The Committee considered responses to these issues in other relevant countries as part of this inquiry. Primarily this was derived from submissions from government and the sector. As a starting point ASIO provided a general observation that Australia tended to lead globally on this issue, saying:
Australia is generally ahead of the curve when it comes to identifying and managing this risk.
The University of Melbourne shared this view and said Australian universities were ‘keeping pace’ with global counterparts on security issues.
Background and context
Universities UK (UUK) said the United Kingdom (UK) higher education sector’s response to national security threats had been ‘significantly influenced’ by the approach taken in Australia. This view was shared by the University of Melbourne who noted the apparent modelling by the UK on the Australian response, namely UFIT. The University of Melbourne also noted the November 2019 UK Parliamentary Foreign Affairs Committee inquiry which found evidence of foreign interference on UK campuses.
Universities UK said the UK higher education sector had developed a conceptual framework to assist the sector in meeting three goals:
UK universities can demonstrate that they have coherent, proactive, strategic and operational approaches to managing and mitigating international security threats.
UK universities are confident and able to pursue sustainable, secure international partnerships.
The UK higher education sector and the government have a clear, collaborative and constructive approach towards protecting and promoting growth in research and innovation, institutional autonomy and academic freedom in the context of security challenges.
Universities UK noted that to achieve these three goals, three immediate outcomes would be required:
Increased awareness and understanding among individuals, both staff and students of security related issues.
Stronger institutional systems, processes and behaviours.
Wider changes to the ecosystem including the interface between universities and government and in the resilience of the system.
Universities UK noted the ‘major role’ that universities have to play in providing advice and information to help define the above concepts. They said:
The higher education sector has an important role in supporting government to develop policy generally, as well as defining the specific dimensions of the risks and threats that face both the higher education sector and the government.
Universities UK said the UK higher education sector was ‘increasingly aware’ of the national security threats in this inquiry. Universities UK said the central component of the UK response was the protection and promotion of the values that have been integral to the sector, including academic freedom. Universities UK said to effectively respond to these threats institutions in the sector would need to support the development of ‘security-minded working cultures alongside the development of new policies and processes’. Universities UK said of the importance of co-design:
Wider system changes are likely to be necessary as the sector responds to these challenges. Policy and legislative interventions are most effective when they are co-designed by the sector and the government with shared outcomes in mind.
Universities UK said the UK ‘Managing risks in Internationalisation: security related issues’ document referenced the UFIT guidelines. In particular, the commitment by the Australian government to work collaboratively with the Australian higher education sector has been cited as an increasingly positive element of this framework. They noted the guidelines are not an end in themselves but a ‘mechanism to support member institutions achieve shared goals and outcomes’. Universities UK stressed the importance for flexible and dynamic responses to meet the national security threats as they evolve.
The ARC said Universities UK had released guidance on national security risks in October 2020. Universities UK noted ‘Trusted Research’, a campaign developed by the UK Centre for the Protection of National Infrastructure.
In a specific example from the United Kingdom Human Rights Watch (HRW) said Oxford University in the UK was allowing some students to submit papers anonymously after the passage of national security legislation in Hong Kong.
UK Foreign Affairs Committee report on engagement with autocracies
The University of Melbourne referenced the UK Committee on Foreign Affairs (CFA) report titled ‘A cautious embrace: defending democracy in an age of autocracies’ published 5 November 2019. According to the report, a UK focus had been on protecting universities from intellectual property theft and joint research project risk, and not enough focus was placed on autocracies’ influence on academic freedom in the UK. This report said:
This is not enough to protect academic freedom from other types of interference such as financial, political or diplomatic pressure, with a view to shaping the research agenda or curricula of UK universities or attempts to limit the activities of UK university campuses.
Box 5.1: United Kingdom Parliament reports on engagement with autocracies
On 5 November 2019 the United Kingdom Foreign Affairs Committee issued a report titled ‘A cautious embrace: defending democracy in an age of autocracies’ which included substantial discussion of national security risks in the higher education sector.
The report, with its primary focus on UK foreign policy with respect to autocracies, discussed academia as a component part rather than a specific inquiry. The report wrote that autocracies’ influence in UK universities was a complex phenomenon which could take different forms, and defined influence as including:
Financial, political or diplomatic pressure, to shape the research agenda or curricula of UK universities, whether at the macro level (for example providing direct or indirect financial support for research or educational activities with explicit or implicit limits on the scope of the subjects that can be discussed) or at the micro level (for example, pressuring event organisers not to invite certain speakers); Attempts to limit the activities of UK university campuses or joint venture universities abroad which constrain freedoms that would normally be protected in the UK, such as the criticisms of foreign governments; pressure on UK-based researchers who focus on subjects related to the countries concerned, including through visa refusals, pressure on university leadership, pressure on relatives still living in that country; pressure on UK-based students born in the country concerned, or on their families, to inform on the speech or activities of other students, or to engage in political protest in the UK in support of the country’s objectives.
The report said they had heard ‘alarming’ evidence about the extent of Chinese influence on the campuses of UK universities and noted the issue had received less attention than in Australia, New Zealand and the United States. The report said while universities had a strong incentive to establish overseas partnerships; this should be balanced with potential risks to academic freedom. The report said Universities UK had told them while the vast majority of international partnerships are highly beneficial to all parties, there was a significant threat from hostile state actors in misappropriating research output. The UK Committee noted one submission that indicated the growing conflict between academic freedom and international funding, especially becoming more acute with the ‘commercialisation of global academia’.
Submissions to this committee discussed incidents such as Confucius Institute officials confiscating papers which mentioned Taiwan and Chinese Students and Scholars Association (CSSA) members reporting students to the Chinese Embassy and halting discussion on sensitive topics such as Xinjiang. The report also mentioned media reporting which indicated one UK University that allegedly pressured academics into cancelling events related to Tibet and Taiwan after Chinese officials complained. The report said the university representatives who gave evidence did not acknowledge these topics as an issue and said they had no evidence to substantiate claims of foreign influence in universities.
The UK Foreign and Commonwealth Office (FCO) wrote a response to the CFA report on 6 March 2020 saying they recognised academia as an area at risk of foreign interference. In making this statement, the FCO said they were working with the Department for Education (DfE), Department for Business, Energy and Industrial Strategy (DBEIS), other relevant government departments and the academic sector to identify and mitigate these risks. The results, or details of this engagement, are unknown at this point in time. The FCO said more broadly of these issues:
Our universities are international at their core and they rightly offer a warm welcome to overseas students and the valuable contribution they make. The Government encourages universities to collaborate with international partners—the best research is done through international collaboration and it is precisely this interconnectedness that ensures the UK higher education sector remains world-class.
However, there is a risk that our collaborative culture of academic research and innovation could be exploited by state or state-linked actors which do not respect fundamental rights and freedoms, or whose strategic intent is hostile to UK interests. This is why the Government has published Trusted Research and will continue to develop and promote this advice and guidance to the sector.
The protection of academic freedom and freedom of speech lies at the heart of our higher education system; the Government is clear that any attempts to interfere with these core values will not be tolerated. If institutions or academics feel they are subject to foreign interference, we encourage them to inform Government, so that we can offer our advice and support.
The FCO said they were involved in both the formation of the International Education Strategy (IES) and hosted an event in the UK in June 2019 to discuss autonomy, security and risk in the higher education sector. The FCO indicated this event also engaged the FCO China Department and the Centre for the Protection of National Infrastructure (CPNI). The FCO said in the UK context, the lead department on this issue was DfE and DBEIS and the FCO would support these departments. The FCO said UK Research and Innovation (UKRI) and the Intellectual Property Office (IPO) oversaw research policy and engaged regular with the sector, including on responding to threats of foreign interference. The FCO said these two entities were associated with DBEIS.
The FCO said they considered the most appropriate strategy to be a sector-led approach supported by the UK government. In doing so, the FCO said universities were autonomous institutions responsible for their own processes to decide how to engage with others. The FCO said relevant UK government departments would engage with the sector through ‘trusted research’ which provided awareness, advice and guidance for both academics and senior leaders in universities and research institutions.
National Cyber Security Centre report on cyber security in universities
Although not referred to by submitters the Committee notes the UK National Cyber Security Centre (NCSC) report titled ‘The cyber threat to Universities’ in September 2019 as relevant to this inquiry. The report noted the threat posed to the university sector sat within a broader context of threats to the United Kingdom more broadly, and that the threats could come from both state-sponsored actors such as Russia, China, North Korea and Iran, as well as from organised crime groups. The NCSC report wrote the key cyber threats to UK universities were highly like to be nation states looking to steal personal data and intellectual property for strategic advantage and criminals seeking financial gain. They said while cybercrime would probably present as the most evident and disruptive, state-sponsored espionage was likely to cause greater long-term damage. They said the likely effects of this state-sponsored espionage could include damage to the value of research (notably in STEM subjects), a fall in investment to the affected universities, and damage to the UK’s knowledge advantage.
The NCSC said universities handled significant amounts of personal and research data (including intellectual property) which had significant value to others in terms of strategic gain. The NCSC said nation states ‘almost certainly’ target universities for the data and information they hold, and cyber-attacks were a deniable route to obtain information otherwise unavailable to them. The NCSC said the information obtained from universities could be used for commercial advantage, advancing research efforts, or for military application. The NCSC said these activities were detrimental to individual researchers, universities, and the country as a whole. The report noted these activities were more likely to advantage the attacking nation rather than damage the UK (though the latter would still occur naturally as a result of the former).
The NCSC said cyber-attacks against universities were so successful in part due to the sector being one of the most open and outward facing, in terms of both culture and technology. The report noted the ease of collaboration between academics across borders made the cyber-attacks easier. The NCSC wrote phishing attacks were the most common attacks against universities. They said while methods would evolve, spear-phishing and social engineering were considered the most likely act vectors. The NCSC said state-sponsored cyber activity against universities was likely to continue into the future due to how successful it had been and the limited repercussions faced by the actors. The NCSC observed espionage was the most significant threat to the long-term health of both universities and the UK.
The NCSC, in its recommendations for defending against cyber-attacks, recommended several activities. Firstly was the importance of good security awareness among staff and students, which was difficult due to the high turnover at universities. Secondly was the topic of access and authentication, to ensure strict access controls and partitioning of high-value research. Thirdly was network design, specifically as it related to smaller sub-networks within universities that were less protected.
The Department of Home Affairs noted the establishment of a new reporting system in the United States after an investigation identified American universities had accepted $6.5 billion in ‘hidden foreign donations’. They said the United States Department of Justice (DOJ) continued to prosecute academics and researchers for breaches of funding rules and fraud.
The Department of Home Affairs said the United States had banned Chinese postgraduate students and researchers with links to entities that ‘implement or support the People’s Republic of China’s military-civil fusion strategy’ and designated Confucius Institutes as foreign missions. HRW noted 29 of 100 Confucius Institutes in the United States had closed in the past six years, partly due to the United States National Defense Authorization Act 2019 which required universities chose between Confucius Institutes and funding from the United States Department of Defense.
Human Rights Watch said Princeton University in the United States was now using code names instead of true names on the work of students in Chinese politics classes to protect their identities. HRW noted some American academics were undertaking new measures with the increase of online teaching due to COVID-19, including not recording classes, disclosing risks to students of online engagement, and choosing what material was shared online.
Edith Cowan University said several bills were introduced in the United States during 2019 such as H.R. 1678 and S.1879 Protect Our Universities Act, H.R. 3038 Securing American Science and Technology Act (SASTA), and S.2133 Secure American Research Act. ECU said the Protect Our Universities Act was overly restrictive and that SASTA was incorporated into the John S. McCain National Defense Authorization Act 2019 (NDAA 2019). ECU said s 1286 of NDAA required the establishment of ‘an initiative to work with academic institutions who perform defense research and engineering activities’ to protect intellectual property, reduce foreign influence, and improve development of American talent.
The Australian Research Council (ARC) said they had received guidance from the United States Government on their policies, specifically the National Science Foundation and the National Institute of Health.
Commenting on this approach The University of Queensland (UQ) said the ‘very prescriptive’ approach taken in the United States was less than ideal. ANU said the US government had taken a different approach to the UK, Canada and Australia, with ‘individual agencies implementing a range of new measures and rule changes since mid-2018…often explicitly target[ing] China’. ANU said some US departments had introduced restrictions to prevent participation in foreign talent recruitment programs, new limitations had been placed on Confucius Institutes, and new limitations had been introduced on visas for Chinese students.
The University of Melbourne said the United States situation bore some similarities with the Australian context including heightened awareness of national security risks. They noted the United States Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations report ‘Threats to the US Research Enterprise: China’s talent recruitment plans’.
The ANU noted Canada had established a multi-stakeholder taskforce (in addition to Australia and the United Kingdom) in the ‘Safeguarding your Research’ portal. The Department of Home Affairs noted the Canadian Government establishment of a multi-stakeholder taskforce similar to the UFIT model.
The Department of Home Affairs noted several international responses in their submission. This included: a recently formed committee in Denmark similar to UFIT; a European Union draft concept note on foreign interference in the sector; recently released guidelines on international university cooperation in Germany; consideration to guidelines in Japan; a checklist for collaboration with Chinese universities in the Netherlands; and Guidelines for international collaboration in Sweden. The German Rectors’ Conference said they had formulated guidelines and standards for German universities with respect to international cooperation.