Guidelines: case studies
In early 2021, a Dutch university found itself in trouble as a result of an agreement with a Chinese institute. The institute had provided funding for the Chair in Chinese Language and Culture at the university over a five-year period. The furore over the agreement arose when it emerged that the organisation appeared to be influencing the content of the teaching material. The contract of the Professor of Chinese Language and Culture featured a number of concerning resolutive provisions. For example, it was stated that the funding could be terminated in the event of a breach of Chinese laws and regulations, and in the event of any harm to China’s image.
The publication of the contract with the institution caused considerable controversy in the academic world. In February 2021, Chinese students launched a petition to bring an end to the collaboration. Both students and staff argued that Chinese influence restricted their freedom of speech and placed their academic freedom in jeopardy. The Dutch Minister of Education, Culture and Science, van Engelshoven, described this type of foreign influence in education as ‘undesirable’. Clingendael, the Netherlands Institute of International Relations, also warned against the potential for self-censorship involved when collaborating with the Confucius Institutes1. As a result, the university ultimately decided not to extend the agreement with the institute.
For more information on this topic see
- Section 7.1 on checking collaboration agreements for restrictive provisions and carrying out due diligence on entering into a collaboration with a new partner
- Section 2.1 on safeguarding academic freedom and an open research culture
Sources
At the start of 2021, a Dutch university magazine published an article on how a university in the Netherlands was unintentionally assisting the Chinese military. The article claimed that, in recent years, dozens of Chinese scholars had participated in research at the university that can be used in part for military applications.
The research revealed that the university currently has or has had collaboration agreements in the last fifteen years with four Chinese universities that belong to the ‘Seven Sons of National Defense’. The Seven Sons are all supervised by the Chinese Ministry of Industry and Information Technology (MIIT). These institutions are officially civil universities, but according to the Australia Strategic Policy Institute (ASPI) have close ties to the Chinese military. At least half of their research budget is invested in military research, such as facial recognition technology, military aircraft and rockets.
The university magazine examined hundreds of academic publications to get an idea of the type of research carried out in collaboration with the Seven Sons universities. This included robotics, radar technology and facial recognition technology, as well as ‘dual-use’ knowledge, which has both civil and military applications. The magazine also identified an article in Hunan Today, which paints an alarming picture. In 2017 the newspaper quoted a ‘doctoral candidate studying in the Netherlands’:
The country and the military have selected us to study abroad, in the hope that we will master the most advanced science and technology so that we can take on the most important task of our time: strengthening the military. We need to focus on our mission and work hard to form the foundation for the military through science and technology.
The research conducted by the university magazine later revealed that this quote did in fact come from a doctoral candidate at a Dutch university. His supervisor stated that he had come to know the doctoral candidate as a smart researcher and that he could not imagine that the quote was sincere. He also stated that his research group was not involved in any defence research, and that he had agreed with the doctoral candidate to carry out research that could not be used by the Chinese military. They had together chosen an abstract problem, so that any new solutions could be used for ‘a wide range of purposes’.
For more information on this topic see
- Chapter 7.1 on how to approach high-risk knowledge domains, including dual-use
Sources
In late 2019, a Dutch university fell victim to a cyber attack with ransomware. This type of attack involves encrypting users’ data files with the aim of decrypting them only after a ransom has been paid. A staff member at the university unsuspectingly clicked on an infected link, unintentionally opening the door to a large-scale cyber attack. The cyber attack gave the perpetrators access to the core of the network, enabling them to take down and encrypt hundreds of servers. They demanded a ransom of € 200,000.
The university was forced to choose between paying criminals on the one hand and ensuring the continuity of education and safeguarding research and staff data on the other hand. The university decided that the latter took priority, and the hackers received payment in bitcoin six days after the attack. All servers were decrypted and the university slowly restarted all of its systems. Teaching resumed in January 2020.
The cyber attack started with an infected email, most probably from the Russian-speaking criminal hacker group Grace-RAT. The group has been carrying out attacks since 2014, initially mainly targeting financial institutions, later branching out to businesses and knowledge institutions. In the weeks after sending the infected email the perpetrators were able to familiarise themselves with the network, penetrating to the core. According to Fox-IT experts, they were able to do this so quickly and easily because the university had failed to install security updates on all servers. On top of this, the ‘master key’ was poorly hidden and most back-ups were not stored offline. Fortunately, a lot of valuable research data was stored on other servers and therefore remained secure.
In the wake of the cyber attack, the university announced that it had now taken measures to address all weaknesses. Recovery files are now also stored offline, there is now a requirement to install updates on all servers, and networks are better distributed. Staff and students also receive training on how to recognise infected emails.
For more information on this topic see
- Section 9 on cyber threats and potential measures that institutions can take
Sources
Two diplomats from the Russian embassy in The Hague were deported in 2020. They were declared persona non grata due to allegations by the General Intelligence and Security Service (AIVD) of involvement in espionage in the Dutch high-tech sector. Areas in which the Russian spies showed an interest included information on artificial intelligence, semiconductors and nanotechnology. Much of this technology has both civil and military uses.
The intervention by the AIVD brought an end to the operations of an intelligence officer of the Russian civil intelligence service SVR. This officer worked as an accredited diplomat at the Russian embassy in The Hague and was involved in espionage in the domain of science and technology. To this end, he had built up a substantial network of sources who were currently or had previously been employed in the high-tech sector in the Netherlands.
The Russian intelligence officer made contact with individuals within the high-tech sector who had access to sensitive information. Some individuals received payment from the intelligence officer in exchange for information. A second Russian intelligence officer of the SVR, who was also an accredited diplomat at the Russian embassy in The Hague, fulfilled a supporting role. Both intelligence officers were declared persona non grata by the Dutch Ministry of Foreign Affairs. They were required to leave the Netherlands at short notice and are no longer allowed to serve as diplomats in this country.
The high-tech sector has access to high-quality and unique knowledge. This espionage case has most likely caused damage to the organisations where the sources work or worked and thus potentially also the Dutch economy and national security.
For more information on this topic see
- Section 3.2 on the threat of undesirable transfer of knowledge and technology by individuals
Sources
- Marko Vlot, ‘AIVD ontmaskert Russische Spionnen’ [‘AIVD unmasks Russian Spies’], 2020, Financieel Dagblad
- News report: ‘AIVD rolt spionagenetwerk op in Nederland; twee Russische inlichtingenofficieren moeten het land verlaten’ [‘AIVD breaks up spy network in the Netherlands: two Russian intelligence officers deported’]