How to secure your research

• Critical research

  The most important task is to identify the critical research that needs special protection.

  Assess the value of your research projects, for example, whether new technologies are commercially interesting or have both civilian and military applications.

  Identify what information and data you cannot afford to lose. Decide who should have access to what – both physical and electronic.

  See Definition of Critical Research at SDU.

  See also PET's council for preventing espionage.

• Background checks when hiring

  Prospective employees from what are defined as at-risk countries (currently China, Russia, Iran and Belarus) must be background checked if they are to engage in or have access to critical research.

  The purpose of background checks is to protect SDU's knowledge, employees and students – as well as the candidates who apply. We are in a security situation with a complex risk picture. There are non-aligned states that will try to gain access to knowledge and technology based on Danish knowledge.

  Just as we have a responsibility to protect SDU's knowledge, we also have a responsibility to protect employees and students from countries at risk. Background checks must also strengthen their rights. SDU must be vigilant, but without being suspicious.

  What a background check includes

  Background checks investigate the candidate's research background – which universities and researchers the candidate is connected to and whether they have connections to intelligence services or defence. If SDU hires a candidate who passes on information to, for example, the Chinese defence or security services, it could have consequences for SDU's reputation.

  Background checks have been introduced based on the guidelines from the Ministry of Education and Research's committee on guidelines for international research and innovation collaboration from 2022 (URIS).

  High-risk countries and threats to research

  It is the URIS committee at SDU that, based on reports from PET (the Danish Security and Intelligence Service), regularly identifies the so-called risk countries (URIS countries). When Iran, China, Russia and Belarus are currently explicitly designated, it is based on PET's intelligence on which countries are trying to gain illegal access to knowledge from Danish research environments.

  According to PET, the threat to research and innovation is persistent and significant. Non-aligned states are especially trying to get hold of Danish knowledge, technology and know-how within a number of critical technologies such as information technology, biotechnology, quantum technology and green technology. In addition, research areas must be protected if, for example, they have a high commercial value or have developed or use technology that can be used militarily.
• Travelling and living abroad

  When you log on to a network in, for example, China or Iran, your computer and phone can be attacked. Organisations or individuals may try to retrieve information and install software that can be activated when the unit comes back on SDU's network.

  This exposes all data on your computer and phone. You can work with research that is not immediately categorised as critical – but you may have sensitive data about your family, students or colleagues on your units.

  SDU IT can advise you on how to best protect yourself and your data.

  When travelling or staying abroad for a longer period, you need to be aware of how to protect yourself and what you have with you.

  SDU SAFE, in collaboration with SDU IT, has prepared several councils for travelling and staying abroad.

  There are a number of countries where you and your data are more vulnerable than elsewhere. This applies to countries that want to take part in SDU's research.

  See this guidance and contact SDU SAFE and SDU IT if you need more advice.

• Counselling in connection with security incidents

  If you as a researcher, student or employee at SDU have received an enquiry that seems suspicious, you are welcome to contact SDU SAFE.

  There are a number of examples of students, researchers and employees who have felt pressurised or experienced hidden or direct threats from states or individuals who have wanted to gain access to information or otherwise gain influence. If you have experienced something similar or are facing a dilemma, reach out to SDU SAFE for advice. Working together, we can find solutions and overcome challenges.

  If in doubt, reach out once too often rather than once too little.

  Contact SDU SAFE.

• International co-operation, export control and sanctions

  If research ends up in the wrong hands, it can have major and damaging consequences for SDU and SDU's reputation. According to PET, the threat to research and innovation is persistent and significant. Non-aligned states are trying to get their hands on Danish knowledge, technology and know-how within several critical technologies (see SDU's definition of critical research), including technology that can be used militarily.

  SDU must ensure that these technologies are protected in the best possible way. We do this, among other things, by analysing who we collaborate with and on what.

  SDU SAFE can help advise on international collaboration.

  Export controls and sanctions at SDU

  Together with the other EU countries, Denmark has joined an international co-operation on export controls and sanctions. This means that the export of a number of products may require authorisation from the authorities. In some cases, the control also includes transport, transit, brokering and transfer of technical assistance. Controls apply to civilian, industrial and military products.

  When SDU cooperates internationally, the organisation must comply with legislation on export controls and sanctions. When applicable, it is also necessary to comply with export controls and sanctions issued by the United States.

  The international export restrictions and sanctions apply to both university employees, students and visiting researchers or visiting students. Nationality or country of origin is irrelevant to the obligation to comply with export control and sanctions legislation.

  The following are examples of technologies or services that require an export licence.

  Physical exports

  Physical exports are shipments of controlled items such as equipment, components, materials, tests, chemicals and biological materials, software or technology stored on physical media.

  Electronic export

  Electronic transfers or sharing (including orally) of controlled goods, such as software or technology, as well as access to drives that make information available to persons outside the EU. This also applies if unencrypted information is sent or stored on public networks or cloud servers in a way that effectively implies that the recipient has read it. A publication is therefore also considered an export.

  Personalised export

  Travel where controlled items are part of the personal luggage, e.g. laptops, mobile phones, memory drives and any data in these units. For example, an iPhone is export controlled and cannot be exported to Iran without an export licence.

  Legislation surrounding export controls and sanctions is complex and constantly changing.

  As an employee or student at SDU, you can get advice on export controls and sanctions from:

  Faculty of Engineering:	Guidelines for Dual Use
  SDU SAFE:	safe@sdu.dk
  RIO:	https://www.sdu.dk/da/om-sdu/ledelse-administration/sdurio
  BFA:	https://www.bafa.de/EN/Foreign_Trade/Export_Control/Export_Control_and_Academia/export_control_academia_node.html (currently the only known manual targeted at academia)
  Danish Business Authority:	https://eksportkontrol.erhvervsstyrelsen.dk

   

• Visitors and guests

  Under development.

  Contact SDU SAFE for advice: safe@sdu.dk.