Federal Government Foreign Influence Risk Reviews

Federal government funding agencies are increasing efforts to identify and counter unwanted foreign influence in federally-funded research.  One of the primary efforts important for UMD researchers seeking federal awards to understand, is the conduct of risk reviews.  While multiple sponsoring agenices are untaking varied versions of these reviews, including the NSF and DOE, the directive issued by the Under Secretary of Defense for Research and Engineering provides the most specific methodology to date.  While a number of agencies have not issued such specific guidance, we can presume that the approach taken by DOD is being similarly applied.  

NOTE:  On August 15, 2024, NIH released a Decision Matrix for Assessing Potential Foreign Interference for Covered Individuals or Senior/Key Personnel.  Additional information is contained in a post titled, “New Decision Matrix Further Clarifies NIH Proceses for Handling Allegations of Foreign Interference,” from Dr. Mike Lauer, NIH Deputy Director for Extramural Research.

Department of Defense

The Department of Defense (DOD) guidance is titled,  “Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education”  and includes three documents:

• June 8, 2023, Under Secretary of Defense Memorandum on Policy for Risk-Based Security Reviews of Fundamental Research. (pages 2 – 7)
• DOD Component Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions (“Decision Matrix). (pages 8 – 16)
• FY22 Lists Published in Response to Section 1286 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232), as amended (“Lists”). (pages 17 – 21)

DOD components are required to develop policies and processes for the risk-based security review of proposals for funding for fundamental research projects. The “Decision Matrix” is a guide to be used by Program Managers and DOD components in reviewing proposals for potential conflicts of interest or commitment and to identify “actions prohibited by law that would preclude an investigator or institution from receiving funding from the Department.”

The DOD documents specify requirements for these policies and include a matrix of risk factors, some of which are prohibited or must be addressed via mitigation measures, and others for which mitigation measures are recommended, suggested, or not required. The matrix includes four key factors: 

• Foreign Talent Recruitment Program Factors
• Funding Sources Factors
• Patent Factors 
• Entity Lists Factors

DARPA

While the DOD guidance is new as of 2023, DARPA, in late 2021, established their Countering Foreign Influence Program (CFIP) directing the creation of risk assessments of all proposed Senior/Key Personnel selected for negotiation of a fundamental research grant or cooperative agreement award. The matrix used by DARPA in the conduct of these reviews varied slightly from the broader suggested DOD matrix.  Ratings ran from Very High to High to Moderate to Low in each of the four risk factor categories:

• Foreign Talent Program
• Denied Entity Lists
• Funding Sources
• Foreign Institutions or Entities

An overall risk rating was assigned based on the review outcomes of these four categories.

In late December 2023, the DARPA Director issued a memorandum regarding updates to the DARPA Risk Based Security Reviews of Fundamental Research Process.  The previous DARPA Countering Foreign Influence Program (CFIP) policy, DARPA Risk Rubric, and FAQs were superseded by a new policy in line with the “Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education” guidance issued by the Under Secretary of Defense for Research and Engineering.  

According to the memo, the new risk-based security review process provides consistency in policy and procedures across all DoD Components. The MSO/SID CFIP Team will conduct risk-based security reviews of all covered individuals (i.e., Senior/Key Personnel) submitted with fundamental research proposals that a DARPA Program Manager (PM) identifies as “selectable and recommended for funding.” The risk-based security reviews will be conducted by reviewing the Standard Form (SF) 424, “Senior/Key Person Profile (Expanded),” its accompanying or referenced documents, and the Research Performance Progress Reports (when applicable), in concert with the DoD Component Decision Matrix. The new DoD Component Decision Matrix replaces the previous risk rubric. Risk levels (i.e., Low, Moderate, High, Very High) have been replaced in the Decision Matrix with “levels of required mitigation” that range from “No Mitigation Needed” to “Prohibited.”

ARMY RESEARCH

In the spring of 2024, the Army Research Lab published a Risk Matrix/Rubric and FAQs as it implemented the AFC Army Research Risk Assessment Protection Program to "help identify and mitigate existing or potential risk of CoC/CoI in Army research grants and cooperative agreements."  Risk ratings run from High to Low in each of the four risk factor categories:

• Foreign Talent Program
• Denied Entities
• Funding
• Foreign Institutions

Of note, this matrix includes co-authorships and panel participation at a conference with foreign entities/institutions as a part of the risk assessment: "co-authorship/panel participation at a conference is an indicator of collaboration between researchers and research institutions to exchange something of value. Co-authorship/panel participations at a conference with a strategic competitor would be considered under Factor 4: Foreign Institutions of the Army rubric."

WHAT DOES THIS MEAN FOR UMD RESEARCHERS SEEKING DOD AWARDS?

DOD components are beginning to conduct risk reviews of fundamental research project proposals and are notifying university research officials of proposals with identified Countering Foreign Influence Program (CFIP) issues.  In at least one instance, the DOD component noted that the CFIP assessment was based on materials submitted by the PI or openly available on the internet.  In those instances where mitigation measures are possible, research security personnel will engage with the DOD component representatives to learn the nature of the concern and will work with the PI and relevant university officials to determine appropriate mitigation measures, should the PI elect to continue with the project.

National Science Foundation

The U.S. National Science Foundation, in June 2024, announced a new risk mitigation process, the Trusted Research Using Safeguards and Transparency (TRUST) framework, which NSF will use in assessing grant proposals for potential national security risks. According to the announcement, the TRUST process will be rolled out in three phases. “Beginning in FY 2025, the process will be piloted on quantum-related proposals. The pilot will collect data and assess key metrics, monitor the impact on NSF directorates and build and evaluate NSF's ability to review the potential national security applications of NSF-funded technology.”  This process will include, but is not limited to, consideration of four U.S. government lists, including the Entity List, the 1260(H) list, the 1286 list, and the Annex of E.O. 14032.  (See bottom of this webpage for links.) “In the second phase, lessons learned from the pilot phase will be implemented and the process will be expanded to include other key "CHIPS and Science Act of 2022"technology areas. In phase 3, NSF will scale up the review process to include all key technology areas and/or the priorities of the NSF Technology, Innovation and Partnerships Directorate's priorities.”  The OCRSSP TRUST Policy Memo was issued by the NSF Office of the Chief of Research Security Strategy and Policy Office, and provides additional detail, including a graphic depicting the TRUST process.

The Research Security Office will continue to monitor development and implementation of risk review processes by U.S. federal funding agencies and will provide updates as available.