Evaluation of the Funding to Build Canada’s Research Security Capacity

Background

Canada's national security community, and its closest allies, are seeing an increase in threats posed by espionage, and the theft of sensitive and cutting-edge research, trade secrets, and intellectual property. Canada is at the forefront of innovation, research, and development, and universities are significant drivers of economic prosperity. Research in the areas of science, technology, engineering, and health, among others, and the underlying data that supports it, is key to Canada's economic success and resilience.

The unauthorized transfer of sensitive research typically occurs in fields of research that could be used for both peaceful and military aims. This research is called "dual-use". Dual-use research can contribute to advancements in military and intelligence capabilities of states or groups whose aims run counter to Canadian interests, and may put Canadian researchers, organizations, and the general public at risk. It is important to note that, while threat actors have paid particular attention to research in the science, technology, and engineering fields in the past, the threat also spans to research conducted in the spheres of humanities and social sciences.

Protecting Canadian knowledge and expertise is important to Canada's economic prosperity and national security, long term. The technologies in question are often developed in collaboration with like-minded countries and integrated in shared supply chains, making the success in protecting them a matter of great importance to Canada's closest partners. It is critical that research organizations and researchers are aware of the threats to their valuable research and how to mitigate them for individual, organizational, and national benefit.

Research security policies and tools

Given the importance of research security, the Government of Canada has undertaken a number of initiatives that work together to protect Canadian research.

Innovation, Science and Economic Development (ISED) Canada has led the development of two key policies: the National Security Guidelines for Research Partnerships (the Guidelines) and the Policy on Sensitive Technology Research and Affiliations of Concern (STRAC).

The Guidelines were developed in consultation with the Government of Canada – Universities Working Group^{Footnote 1} and first published in July 2021. They help researchers and government funders to undertake due diligence in matters of research security, as well as protect Canada's research ecosystem from foreign interference, espionage and unwanted knowledge transfer that could threaten Canada's economy, society and critical infrastructure. The Guidelines integrate national security considerations into the development, evaluation and funding of research partnerships.

The STRAC came into effect in January 2024, following a statement on research security issued by the Ministers of Innovation, Public Safety and Health in February 2023. This policy applies to all federal granting and funding programs for universities administered by federal research funding agencies (i.e., the Canadian Institutes of Health Research (CIHR), the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Social Sciences and Humanities Research Council of Canada (SSHRC)), as well as the Canada Foundation for Innovation (CFI).

To support the policy, the Government of Canada published two lists, a list of Sensitive Technology Research Areas and a list of Named Research Organizations. Grant applications relating to a prescribed sensitive technology research area, such as advanced digital infrastructure technology, artificial intelligence and big data technology, and life science technology, among others, will not be funded if any member of the research team is affiliated with, or in receipt of funding or in-kind support, from a named research organization that poses a risk to Canada's national security. These lists are important tools for universities to utilize to increase their vigilance, exchange information, and protect their research spaces. The Named Research Organizations list, developed by Public Safety Canada (PS) in collaboration with experts across the federal government, will be updated at regular intervals.

The Government of Canada publishes guidance, information, and tools, including the Safeguarding Your Research Portal, managed by ISED, and the Safeguarding Science Workshops, offered by PS, to support these policies. Additionally, the Research Support Fund, administered by SSHRC, NSERC, and CIHR, in collaboration with ISED, supports some Canadian post-secondary institutions with the costs associated with managing their research enterprise, to cover expenses like lab upgrades and securing research from threats.

Research security is about conducting due diligence, and should not contribute to the marginalization of a specific community. The Research Security Centre and the Government of Canada's policies related to research security are country agnostic, recognizing that threats can evolve and come from anywhere in the world. Partners are committed to collecting disaggregated data from granting applications sent for a National Security Review with a breakdown based on research institution, private sector partner, and their country of origin in an increasingly complex geopolitical environment.

The Research Security Centre

The Research Security Centre at PS, officially launched in January 2024, serves as the main point of entry for the research community at Canadian universities, to access Government of Canada services. It works to increase awareness of the security risks associated with research partnerships among academic institutions by being a source of advice and guidance. Additionally, it coordinates activities related to research security within the federal government and with external stakeholders such as provinces, territories, academia, the private sector, and like-minded countries.

The Research Security Centre includes two teams. The team responsible for the development of tools and training, implementation of the Guidelines, and corporate tasks, is located in the National Capital Region (NCR). The team responsible for outreach and engagement consists of a manager in the NCR and six Regional Advisors, spread across five regions in Canada, with two in Ontario. As the map shows, they cover (1) British Columbia, the Yukon and the Northwest Territories; (2) Alberta, Saskatchewan and Manitoba; (3) Ontario and Nunavut; (4) Quebec; and (5) New Brunswick, Nova Scotia, Prince Edward Island and Newfoundland and Labrador. The Regional Advisors are available to answer questions, deliver presentations, and direct researchers from Canadian universities to resources.

Engagement Purpose and Methodology

The purpose of the evaluation was to examine the performance, including the effectiveness and efficiency of the Research Security Centre, as well as ongoing resource requirements. The evaluation covered the period from fiscal year 2022-2023 to 2023-2024 and was conducted in accordance with the Treasury Board Policy on Results and the Directive on Results.

Interviews

Twenty-four interviews were conducted with individuals from the program area, including Regional Advisors, other government departments, research funding organizations, and universities.

Program Document Review

Program documents were reviewed and analyzed.

Performance and financial data

Available performance and financial data were reviewed.

Limitations

This evaluation was a Treasury Board of Canada requirement to unlock ongoing program funding. At the time of the evaluation, the Research Security Centre had been active for less than two years and officially launched in January 2024. Despite a limited timeframe, a thorough document review and interviews with key stakeholders provided valuable information with which to assess program performance.

Findings

National Security Guidelines for Research Partnerships

The National Security Guidelines for Research Partnerships, including the National Security Review process, are an important research security tool. Researchers and institutions applying to federal funding programs that fall under the Guidelines, need to submit the associated Risk Assessment Form and a proposed risk mitigation plan with their application. These documents are reviewed by the research funding organization and shared with PS for a national security review, if it is deemed necessary. If applications are transferred for a National Security Review, additional mitigation measures may be required as a prerequisite of funding approval and some applications assessed as posing a high risk to national security, or where risks cannot be sufficiently and/or appropriately mitigated, will not be funded.

While the review of applications under the Guidelines predates the establishment of the Research Security Centre, the Centre is currently responsible for managing the security review process and ensuring that the relevant research funding organizations have advice and the required information to make informed funding decisions. PS performs this function by sending the application to the Canadian Security Intelligence Service (CSIS) and/or the Communications Security Establishment (CSE) to complete the national security assessment.

Guidelines pilot phase

The Guidelines were first applied to NSERC's Alliance grants program as a pilot from July 2021 to January 2023. During the pilot phase, 3.2% of applications submitted to NSERC were referred for a national security risk assessment, which met the target of less than 5%.

Of the applications referred for a national security risk assessment:

• 68% of them indicated that the partnerships involved could pose an unmitigable risk to Canadian interests or could compromise the Canadian research ecosystem
• 2% of outcomes posed a risk to Canadian interests or compromised the Canadian research ecosystem but could be mitigated with additional measures, and
• 30% of outcomes posed a low risk

During the pilot phase there were some delays with funding decisions for applications that required a National Security Review. Following the pilot, service standards to complete the National Security Review for an application were established. Preliminary data for year two of the implementation of the Guidelines shows some improvement.

Overall, implementation of the Guidelines has not been found to have had a negative impact on the number of researchers submitting applications for grants and marginalized groups have not been adversely affected. To date, there has not been an impact on the diversity of applicants who receive funding, nor has there been an impact on the diversity of partners involved in projects that receive funding.

Expansion of the Guidelines

Following the pilot phase, the Guidelines were expanded to other grants and other research funding organizations. The expanded roll-out began in early 2023 with the Canada Biomedical Research Fund-Biosciences Research Infrastructure Fund's joint competition and will be followed by other relevant NSERC research partnership programs that were not included in the pilot phase. This expansion will continue through June of 2025, adding more grants from CIHR, SSHRC, and CFI.

The current level of Research Security Centre resources available for facilitating the National Security Review of applications under the Guidelines was reported to be sufficient. There are, however, concerns that with the expansion of the Guidelines to more grants and more research funding organizations, additional resources may be required. This resource demand would also be applicable to the other government departments (i.e., CSIS, CSE and Global Affairs Canada) involved in the National Security Review process.

Engagement

Canadian universities

Through the Regional Advisors, the Research Security Centre offers Canadian universities an entry point to Government of Canada services. In addition to facilitating the Safeguarding Science Workshops, Regional Advisors are available to answer questions, provide training, and support administrators and researchers with resources, including subject matter experts in other government departments.

The Regional Advisors have built networks, and developed relationships with universities and researchers that facilitate the implementation of new policies, such as STRAC, and support the safeguarding of research. Stakeholders find meetings and communication with the Regional Advisors to be very useful in enhancing their ability to safeguard their research and they appreciate the engagement from the Regional Advisors.

While larger universities that received funding from the Research Support Fund were able to build their own capacity and set up internal research security offices, the majority of small and medium-sized universities rely more heavily on the Regional Advisors for information and guidance. Academic institutions feel supported by having a person to reach out to instead of a generic email address, and they appreciate having an individual who understands the realities of their region.

Additionally, universities are now recognizing, identifying, and reaching out to their Regional Advisors for support related to research security issues, even outside the application of the Guidelines or STRAC policy, which demonstrates their awareness and understanding of the importance of research security.

Challenges impacting engagement

While the relationships that have developed between Regional Advisors and universities are seen as positive, a few areas related to engagement were highlighted as challenges by interviewees.

First, interviewees stressed the importance of attending in-person meetings and events as an essential way to foster engagement and develop relationships, which is central to the work of the Regional Advisors. Many interviewees spoke about barriers related to travel, such as challenges with travel approval and cumbersome reimbursement processes. Some expressed concerns that these challenges might cause turnover in Regional Advisor staff.

Additionally, there was some concern that with only one advisor in most regions, often covering multiple provinces and/or territories, the lack of backup may pose challenges if staff take extended leave.

While the Research Security Centre is currently only resourced to provide support to Canadian universities, there is an opportunity to expand services to colleges, polytechnics, private sector organizations, and other government departments who also conduct research. More resources will be required if the Research Security Centre scales-up to include these institutions.

Other partners

Other government departments and research funding organizations

In addition to academic institutions, the Research Security Centre works in close collaboration with partners in Canada's research community including other government departments, PT government partners, and like-minded international partners, to enhance research security capacity.

A number of federal departments are implicated in research security-related issues, as well as federal granting councils who are impacted by Government of Canada policies (see Annex A for a list). The Research Security Centre led the development of a Memorandum of Understanding that defines roles and responsibilities related to the National Security Review process under the Guidelines.

In addition, PS has worked with partners to develop and deliver workshops, develop research security policies, such as STRAC, and communicate updates about policies and other issues related to research security.

Regional Advisors are connected with regional staff from other government departments, offering mutual support, including access to secure terminals. For example, the Regional Advisors have been able to use the offices of partner organizations to receive classified information that is necessary for their work.

There are several federal government departments that could benefit from advice, guidance and training on safeguarding their research, including Natural Resources Canada, Fisheries and Oceans, the Canadian Nuclear Safety Commission, and the National Research Council, among others. With an increase in awareness of the Research Security Centre, many of these departments have been reaching out more frequently for support, and may benefit from an advisor specific to their needs.

Provinces and territories

As education falls under provincial and territorial jurisdiction, the federal government acknowledges the important role that provincial and territorial governments play in supporting research, research organizations, and research talent in Canada. In addition to Government of Canada research security policies, some provinces and territories have their own policies with different requirements that may not fully align with federal policies. In an effort to support academic institutions, several Regional Advisors have reached out to their PT counterparts to share information and engage on relevant policies.

International

The development of the Research Security Centre was informed by the United Kingdom's Research Collaboration Advice Team. Canada continues to work with Five Eyes partners and other like-minded countries to share best practices and strategies on mitigating threats to research. Other countries, particularly the United States, are looking to Canada as a leader in the research security space and are using the work PS has undertaken with the Research Security Centre to inform their own efforts.

While there is engagement at a higher, policy level, some interviewees indicated that Regional Advisors currently have limited information, communication, or exchanges with international partners, but could benefit from enhanced collaboration. A heightened presence at international conferences and events may enhance the visibility of the Centre and contribute to Regional Advisors becoming better informed of the activities of international partners.

Awareness building

The Research Security Centre aims to increase the awareness of researchers and academic institutions in order to build a robust research security culture, which continues to value openness and academic freedom, while protecting Canada's research. Information is communicated to stakeholders through a Government of Canada webpage, information sessions, responses to questions directed to the Research Security Centre's inbox, as well as through social media platforms and other communication methods. The Centre increases awareness within the research community through the development and sharing of resources such as the Safeguarding Science Workshops and engagement with Canadian universities.

As part of the Research Security Centre's efforts to be a source of advice and guidance, the Safeguarding Science Workshops are offered to universities, private laboratories, and other federal departments. These workshops convey up-to-date information on the research risk environment, as well as applicable guidelines and policies. This workshop began in 2016 and was updated by the Research Security Centre in fiscal year 2023-2024. The Research Security Centre has also been developing new modules as needed in order to adapt to a shifting research security environment.

In February 2024 alone, the Centre delivered the Safeguarding Science Workshop 10 times, with 6 English sessions and 4 French sessions. There were 812 participants from universities, federal departments, hospitals and research institutes, and other organizations. Post-workshop surveys indicated that the workshop met the expectations of 77.6% of attendees who responded to the survey.

While the workshops have been well received, stakeholders had some suggestions to improve the Safeguarding Science Workshops. These include helping students understand the intent of the STRAC policy; adding videos to the Safeguarding your Research portal; adding modules related to non-STEM research; developing interactive case studies; and further informing the development of mitigation plans.

Impact of awareness building efforts

Universities across Canada are eager to promote research security within their universities. They are actively seeking out the Safeguarding Science Workshops offered by the Centre and they are engaged with the Regional Advisors who offer education and support on policies, training tools, webinars, and workshops. Interviewees noted that questions from universities and researchers have been shifting from basic questions to more complex and specific issues, demonstrating a positive change in awareness about research security. Additionally, they pointed to an increase in the quality of risk assessment forms completed by researchers as part of their funding applications under the Guidelines, as an example of the impact of awareness efforts.

The increasing interest in research security cannot be solely attributed to the Research Security Centre, as there are many initiatives underway concurrently, however, the Centre is part of establishing an increasing discourse around research security.

For example, while the Guidelines are only formally applied to a select number of research grants, some research funding organizations are including participation in the Safeguarding Science Workshops as a condition of funding, particularly for larger grants.

This speaks to the value of these workshops and facilitates the implementation of research security principles and awareness of these practices to a wider number of research projects.

Survey data collected by ISED indicated that 59% of researchers surveyed agree their awareness of research security issues has increased between July 2022 and March 2023.

Opportunities for increased impact

While the Research Security Centre has improved awareness around research security for researchers and academic institutions in Canada, there are opportunities to enhance its impact.

According to internal and external interviewees, there is an opportunity to increase the visibility of the Research Security Centre through an enhanced online presence, including a newsletter, and Centre-specific branding. As an external client-facing program, this would ensure that stakeholders and partners are aware of the role of the Centre and would facilitate the inclusion of its representatives at high-profile research security events, helping to build credibility and foster engagement.

Interviewees highlighted some other ideas to enhance information sharing, including hosting a national conference on research security, and facilitating information sharing between universities and researchers by creating communities of practice.

Interviewees also shared opportunities to adjust information being shared to better suit stakeholders. First, the volume and format of information, while suitable for university staff working in a research security office, may not be ideal for researchers. It was suggested that developing products that could be more easily consumed, such as colour-coded visual graphics with limited text, videos, or pamphlets, as well as providing more detailed and relevant examples, would facilitate a better understanding of content among researchers.

Second, several internal interviewees shared that there is an opportunity to improve the timeliness and quality of the French version of resources and presentations. Documents should be available in both official languages within the same timeframe and challenges with finding subject matter experts willing to present in French should be addressed. Delays with the French version of messages and resources, and a lack of Francophone subject matter experts, can adversely impact efforts to build awareness among Francophone universities and researchers.

There are also opportunities to enhance the sharing of unclassified threat information with universities and researchers. This information could increase their awareness and understanding of threats impacting their work and facilitate improved decision making. Having more threat information may also improve the quality of mitigation plans as part of applications submitted under the Guidelines.

Resources

Budget 2022 announced $12.6 million over five years with $2.8 million ongoing, including 12 Full Time Equivalents (FTEs), for the establishment of the Research Security Centre at PS. Spending in the first two years of funding can be seen in the table below.

Underspending occurred during the first two years as the Research Security Centre was in the process of staffing positions and just beginning to establish relationships and develop tools. Additionally, departmental fiscal restraint during this time placed limits on travel and spending. Interviewees shared that the current level of resources is working well.

Research Security Centre staff

Staff from the two Research Security Centre teams work together and communicate regularly through check-ins and meetings, and work flow is facilitated by a detailed work plan. The teams also maintain several tracking and reporting documents that support information sharing and reduce duplication of efforts, such as a tracker that details engagements with academic institutions and a frequently asked questions document that includes the questions asked by universities and the responses provided.

Overall, program staff feel there is great collaboration between the two teams and that their work is facilitated by the variety of multidisciplinary skills team members bring to their roles.

Travel

The travel budget for the team is substantial, which results in additional departmental scrutiny and can create delays during the approval process. As of July 2024, staff reported that their 2024-2025 travel budget had not yet been approved. Given the frequency of travel, the administrative process for reimbursement of costs was reported to be cumbersome. It was suggested that a petty cash budget for Regional Advisors to cover basic travel needs and administrative support to manage travel-related paperwork could be beneficial.

Expansion

There is some concern that more resources may be required for the Research Security Centre as work scales up with the expansion of the Guidelines to more grants and research funding organizations, as well as the introduction of STRAC and the development of associated tools, which was not anticipated when the Centre was designed. If the Centre expands its outreach to colleges, polytechnics, and other government departments, additional resources would be required.

Conclusions

The Research Security Centre has had significant achievements since receiving funding in 2022. In addition to the implementation of the National Security Guidelines for Research Partnerships, as well as the continued expansion to further grants and research funding organizations, the Centre has contributed to an increase in awareness of security risks through the delivery of the Safeguarding Science workshop, the implementation of the STRAC policy and the development of the associated Named Research Organizations list.

The Research Security Centre has also successfully facilitated engagement with academic institutions, primarily through the Regional Advisor model. Additionally, effective working relationships with other government departments, research funding organizations, PT governments, and international partners have been established. Opportunities exist to deepen engagement with stakeholders, other government departments, and international partners.

While the increasing interest in research security is not solely due to the Research Security Centre, as there are many concurrent initiatives, the Centre has played a role in establishing an increasing discourse around research security. Academic institutions are engaged with research security, expanding their knowledge beyond the Guidelines and seeking the support of Regional Advisors to bolster research security within their institutions.

Going forward, the Centre could enhance awareness by increasing their online presence and developing easily digested information, in both official languages, that is tailored to researchers. Additionally, addressing administrative challenges with travel could allow Regional Advisors to enhance their engagement by having a greater in-person presence at academic institutions. As the application of the Guidelines expands to additional grants and consideration is given to providing the Research Security Centre's offerings to other research institutions, including colleges, polytechnics, and other government departments, more resources may be required.

Recommendations

The Senior Assistant Deputy Minister, National and Cyber Security Branch, should consider the following recommendations in order to enhance the impact of the Research Security Centre's work:

1. Explore options to support an increased online presence, in both official languages, and the development of Centre-specific branding to facilitate enhanced awareness of the Research Security Centre and increase the impact of the work being done
2. Explore options to address administrative barriers to travel to enhance engagement with universities and other stakeholders

Management Action Plan

Annex A

Federal Government partners in research security

National Security Departments and Agencies support the implementation of the Guidelines, offer presentations and workshops, advise on areas related to their expertise, and participate in and lead governance committees related to research security.

• Public Safety Canada
• Canadian Security Intelligence Service
• Communications Security Establishment
• Innovation, Science, and Economic Development Canada
• Global Affairs Canada
• The Privy Council Office

Federal Research Funding Organizations support research, research training, and innovation in Canadian post-secondary institutions. They are responsible for ensuring that the Guidelines are applied to their grants and that National Security Reviews of applications are possible, where necessary.

• Natural Sciences and Engineering Research Council of Canada
• Social Sciences and Humanities Research Council of Canada
• Canadian Institutes of Health Research
• Canada Foundation for Innovation

Date modified:

2025-07-04