May 4, 2023

Dear Colleague:

The U.S. National Science Foundation (NSF) requests input from the research community on the development of a Research Security and Integrity Information Sharing Analysis Organization (RSI-ISAO), as mandated by Section 10338(b) of the CHIPS and Science Act of 2022 (Public law 117-167).¹ This Dear Colleague Letter (DCL) seeks to solicit feedback, ideas, and proposed recommendations from the research community to ensure the products, services, and tools provided by the RSI-ISAO align with the needs and expectations of the research community.

BACKGROUND ON RSI-ISAO

Context: Foreign government interference threatens the U.S. science and technology (S&T) research ecosystem and the U.S. research community by undermining the principles and values foundational to the conduct of research, and the openness necessary for the research enterprise to thrive. The U.S. Government (USG) and the research community must work together to better understand and address the risks posed by foreign interference efforts; improve awareness of these risks through increased communication and information sharing between one another; and promote practices that further the principled S&T ecosystem that has provided technological and economic advances for the world. Members of the research community must also work together with the USG to strike a balance that safeguards the security and integrity of current and future independent and collaborative scientific efforts; conduct appropriate risk assessments that ensure the research enterprise continues to operate and progress in a responsible manner; and ensure U.S.-based scientists and institutions continue to pursue legitimate domestic and international collaborations. The RSI-ISAO is one important mechanism for achieving these goals.

Mission: The mission of the planned RSI-ISAO is to safeguard the security and integrity of the U.S. research enterprise while simultaneously promoting the furtherance of human knowledge. The RSI-ISAO will accomplish its mission by developing resources and providing information for Institutions of Higher Education (IHEs), non-profit, and for-profit organizations² in order to protect and promote the advancement of an S&T model based on principles and values such as transparency, openness, honesty, integrity, respect, and accountability. The RSI-ISAO is meant to empower the research community to address foreign interference issues, support a security-informed decision-making structure, and serve as a conduit that connects research community stakeholders with USG officials and expertise as appropriate.

Structure and Stakeholders: As mandated under Section 10338(b) of the CHIPS and Science Act of 2022, NSF will enter into an agreement with a "qualified independent organization" to establish and operate the RSI-ISAO. This independent organization will work closely with a USG Steering Committee comprising subject matter experts throughout the USG, chaired by NSF. Additionally, the RSI-ISAO may establish a board of directors³ to provide guidance for policies, legal issues, plans, and strategies related to the RSI-ISAO's internal operations as an entity. The RSI-ISAO will serve members² of the research community, specifically IHEs, for-profit, and non-profit research and independent organizations.¹

Development: An organization as complex as the RSI-ISAO will naturally need to be created via a phased approach, ramping up its capabilities over time to ensure it appropriately addresses existing and emerging needs identified by the research community.

DUTIES OF THE RSI-ISAO

The duties of the RSI-ISAO, as specified in Section 10338(b) of the CHIPS and Science Act of 2022, are as follows and intend to benefit members² of the research community including IHEs, for-profit, and non-profit research and independent organizations:

1. Serve as a clearinghouse for information to help enable the members and other entities in the research community to understand the context of their research and identify improper or illegal efforts by foreign entities to obtain research results, know how, materials, and intellectual property;
2. Develop a standard set of frameworks and best practices, relevant to the research community, to assess research security risks in different contexts;
3. Share information concerning security threats and lessons learned from protection and response efforts through forums and other forms of communication;
4. Provide timely reports on research security risks to provide situational awareness tailored to the research and STEM education community;
5. Provide training and support, including through webinars, for relevant faculty and staff employed by institutions of higher education on topics relevant to research security risks and response;
6. Enable standardized information gathering and data compilation, storage, and analysis for compiled incident reports;
7. Support analysis of patterns of risk and identification of bad actors and enhance the ability of members to prevent and respond to research security risks; and
8. Take other appropriate steps to enhance research security.

PARAMETERS OF THE RSI-ISAO

The RSI-ISAO is tasked with providing information, tools, and services to the research community rather than providing official recommendations and/or determinations on potential research security and integrity risks on a case-by-case basis. The resources developed by the RSI-ISAO aim to help the research community make better-informed decisions in response to current and evolving research security and integrity risks in the current and future research environment.

The RSI-ISAO Will:

• Provide uniform quality of service to all members of the research community;²
• Respond to specific requests for assistance from research institutions, and individual researchers through their institution or affiliated research entity;
• Handle unclassified information only, including publicly available information and declassified intelligence from USG agencies;
• Share information with research organizations and USG agencies in a manner that is appropriately coordinated with the USG Steering Committee; and
• Receive information directly from USG agencies, research institutions, and the private sector and perform analyses and publish reports based on this information for the benefit of research stakeholders.

The RSI-ISAO Will Not:

• Issue formal decisions or opinions, or provide official recommendations to the research community;
• Assume liability for how its products are used or the consequences arising from them;
• Hold or analyze classified information; or
• Conduct investigations.

QUESTIONS FOR THE RESEARCH COMMUNITY ON THE RSI-ISAO

Based on the mission and duties outlined, NSF requests input from the research community on the six following thematic areas:

1. Current Research Security and Integrity Issues:

   What types of research security and integrity issues do you encounter on a day-to-day basis? In the context of your institutional and organizational structure, what challenges does your organization's structure pose when attempting to address research security and integrity issues?

2. Informational Resources:

   Based on the duties for the RSI-ISAO specified in the CHIPS and Science Act of 2022 and listed above, what resources should the RSI-ISAO provide to the research community to inform decision-making, management, and mitigation of research security and integrity risks? For example, timely alerts on current research security and integrity concerns, reports in response to specific inquiries from research community stakeholders, broad assessments of research security and integrity risks, services such as webinars hosted by the RSI-ISAO that inform researchers of current research security and integrity concerns, etc.

3. Prioritization of the RSI-ISAO's Duties:

   Given the complex nature of the RSI-ISAO, its duties and capabilities will be developed via a phased approach. Based on the duties explicitly listed in the above "Duties of the RSI-ISAO" section, please rank the duties in order from what you consider to be most important to least important, with 1 being "most important" and 7 being "least important." Additionally, are there any other duties you would like the RSI-ISAO to consider providing to the research community?

4. Integration:

   Of the duties you listed as most important in question #3, how would you envision the associated RSI-ISAO resources integrating into and adding value to your organization's research security and integrity decision-making processes?

5. Benefits based on Position:

   Given the position you hold in your institution or organization (e.g., faculty member, staff researcher, post-doc, research administrator, executive officer, compliance officer, research security official, legal counsel), how do you foresee the RSI-ISAO's resources being beneficial to you? In what ways would the RSI-ISAO's resources make research security and integrity risk-related decision-making easier for you based on your position?

6. Liaison Role:

   Should the RSI-ISAO have a role in connecting research institutions with one another to enhance awareness and sharing of best practices regarding matters of research security and integrity? Should the RSI-ISAO have a role in connecting research institutions with USG representatives to ensure strong working relationships in research security and integrity?

7. (Optional) Additional Feedback:

   Please provide any additional feedback you have on the RSI-ISAO.

GUIDANCE FOR RESPONSES TO THIS DCL

Please submit a white paper answering the above questions to RSI-ISAO@nsf.gov by June 30, 2023. Please limit your response to 2-3 pages. These white papers will be used to inform the development of the RSI-ISAO to ensure the products, services, and tools provided by the RSI-ISAO align with the needs and expectations of the research community to the extent practicable. NSF will not provide responses back to white paper submissions.

All questions related to this DCL should be directed to RSI-ISAO@nsf.gov and addressed to the NSF officials listed below.

• Sarah Stalker-Lehoux, Deputy Chief of Research Security Strategy and Policy
• Kelvin Droegemeier, Expert Consultant
• Amana Abdurrezak, Science Assistant

WEBINARS

NSF is hosting webinars on the following dates to offer the U.S. research community an opportunity to learn more about the RSI-ISAO:

• Thursday, May 18, 2023, from 12 - 2 p.m. EDT
• Wednesday, May 24, 2023, from 1 - 3 p.m. EDT

To register for the above webinars, please visit: https://nsf.zoomgov.com/webinar/register/WN_vkOR6TrlRR6sb-03wmMYXA.

Sincerely,

Rebecca Spyke Keiser, PhD
Chief of Research Security Strategy and Policy
Office of the Director

---

¹ The CHIPS and Science Act of 2022: https://www.congress.gov/117/plaws/publ167/PLAW-117publ167.pdf.

² The CHIPS and Science Act of 2022 specifically states that the RSI-ISAO shall "serve and include members representing institutions of higher education, nonprofit research institutions, and small and medium-sized businesses."

³ The CHIPS and Science Act of 2022 specifically states that the RSI-ISAO's board of directors shall "include a diverse group of stakeholders representing the research community, including academia, industry, and experienced research security administrators."