete, and consistent disclosure and helps prevent potential conflicts of interest, ensures compliance with regulations, and fosters trust within the research community.

Federal agencies are actively investigating discrepancies and failures to disclose among grantees. In some cases, these investigations have led to criminal and civil charges, as well as employment terminations. These discrepancies typically come to light when federal agencies compare information from publications, conflict of interest statements, conflict of commitment disclosures, grant applications, and annual progress reports.

Best Practices

Welcome to our Frequently Asked Questions (FAQ) section. Here, we have compiled answers to common queries and concerns to provide you with the information you need. This section will be updated as we receive new information and additional questions from the UM community. If you don't find the answer you're looking for, please don't hesitate to reach out to us directly at DSAM@miami.edu.

Should I stop collaborating with international colleagues?
No.
2. What does the federal government mean by "improper foreign influence" or "undue foreign influence"?
The federal government uses these terms to describe its concerns regarding nefarious actions by nation-states (or their representatives/agents) which could negatively impact the United States' economic competitiveness and national security.  The main areas of concern are:
  • Integrity of the peer review process
  • Undisclosed foreign resources, including but not limited to: foreign employment arrangements, foreign grant support that creates problems with overlap, or over-commitment, foreign talent programs
  • Undisclosed significant foreign financial conflicts of interest
  • Diversion of proprietary or pre-publication information disclosed in grant applications or produced by US-supported research to those not authorized to receive it (theft of intellectual property)
  • Compliance with regulatory requirements including US Export Control laws and regulations, which establish a set of requirements for the transfer of technology and data to foreign countries and/or foreign nationals in the US and sanctions from the Office of Foreign Assets Control, which restrict interactions with individuals or entities on the sanctions list
As a result of these concerns, the federal government created new legislation and updated disclosure requirements to emphasize the importance for researchers and universities to disclose accurately, properly, and consistently and establish practices to reduce the risks.
3. How do I comply with Research Security Program requirements?
  • Review information on this website
  • Follow the best practices listed above
  • Ask questions, please refer to our 2RISE and ORA pages
  • Read campus communications regarding Research Security and International Engagement

4. What are the common problems with disclosures related to Research Security and International Engagement? What are the red flags?

Failing to disclose all the required information such as foreign outside financial interests, relationships, and affiliations. Examples:

  • Not including the foreign country location of the organization/entity
  • Not disclosing participation in a foreign talents program as Other Support/Current & Pending Support to the federal agency.
  • Not disclosing receipt of foreign government grants or research funding.
  • Not disclosing position/appointment/time commitment at foreign institutions.
  • Having inconsistent information across the many disclosures collected for research proposals and awards, conflict of commitment, conflict of interest and other publicly available information (ex. publications).

For example, disclosing activities in your Disclosure Profile (in the UDisclose System) but not including the income received from those activities in your other support disclosures for your NIH research proposal.

5. What are some examples of how other academics have had problems in the area of Research Security & International Engagement?

Below are some of the press releases and news articles related to the results of the federal government's investigations of university researchers:

 6. What is a maligned foreign talent recruitment program?

A malign foreign talent recruitment program (MFTRP) refers to a recruitment initiative sponsored by a foreign country or entity that aims to attract science and technology professionals or students. These programs typically involve two key elements:

  1. Compensation: The foreign country or entity provides compensation to the researcher. This compensation can take various forms, including cash, in-kind contributions, research funding, travel opportunities, titles, or other non-de minimis benefits.
  2. Specific Obligations or Activities: In exchange for the compensation, the targeted individual is required to engage in specific research activities, opportunities, or obligations. These activities may create risks such as conflicts of interest, conflicts of commitment, loss of intellectual property (IP), or other security concerns.

Here are some important points related to MFTRPs:

  • Prohibition: Federally-funded researchers are prohibited from participating in MFTRPs. The CHIPS & Science Act of 2022 explicitly forbids such participation. MFTRPs must involve countries like China, Iran, North Korea, or Russia, or entities in those countries. Researchers will be required to certify that they are not involved in MFTRPs when applying for federal funding.
  • Disclosure: All federally funded researchers must disclose their participation in any foreign talent recruitment program (FTRP), whether malign or not.
  • Risk Assessment: During proposal evaluation, federal funding agencies may assess the risk associated with participation in certain FTRPs and may require mitigation measures before awarding funding.

In summary, MFTRPs pose research security concerns, and federal regulations aim to prevent researchers from engaging in such programs to protect national interests and maintain research integrity.

Top