The guide was developed by Technology Industries of Sweden (Teknikföretagen), the Swedish Security & Defence Industry Association (SOFF) and the Association of Swedish Higher Education Institutions (SUHF). It begins with an overview of the threat landscape and the current security policy situation in the light of Russia’s war of aggression against Ukraine, Swedish membership of NATO and recent developments in the USA.
According to the Swedish Security Service, some fifteen countries, including Russia, China and Iran, are increasingly carrying out systematic intelligence activities with Swedish universities and researchers as their primary targets.
The guide contains many examples of how research espionage can be conducted. It could, for instance, involve establishing contact through social media or at conferences. Other activities may occur in grey areas, such as offers of research collaboration under false pretences or establishing a presence in research environments on dubious grounds. In some cases, it is done using clearly criminal methods, such as theft of research results, sabotage of projects or cyber attacks.
“We see a lot of interest from some countries when it comes to technological developments in medical, engineering and science faculties.” says Fredrik Blomqvist, Head of Security at Uppsala University.
“It is less common to see such activities linked to the humanities and social sciences.”
“The guidance document is relevant for all researchers, but to a greater extent for researchers in the medical, technical and natural sciences,” he adds.
Fredrik Blomqvist
Head of Security at Uppsala University
He also sees the guide as a way to build credibility regarding the ability for the higher education sector to deal with difficult security issues.
“This guide creates and establishes a platform for technology companies and higher education institutions to address security issues together when planning joint research projects. We hope it will lead to increased research collaboration between the parties.”
Are universities the weak link when it comes to handling sensitive information in the innovation chain?
“Security issues have not been high on the agenda in the past, but in a troubled world with increasing focus on total defence, that has changed. For a number of years now, all higher education institutions have been working very intensively with this issue and have taken huge strides forward. This has its origins in the 2018 Protective Security Act, that we must identify the activities and research we conduct that are particularly sensitive.”
The higher education sector has realised the seriousness of the situation and has taken adequate measures, he adds.
“It also helps us to be very open and transparent with most of our research. There is only a small amount of all research that we need to protect; the rest can be open to virtually all nations.”
Robert Limmergård, the Secretary General of SOFF, stresses that protection against research espionage is primarily a question of security culture.
“Obviously we have a responsibility to get together at a central level, to work on these issues and provide guidance that may be relevant to each party. But I think that research security should not be seen as an office that is set up centrally at the university; it is a culture that all employees need to take on board.”
Robert Limmergård
Secretary General of SOFF
He considers security to be primarily a cultural issue.
“I would say that it is probably more of a human issue than a technical one, such as protection against data breaches. Unfortunately, it is about boring things like awareness and procedures. Companies, universities, researchers – everyone needs to conduct a risk inventory. You need to assess and evaluate risks, you need to think about what information you share, and so on. So it is a cultural issue and a question of security awareness.”
His advice is to strengthen collective awareness.
“If we dare to talk about the problem, we can share experiences, and then we can share examples. And we can do that between us: companies, researchers and state authorities. That way we can raise the general level of knowledge. But I also think that, unfortunately, more resources need to be devoted to these issues. Someone has to work with them, and that takes time. And time costs.”
Limmergård believes that it is very much about finding ways for different actors and authorities to cooperate.
“One such issue is how universities cooperate with the Swedish Migration Agency and intelligence authorities when it comes to certain visa applications and the like, in order to identify security risks at an early stage. For example, a lot of researchers are deliberately planted in our research environments at a young age. So they don’t come as doctoral students, but already as undergraduates,” he says.
This way of thinking is something that he feels also needs to be incorporated into discussions between colleagues.
”Should I always have a slight suspicion that my international colleague is probably not really someone I can trust?
“No, but we must be able to hold two thoughts in our heads at the same time. In other words, we should not arouse suspicions about people, but we should have the courage to realise that there are people who are out to sabotage, exert influence or steal information. I think that being security conscious means that we need to understand that there are also bad individuals in our environments.”
But this has to be balanced with openness towards the international research community.
“It is a balancing act. Openness is important for our competitiveness, for our innovations and for finding new solutions to make society better. But unfortunately, it is precisely the need to deal with this threat to research that means we cannot only be open, but must balance openness against security in a different way today than we did just five years ago,” says Robert Limmergård.
Think about security
Have a continuous dialogue about the threat landscape. The higher the level of awareness, the stronger the security culture in your organisation.
Conduct risk analyses. In any new research collaboration, make sure to review the risks of espionage and how they can be managed.
Be structured and organised. Have clear processes for sharing information and for who has access to what. Protect information with the help of technology.
Report incidents. Anything that seems suspicious and gives you doubts should be reported. Reporting is better than not reporting.
Source: Patrik Sandgren, expert in digitalisation and cyber security at Technology Industries of Sweden, (Teknikföretagen).
Guide: Protecting research and knowledge (in Swedish only)
https://soff.se/app/uploads/2025/09/Skydda-forskning-och-kunskap-En-vagledning-for-att-motverka-spionage-vid-forskningssamarbeten-version-2025.pdf
