Safeguarding Our Researchers
Under the National Security Presidential Memorandum-33 (NSPM-33), “Insider Threat” refers to the potential for an individual connected with the University to use their authorized access to institutional resources either for unauthorized purposes or to unknowingly facilitate malicious activity via their authorized access and/or activities.
The federal government requires all federal contractors (including grant recipients) to implement measures to prevent and counter potential targeting/espionage activities that could occur on campus. Such required initiatives are known as “Insider Threat Prevention” programs.
Michigan Tech remains committed to international collaboration and an open research environment, while also safeguarding our researchers and remaining in compliance with federal laws and regulations. The Vice President for Research Office has implemented key measures to meet these objectives.
At Michigan Tech, the focus is on recognizing that, while academia has a unique mission and culture, risks remain. As a result, we encourage reporting uncharacteristic behavior and reducing risk to ensure the well-being of our people and our research. It is not about monitoring people. Instead, we strive to build systems and solutions that can detect, identify, assess, and manage risks to the research enterprise. And just as importantly, establish a protective, supportive, safe, and non-threatening environment.
Typically, the University addresses these issues via a committee of stakeholders to collect, integrate, analyze, and respond to threats. Often these committees conduct risk assessments to identify the most likely risks, as well as those likely to have the largest impact on the University. For example, the University’s Enterprise Risk Management Committee (ERM) serves as a group of risk experts working across campus to coordinate best practices and identify issues of concern.
In addition, through our research security awareness program, we help Michigan Tech faculty, staff, and students identify the types of research, academic, and business activities that could potentially leave the university vulnerable to foreign influence concerns.
To comply with NSPM-33 requirements, we have incorporated an Insider Risk training program in conjunction with the annual IT Security training module, completed by faculty and staff every October, to coincide with Cybersecurity Month.
If you See Something, Say Something: Tip Line