When discussing security, the first things that usually come to mind are military defense, crisis preparedness and energy. Research security is not usually high up on the list, even though it should be. We are a society far more dependent on research than we often realize. That also makes us vulnerable to scientific espionage and sabotage.

Social science studies form the basis for Estonia's strategic governance decisions. Amplified through politics and the media, they directly influence how people in Estonia perceive life in the country, their future, their fellow citizens and our place in the world. Among other things, Estonia's e-state systems are built on research conducted here, including the security solutions that make digital signatures and e-voting possible. Research related to comprehensive national defense is also becoming more extensive, with a focus on hybrid threats, civil protection, crisis awareness and preparedness skills. Analysis of future trends also plays a critically important role.

Worst-case scenario: Estonian research's reputation destroyed

Imagine that all of this suddenly lost its credibility. What would happen if it turned out that the picture of Estonian society created by what we believed were high-quality studies had in fact been wrong for years because researchers working on behalf of hostile forces had influenced the findings? We would discover that we had ignored serious problems and wasted taxpayers' money to no effect. What would remain of our sense of security and trust?

Or suppose it emerged that the next generation of e-state software contained a security vulnerability that appeared accidental but could not be fixed quickly. And while we were developing next-generation cyberdefense technologies, some authoritarian state somehow already had exactly the same technologies.

What would remain of Estonia's reputation as a technologically advanced, efficient and forward-looking country? Who would dare cooperate with us, for example, in developing new technologies for the defense industry? Where would researchers and innovative companies find development funding if European research funds no longer trusted us enough to provide support?

These are worst-case scenarios, but they must be acknowledged because with each passing year the entire European Union research system is becoming a more intensive target for hostile external actors. Theft of research, sabotage of important studies and obstruction of development activities vital to Estonia are all very real threats.

The era of globally open science is over

Internationalism is in researchers' DNA. For small countries on the global scale, which includes every member state of the European Union, that is a sensible approach. During the decades of peacetime, we opened our research networks to partners from around the world. But as Canadian Prime Minister Mark Carney warned in his speech at the World Economic Forum in Davos, the world order is fracturing and major powers are increasingly using the economy and technology as tools of pressure. That means the internationalization of research must increasingly be viewed through the lens of research security.

As confirmed by the most recent annual report of the Estonian Foreign Intelligence Service, international scientific cooperation in Russia is directly controlled by the security services. It is unlikely that the situation is significantly different elsewhere in nondemocratic countries. The hostile intentions of researchers from those countries should not merely be suspected, but assumed. Moreover, Estonian researchers themselves are being pressured into cooperation through ideology, threats and money. The Internal Security Service was catching Estonian researchers who were working for Russia or China years ago. The aforementioned annual report also confirms that active scientific espionage takes place even between countries that outwardly appear to be friendly.

With this article, I am calling first and foremost on all Estonian researchers and research institutions to recognize the issue of research security and adopt the view that we need to adjust our way of working. How exactly this should be done requires a transparent and inclusive discussion, along with responsible and realistic agreements. Still, so as not to remain vague, I would like to point to three measures that have served as good examples in other European countries and that, in my view, should certainly be part of a solution suited to Estonia.

Toward a solution: Network, funding and foreign students

First, it would not make sense to create a separate agency to deal specifically with research security. Effective action to prevent and mitigate hostile influence inevitably takes place at the level of the researcher and the research group. At the same time, it is neither realistic nor necessary to require every researcher to take on the role of a research security specialist in addition to their main work.

Instead, every research institution should have a research security function, similar to the way organizations ensure data protection expertise. This does not have to be a strictly defined position, but rather a function responsible for ensuring that the institution's risk assessment process includes research security considerations, that good practices reach researchers and that colleagues have access to a competent adviser when dealing with specific cases.

The people carrying out this role would together form a network both within Estonia and at the European level. The Estonian Academy of Security Sciences is prepared to support the development of this role's professionalism, from training to the ongoing development of the necessary skills and knowledge.

Second, research security should not be treated as an end in itself, but should become part of basic professional hygiene. A major step forward would be to add compliance with research security principles to the funding conditions of the Estonian Research Council. This should be done gradually and accompanied by clear communication.

Third, Estonia's specific circumstances must be taken into account. Estonia stands out in Europe for the large role students, especially doctoral students, play in conducting research. Many of them, however, are foreigners. Thought-provoking examples of the recruitment of foreign students and their so-called academic trajectories can also be found in the annual report of the Estonian Foreign Intelligence Service.

The Internal Security Service has expelled doctoral students from Estonia whose interest in Estonia's national digital identity systems left no doubt about their true objectives. Most foreign students have a genuine academic interest, but exceptions can cause great harm. That is why the system must be smart, not distrustful. Estonia needs foreign students. The systems for selecting and screening them must keep pace with the times.

In conclusion, I want to emphasize that security-minded thinking must inevitably become part of everyday life for Estonian researchers. This is not a pleasant prospect, but it is unavoidable. We are not alone in this. Much of Europe is still in the stage of recognizing the threat and testing possible solutions. At the same time, some countries, such as France, have been dealing with the issue at the level of the research system for more than a decade and we also have much to learn from the Netherlands. There is therefore no need to reinvent the wheel; we should take the best practices from those with experience and put them to work for our own benefit.

Research security must certainly not be emphasized in a way that creates paralyzing paranoia or additional bureaucracy. What matters is awareness within the research community and the introduction of simple preventive measures at every stage of the research process. We are protected by the right habits — routine in the best sense of the word — habits we will soon no longer even notice ourselves, but which will make hostile actors lose interest in interfering with us.

--

Follow ERR News on Facebook and X and never miss an update!