Countering foreign interference
Background: Guidelines to Counter Foreign Interference in the Australian University Sector
In 2019 the University Foreign Interference Taskforce (UFIT) was established by the Australian Government to bring together universities and Australian government agencies to develop a set of best practice guidelines to help universities manage foreign interference risks and strengthen resilience against foreign interference.
The Guidelines to Counter Foreign Interference in the Australian University Sector (the Guidelines, also known as the UFIT Guidelines), developed in extensive consultation between the Government and the university sector, were released in November 2019, and were refreshed in 2021.
The Guidelines are designed to build on risk management policies and security practices already implemented by Australian universities, as well as assist decision-makers to assess the risks from foreign interference. They recognise that universities have different risk profiles and encourage universities to adopt measures to mitigate foreign interference risks that are appropriate to their particular risks, and support universities to develop new, or examine existing tools, frameworks and resources to assess and mitigate risks from foreign interference.
The overarching principles that were applied when developing and refreshing the Guidelines are as follows:
- Security must safeguard academic freedom, values and research collaboration.
- Research, collaboration and education activities remain mindful of the national interest.
- Security is a collective responsibility with individual accountability.
- Security should be proportionate to organisational risk.
- The safety of our university community is paramount.
As stated in the Guidelines, a proactive approach by the university sector to the threat of foreign interference will help to safeguard the reputation of Australian universities, protect academic freedom, and ensure our academic institutions and the Australian economy can maximise the benefits of research endeavours.
The Guidelines “seek to strike a balance and give careful consideration to the potential tensions between developing institutional policies that protect against the risk of foreign interference, while also promoting the free exchange of ideas, an open research culture and academic freedom” (page 5), and are organised into key themes or pillars, each with set objectives to guide universities, including governance and risk frameworks; due diligence; communication, education and knowledge sharing; and cybersecurity.
What is foreign interference?
When considering our obligations with respect to safeguarding against foreign interference, it is important to distinguish between foreign interference and foreign influence. The Guidelines define these as follows:
Foreign interference occurs when activities are carried out by, or on behalf of a foreign actor, which are coercive, clandestine, deceptive or corrupting and are contrary to Australia’s sovereignty, values and national interests.
All governments, including Australia’s, try to influence deliberations on issues of importance to them. These activities, when conducted in an open and transparent manner, are a normal aspect of international relations and diplomacy and can contribute positively to public debate.
Examples of foreign interference include:
- improper attempts to obtain sensitive or confidential information from students or staff (e.g. via foreign delegations, seminars, collaborations, or in return for financial support)
- inappropriate targeting and recruiting staff and students, to further a foreign actor’s interests
- actions by or for a foreign actor that are inconsistent with academic freedom and the university’s values and codes of conduct, such as demands or inducements to change academic programs for the benefit of a foreign political, religious or social agenda
- inappropriate efforts to alter or direct the university’s research agenda into particular areas of research (this may occur through subtle forms of undue influence and engagement, and through funding arrangements that may also lead to a loss of future value and/or control of intellectual property)
- seeking inappropriate access to, or influence over, particular persons, areas of activity, or research outcomes through various forms of funding arrangements (e.g. donations) or collaborations, financial or other inducements targeted at individuals; and
- cyber targeting by exploiting network vulnerabilities and unauthorised access.
What are the risks to the university's foreign interference?
Risks of foreign interference include:
- compromise or unauthorised access to valuable university research, sensitive or personal data;
- damage to the reputation of the university or its research teams and individual staff and students;
- loss of future partnerships and collaborations or opportunities to attract talent;
- breach of legal obligations (contractual or legislative);
- foreign governments gaining an undue commercial, technical or intellectual advantage to the disadvantage of the university;
- loss of intellectual property and commercialisation opportunities;
- cultivation of the university community for information gathering and espionage against Australia;
- undue influence of an agenda within or outside the classroom.
What are the responsibilities of the university, and staff and students (in particular HDR students) with respect to countering foreign interference?
The key pillars and the related objectives set out in the Guidelines should be considered by universities proportionate to their risk. Those pillars, the set objectives, and the key responsibilities of all university staff with respect to the key pillars are as follows:
1. Governance and risk frameworks: Among other things, universities should have frameworks for managing their risks that address foreign interference threats to their people, information and assets; accountable authorities responsible for managing foreign interference risk; and policies and procedures that set out responsibilities and expected conduct to manage foreign interference risk.
2. Communication, education and knowledge sharing: Universities should have communication plans and education programs that raise awareness and support mitigation of their foreign interference risks; provide training to staff and students who are engaged in foreign collaboration or other partnership activities at risk of foreign interference; and should participate in sector-wide counter foreign interference events and where appropriate, share experiences and leading practice, to learn from each other and build sector resilience.
3. Due diligence, risk assessments and management: Universities should require declaration of interest disclosures from staff who are at risk of foreign interference, including identification of foreign affiliations, relationships and financial interests; conduct due diligence to inform decision-makers of foreign interference risks; conduct due diligence on partners and personnel; assess the potential of technology and/or research; apply a comprehensive approach to their due diligence; and have appropriate approval, audit and continuous evaluation of due diligence processes.
4. Cybersecurity: Universities should understand and proportionately mitigate cyber business risks, using techniques like threat models where possible, to inform their cybersecurity strategy; implement a cybersecurity strategy that treats cybersecurity as a whole-of-organisation human issue and incorporates an appropriate controls framework; and participate in communities of best practice, which share cyber intelligence and lessons across the sector and government.
Charles Sturt’s responses to the Guidelines and each of the key pillars/themes are continuing to evolve, and are also being informed by additional guidance and recommendations arising from the Parliamentary Joint Committee on Intelligence and Security’s (PJCIS) Inquiry into national security risks affecting the Australian higher education and research sector, which was handed down in March 2022. The PJCIS report findings detailed a number of issues concerning national security, including foreign interference, cyber risks, espionage, and undisclosed foreign influence; and set out a series of recommendations to address national security risks the sector is exposed to.
An online ELMO training module related to foreign interference is under development and should be available by the end of 2022.
In the meantime, please continue to monitor university communications, changes to policies and procedures, and information from the Office of the DVCR or your business unit, for further guidance about the university’s response to foreign interference risks.