NSF’s research security group urged to adopt ‘more traditional’ approach

In a blog post on Monday, Educause encouraged the National Science Foundation to place a greater emphasis on cybersecurity as it develops a new organization to protect the research conducted by American universities.

The advice follows a request for comment the NSF published this year on plans to create a research security and integrity information sharing and analysis organization, or RSI-ISAO. The new group is a requirement of the 2022 CHIPS and Science Act, which provides roughly $280 billion to boost domestic research and semiconductor manufacturing.

Jarret Cummings, senior adviser for policy and government relations at Educause, outlined his organization’s response to the plans, encouraging the NSF “not to lose sight of the traditional role and functions of an ISAO, even as it works to address the unique interpretation of the ISAO concept presented in CHIPS.” He urged the NSF to model the group on organizations such as the Research and Education Networks Information Sharing and Analysis Center, or REN-ISAC.

The vision for the RSI-ISAO described in the CHIPS and Science ACT does not reflect “the established understanding of what an ISAO is and does,” Cummings wrote in his blog post. ISAOs typically focus on cyber resilience, but the CHIPS vision for the RSI-ISAO focuses on sharing general information about research security, covering issues such as faculty conflicts of interest and talent recruitment programs run by foreign governments.

In its response to the NSF, Educause argued that the agency should connect with the Cybersecurity and Infrastructure Security Agency and the ISAO Standards Organization “to gain a better understanding of what ISAOs are and how the core cybersecurity elements of an ISAO can be integrated into the RSI-ISAO as it takes shape.” 

Educause also recommended the NSF work with REN-ISAC and the Multi-State Information Sharing and Analysis Center, or MS-ISAC, to use their resources for information sharing.