b'<html>\n<title> - SCHOLARS OR SPIES: FOREIGN PLOTS TARGETING AMERICA\'S RESEARCH AND DEVELOPMENT</title>\n<body><pre>[House Hearing, 115 Congress]\n[From the U.S. Government Publishing Office]\n\n\n                          SCHOLARS OR SPIES: \n                   FOREIGN PLOTS TARGETING AMERICA\'S\n                        RESEARCH AND DEVELOPMENT\n\n=======================================================================\n\n                             JOINT HEARING\n\n                               BEFORE THE\n\n                      SUBCOMMITTEE ON OVERSIGHT &\n                SUBCOMMITTEE ON RESEARCH AND TECHNOLOGY\n\n              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY\n                        HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED FIFTEENTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                             APRIL 11, 2018\n\n                               __________\n\n                           Serial No. 115-54\n\n                               __________\n\n Printed for the use of the Committee on Science, Space, and Technology\n \n \n\n[GRAPHIC NOT AVAILABLE IN TIFF FORMAT] \n\n\n       Available via the World Wide Web: http://science.house.gov\n\n              \n                               __________\n                               \n\n                    U.S. GOVERNMENT PUBLISHING OFFICE                    \n29-781PDF                  WASHINGTON : 2018                     \n          \n----------------------------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Publishing Office, \nhttp://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, \nU.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). \nE-mail, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="97f0e7f8d7f4e2e4e3fff2fbe7b9f4f8fab9">[email&#160;protected]</a>            \n              \n              \n              \n              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY\n\n                   HON. LAMAR S. SMITH, Texas, Chair\nFRANK D. LUCAS, Oklahoma             EDDIE BERNICE JOHNSON, Texas\nDANA ROHRABACHER, California         ZOE LOFGREN, California\nMO BROOKS, Alabama                   DANIEL LIPINSKI, Illinois\nRANDY HULTGREN, Illinois             SUZANNE BONAMICI, Oregon\nBILL POSEY, Florida                  AMI BERA, California\nTHOMAS MASSIE, Kentucky              ELIZABETH H. ESTY, Connecticut\nJIM BRIDENSTINE, Oklahoma            MARC A. VEASEY, Texas\nRANDY K. WEBER, Texas                DONALD S. BEYER, JR., Virginia\nSTEPHEN KNIGHT, California           JACKY ROSEN, Nevada\nBRIAN BABIN, Texas                   JERRY McNERNEY, California\nBARBARA COMSTOCK, Virginia           ED PERLMUTTER, Colorado\nBARRY LOUDERMILK, Georgia            PAUL TONKO, New York\nRALPH LEE ABRAHAM, Louisiana         BILL FOSTER, Illinois\nDANIEL WEBSTER, Florida              MARK TAKANO, California\nJIM BANKS, Indiana                   COLLEEN HANABUSA, Hawaii\nANDY BIGGS, Arizona                  CHARLIE CRIST, Florida\nROGER W. MARSHALL, Kansas\nNEAL P. DUNN, Florida\nCLAY HIGGINS, Louisiana\nRALPH NORMAN, South Carolina\n                                 ------                                \n\n                       Subcommittee on Oversight\n\n\n                  RALPH LEE ABRAHAM, Louisiana, Chair\nFRANK D. LUCAS, Oklahoma             DONALD S. BEYER, Jr., Virginia\nBILL POSEY, Florida                  JERRY McNERNEY, California\nTHOMAS MASSIE, Kentucky              ED PERLMUTTER, Colorado\nBARRY LOUDERMILK, Georgia            EDDIE BERNICE JOHNSON, Texas\nROGER W. MARSHALL, Kansas\nCLAY HIGGINS, Louisiana\nRALPH NORMAN, South Carolina\nLAMAR S. SMITH, Texas\n                                 ------                                \n\n                Subcommittee on Research and Technology\n\n                 HON. BARBARA COMSTOCK, Virginia, Chair\nFRANK D. LUCAS, Oklahoma             DANIEL LIPINSKI, Illinois\nRANDY HULTGREN, Illinois             ELIZABETH H. ESTY, Connecticut\nSTEPHEN KNIGHT, California           JACKY ROSEN, Nevada\nRALPH LEE ABRAHAM, Louisiana         SUZANNE BONAMICI, Oregon\nDANIEL WEBSTER, Florida              AMI BERA, California\nJIM BANKS, Indiana                   DONALD S. BEYER, JR., Virginia\nROGER W. MARSHALL, Kansas            EDDIE BERNICE JOHNSON, Texas\nLAMAR S. SMITH, Texas\n                            \n                            \n                            C O N T E N T S\n\n                             April 11, 2018\n\n                                                                   Page\nWitness List.....................................................     2\n\nHearing Charter..................................................     3\n\n                           Opening Statements\n\nStatement by Representative Ralph Lee Abraham, Chairman, \n  Subcommittee on Oversight, Committee on Science, Space, and \n  Technology, U.S. House of Representatives......................     5\n    Written Statement............................................     7\n\nStatement by Representative Donald S. Beyer, Jr., Ranking Member, \n  Subcommittee on Oversight, Committee on Science, Space, and \n  Technology, U.S. House of Representatives......................     9\n    Written Statement............................................    11\n\nStatement by Representative Lamar S. Smith, Chairman, Committee \n  on Science, Space, and Technology, U.S. House of \n  Representatives................................................    13\n    Written Statement............................................    15\n\nStatement by Representative Eddie Bernice Johnson, Ranking \n  Member, Committee on Science, Space, and Technology, U.S. House \n  of Representatives.............................................    17\n    Written Statement............................................    18\n\nStatement by Representative Barbara Comstock, Chairwoman, \n  Subcommittee on Research and Technology, Committee on Science, \n  Space, and Technology, U.S. House of Representatives...........    20\n    Written Statement............................................    22\n\n                               Witnesses:\n\nThe Honorable Michael Wessel, Commissioner, U.S.-China Economic \n  and Security Review Commission\n    Oral Statement...............................................    24\n    Written Statement............................................    27\n\nThe Honorable Michelle Van Cleave, former National \n  Counterintelligence Executive\n    Oral Statement...............................................    39\n    Written Statement............................................    42\n\nMr. Daniel Golden, Author, Spy Schools\n    Oral Statement...............................................    50\n    Written Statement............................................    53\n\nMr. Crane Hassold, Director of Threat Intelligence, PhishLabs\n    Oral Statement...............................................    68\n    Written Statement............................................    70\n\nDiscussion.......................................................   104\n\n             Appendix I: Answers to Post-Hearing Questions\n\nThe Honorable Michael Wessel, Commissioner, U.S.-China Economic \n  and Security Review Commission.................................   128\n\nThe Honorable Michelle Van Cleave, former National \n  Counterintelligence Executive..................................   130\n\nMr. Daniel Golden, Author, Spy Schools...........................   131\n\nMr. Crane Hassold, Director of Threat Intelligence, PhishLabs....   132\n\n            Appendix II: Additional Material for the Record\n\nDocuments submitted by Representative Donald S. Beyer, Jr., \n  Ranking Member, Subcommittee on Oversight, Committee on \n  Science, Space, and Technology, U.S. House of Representatives..   134\n\n \n                           SCHOLARS OR SPIES:\n                   FOREIGN PLOTS TARGETING AMERICA\'S\n                        RESEARCH AND DEVELOPMENT\n\n                              ----------                              \n\n\n                       WEDNESDAY, APRIL 11, 2018\n\n                  House of Representatives,\n                      Subcommittee on Oversight and\n            Subcommittee on Research and Technology\n               Committee on Science, Space, and Technology,\n                                                   Washington, D.C.\n\n    The Subcommittees met, pursuant to call, at 10:01 a.m., in \nRoom 2318 of the Rayburn House Office Building, Hon. Ralph \nAbraham [Chairman of the Subcommittee on Oversight] presiding.\n\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n    Chairman Abraham. Good morning. The Subcommittee on \nOversight and Research and Technology will come to order.\n    Without objection, the Chair is authorized to declare \nrecess of the Subcommittee at any time.\n    This hearing will be entitled ``Scholars or Spies: Foreign \nPlots Targeting America\'s Research and Development.\'\' I\'m going \nto recognize myself for five minutes for an opening statement.\n    Again, good morning. Welcome to the joint Oversight and \nResearch and Technology hearing ``Scholars or Spies: Foreign \nPlots Targeting America\'s Research and Development.\'\' This \nhearing is an opportunity to address the vulnerability of U.S. \nacademic institutions to the threat of foreign exfiltration of \nvaluable science and technology research and development.\n    Exfiltration is a new word being used to describe the \nsurreptitious removal of data, as well as R&D, both of which \nwe\'ll discuss today. We look forward to hearing from former \ngovernment and private sector experts about the magnitude and \nconsequences of this threat. We are also interested in learning \nwhat actions must be taken to prevent or mitigate this threat \nin the future without stifling the collaborative research \nactivities that are critical to the United States academic \nsector.\n    Over the past few years, case after case has been reported \nat our universities and colleges, all with similar themes. \nAfter obtaining access to data and other valuable information, \nindividuals, including professors, students, researchers and \nvisitors--some with strong ties to a foreign nation--attempt to \ntake that knowledge to foreign governments, universities, or \ncompanies.\n    As a medical doctor myself, I found one case particularly \nconcerning. A former associate professor at New York \nUniversity, specializing in MRI technology, had been working on \nresearch sponsored by a grant from the National Institutes of \nHealth. According to prosecutors in the initial charges, this \nindividual colluded with representatives from a Chinese-\nsponsored research institute and concealed the fact that he \npatented technology developed with NIH funds for the purpose of \nlicensing it to a Chinese medical imaging company for literally \nmillions of dollars.\n    This case and others demonstrate the targeting of the \ninnovation and intellectual property from our country\'s \ngreatest minds and institutions and, in some cases, the ability \nfor foreign nations to gain easy access by exploiting the lax \nsecurity posture of our academic institutions.\n    The Science Committee has continuously engaged in vigorous \noversight of federally funded basic research and technology, \nparticularly research with a clear path to commercialization \nand a direct benefit for U.S. businesses and government. A \nsignificant amount of academic research and development is \nfunded by the American taxpayers. Just last year, the Federal \nGovernment spent approximately $1.5 billion on research and \ndevelopment, in addition to the even larger amount of funding \nprovided by private sector U.S. companies and universities.\n    If this nefarious activity is aimed at recipients of \nfederal grant programs, then it is the American taxpayers that \nare unwittingly funding the technological advancements and \ninnovative breakthroughs that allow foreign nations to \nimproperly gain a competitive economic advantage.\n    China has publicly proven itself to be the most aggressive \nin the targeting of U.S. research over the past decade. China \nhas heavily invested increasing amounts of financial and \nphysical resources to support a science and technology industry \nthat is based on the transfer of basic science, which allows \nthat country to prioritize advanced development and \ncommercialization over basic and fundamental research. \nEssentially, China steals our fundamental research and quickly \ncapitalizes by commercializing the technology.\n    While much of the discussion and examples used in today\'s \nhearing may focus on China, I want to be clear that this \ncommittee is very concerned about all foreign nations and \nagents that are inappropriately attempting to take advantage of \nAmerica\'s research and development. China\'s efforts in \nparticular have provided useful examples to analyze, mainly \nbecause of their open and aggressive tactics. However, the \nrecent DOJ charges based on Iran\'s actions are further \nconfirmation that this problem is not confined just to China, \nand we should assume a number of other bad actors are also \nmaking similar attempts.\n    Taking that into account, bolstering the cybersecurity of \nfederal information systems has been among the Committee\'s top \npriorities. I am hopeful that the discussion here today will \nhighlight efforts to accomplish this objective and make \nprevention a priority of all recipients of taxpayer dollars. \nWhether physical or cybersecurity threats, it is clear that our \nacademic institutions are not taking all the necessary steps to \nadequately protect this vital research.\n    I look forward to the insight of our witnesses today, which \nwill help us assess these important issues and determine \nwhether additional questions need to be asked of our partners \nin the executive branch, as well as in academia. We hope to \nbetter understand the next steps that must be taken to \nsafeguard the competitiveness and security of federally funded \nresearch and development, especially the role of U.S. academic \ninstitutes.\n    [The prepared statement of Chairman Abraham follows:]\n\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n    Chairman Abraham. I now recognize the Ranking Member of the \nOversight Committee, the gentleman from Virginia, Mr. Beyer, \nfor an opening statement.\n    Mr. Beyer. Thank you, Mr. Chairman. I\'d like to thank you \nand Chairwoman Comstock for holding this hearing.\n    Vigilance against espionage threats is important on all \nfronts from cybersecurity breaches to intelligence gathering by \ncovert operatives on the ground.\n    As a committee, we\'ve conducted numerous bipartisan \ninvestigations into cyber breaches. Our June hearing on \nWannaCry, for instance, gave us context into the recent Iranian \nattacks on hundreds of domestic and foreign universities. \nHacking, however, is but one tool in a suite of techniques used \nby intelligence agencies to target U.S. universities.\n    In cases of academic-related espionage, student researchers \nare recruited by a foreign government to study or do research \nat an American institution and pass along sensitive scientific \nresearch and technology to the foreign government. American \nuniversities play a critical role in driving fundamental \nresearch and developing innovative technologies for our nation. \nThe loss of this sort of data can have tremendous economic \nconsequences, endanger our national security, and diminish our \ntechnological lead in critical technologies.\n    Although an essential tenet of academia is this open \npursuit of scientific research professors, students, university \nscientists need to understand the potential value of their \nresearch to foreign adversaries. They should be properly \neducated about potential espionage threats and trained on how \nto take appropriate security measures, whether they\'re online \nor at an international conference presenting their research \nfindings.\n    What I do not believe what we want to do, however, is pull \nthe welcome mat from under the more than 1 million foreign \nstudents to come to America to study every year, contributing \nmore than $36 billion to our economy annually, and creating \nhundreds of thousands of U.S. jobs and contributing to \nAmerica\'s academic leadership. And having just finished paying \nfor the third college education, I\'m so grateful for the full \ntuitions that foreign students pay, holding down at least a \nlittle bit the price that we have to pay.\n    The media has recently painted a poor picture of the \nacademic community being disinterested or naive about the \npotential security threats they face. I\'m not sure this is an \naccurate portrait. The higher education community has several \nvehicles they use to identify threats and train their members \nto take actions to mitigate their vulnerabilities to attack. \nThese include the Research and Education Network, Information \nSharing and Analysis Center, the Higher Education Information \nSecurity Council, and the newly formed Omni Security Operations \nCenter described as, quote, ``a pioneering initiative that \nhelps higher education institutions reduce the impact of \ncybersecurity threats.\'\' The new group that\'s based in Indiana \nUniversity includes collaboration with Northwestern University, \nPurdue University, Rutgers, and the University of Nebraska \nLincoln.\n    Cooperation in the security arena is critical, and I\'m glad \nto see this sort of cooperation emerging between universities. \nHowever, these universities also need the cooperation from the \nlaw enforcement and the intelligence community to help ensure \nthat they\'re apprised of specific threats or risks.\n    In 2005, to help foster better lines of communication \nbetween the FBI and the U.S. academic community, the FBI \ncreated the National Security Higher Education Advisory Board \noriginally composed of 15 Presidents and Chancellors of leading \nuniversities. But, unfortunately, this past February, the \nmembers of this board received a letter from the FBI announcing \ntheir decision to disband it. The letter praised the \ncooperation between intelligence agencies, law enforcement, and \nacademia and said the FBI was exploring the creation of a new \nboard. Officials in the academic community, however, believe \nthe board played an important role in helping universities \nunderstand the intelligent risks they face and were both \nsurprised and disappointed this board was disbanded with no \nclear plan to replace it.\n    So, Mr. Chairman, I\'m attaching this letter to my \nstatement, as well as a letter from the Association of American \nUniversities, the Association of Public and Land Grant \nUniversities, the American Council on Education, and the \nCouncil on Governmental Relations all regarding this important \nissue.\n    Chairman Abraham. Without objection.\n    Mr. Beyer. Thank you.\n    [The information appears in Appendix II]\n    Mr. Beyer. Balancing legitimate security risks with \ninternational scientific cooperation is critical to ensure that \nwe address real risks appropriately and thoroughly while not \ndiminishing the benefits we have obtained by opening our doors \nto foreign students and collaborating with international \npartners. We don\'t stop using computers because they\'re \nvulnerable; we take steps to make them safer. Likewise, we \ncannot let concern over academic espionage crowd out the \nmultitude of benefits from the international exchange of \nscholarship.\n    America\'s leadership in science and technology is highly \ndependent upon its openness to scholars from around the globe. \nAny action we take to respond to the threat of academic \nespionage must take into account the value of cooperation. The \nintelligence community and the academic community should not be \nat odds but rather working together to secure our sensitive \nresearch.\n    So I\'m looking forward to hearing from our witnesses today \nabout how we can balance these two important issues regarding \nsecurity and scholarship. Thank you, Mr. Chairman. I yield \nback.\n    [The prepared statement of Mr. Beyer follows:]\n\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Abraham. Thank you. And I now recognize the \nChairman of the full committee, the gentleman from Texas, Mr. \nLamar Smith.\n    Chairman Smith. Thank you, Mr. Chairman. Also, I want to \nthank Chairwoman Comstock for letting me jump in ahead of her. \nI have a bill before the Judiciary Committee this morning \nthat\'s being marked up, so I\'m going to need to excuse myself \nshortly, but I will be back to ask questions.\n    Mr. Chairman, foreign countries\' attempts to access and \nsteal U.S. research and development pose an acute risk to our \nnational and economic security. In recent months, the public \nhas become aware that we are under attack from foreign \ngovernments that want to steal our technological secrets and \nscientific discoveries and use them for their own purposes.\n    Just last month, the U.S. Department of Justice showed how \nserious the threat is. DOJ indicted nine Iranian nationals for \nbreaking into university computer systems and stealing \ninformation and intellectual property worth billions of \ndollars. This brazen theft was on behalf of the Iranian \ngovernment and universities in Iran. This was a widespread and \nconcentrated campaign. Attackers hacked nearly 4,000 accounts \nof professors across 144 U.S. universities. According to \ninformed sources, the attackers specifically targeted \nuniversities engaged in science, technology, and medical \nresearch.\n    According to the Justice Department, U.S. universities \nspent more than $3.4 billion on creating and developing the \nscientific information, academic data, and intellectual \nproperty that was stolen. Nearly $3.5 billion of U.S. research, \nsome of which was funded by American taxpayers, was illegally \ntaken and is now in the hands of a hostile foreign nation. This \nis just one example.\n    Unfortunately, Iran is not the only threat. China has \nactively and aggressively targeted research and development at \nU.S. academic institutions for years. The Chinese Government \nhas been very clear about its long-range plans for achieving \nglobal domination in critical areas of science and technology. \nChina, however, has been less than forthright about its \nmethods, which include theft of confidential information and \ntechnological secrets from U.S. companies, cyber attacks, and \nother forms of spying to undermine our national security and \nputting sleeper agents at our own research universities to \nsteal our scientific breakthroughs.\n    Chinese efforts are concentrated in the areas that it has \nprioritized: artificial intelligence, medical science, and \nnational security. By understanding China\'s priorities and the \nlengths to which it is prepared to go, we can adopt an \neffective approach, but the first step is recognizing the risks \nwe face.\n    The intelligence community has warned about these threats \nfor years, ranging from cyber attacks to human manipulation to \nbreak-ins. We know that foreign agents routinely target \nAmerican students and educators in their priority areas. \nFaculty and administrators must be alert and educated to spot \nthe warning signs of foreign operations. But many in academia \nhave been unwilling to accept reality and unwilling to take any \ndefensive measures to protect their researchers\' work, their \nuniversities\' scientific assets, and taxpayers\' investments.\n    The University of Texas recently rejected funding from the \nChina-United States Exchange Foundation, a China-based and \ngovernment-connected foundation. The foundation is registered \nas a foreign agent representing China. The idea of a university \ntaking significant funding from an organization controlled by a \nforeign government would be contrary to the independence and \nsafeguards needed in academia. This action by the University of \nTexas was appropriate and the type of proactive oversight that \nneeds to occur at other colleges.\n    The National Science Foundation\'s grant guidance is clear: \nAs grant recipients, universities bear full responsibility for \nthe management and results of federally funded projects. The \nrecent indictments of Iranian student-spies and other incidents \nare clear warnings about the need for swift, strong action. \nThis includes improved cybersecurity, educating researchers to \nanticipate attempts to steal their work, and more careful \nscreening of those who come to the United States to study.\n    I also look forward to hearing from our experts about how \nwe can build appropriate defenses. On the one hand, we must \nmaintain the open and collaborative nature of academic research \nand development. On the other, we must protect our research and \ndevelopment from actors who seek to do us harm.\n    Thank you, Mr. Chairman. I yield back.\n    [The prepared statement of Chairman Smith follows:]\n  \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Abraham. Thank you. I now recognize the Ranking \nMember of the full committee, Ms. Johnson, for an opening \nstatement.\n    Ms. Johnson. Thank you very much, Chairman Abraham and \nChairwoman Comstock, for convening this hearing today, and \nthanks to the panel that agreed to appear before us.\n    America\'s superior academic institutions have drawn the \nbest and the brightest from around the world, and we have \nbenefited greatly from their contributions. From 1960 to 2017, \nforeign immigrants who settled in America won 81 Nobel Prizes \nin chemistry, medicine, and physics. In 2016, all six Americans \nwho won Nobel Prizes in chemistry, physics, and economics were \nimmigrants. Many of these immigrants came here as international \nstudents.\n    Academic and intellectual openness are key to the success \nof American higher education and America\'s leadership in \nscience and technology. However, we do face legitimate and \nserious threats from foreign adversaries. They are targeting \nour scientific innovations and advanced technologies whether at \nour government-funded laboratories, in our industries, or on \nthe campuses of our universities. The theft of--plunder of our \ncritical technologies must be clearly addressed and prevented.\n    Our counterintelligence community must work hand-in-hand \nwith research institutions to help mitigate the risk of these \nthreats. These institutions need to be engaged in applying best \npractices in their approach to security and know how to \nidentify acts of espionage. Professors and researchers should \nlearn more about intelligence activities carried out through \nsocial engineering, networking, and conference participation. \nNow is not the time for the counterintelligence community to \nreduce its outreach to research colleges and universities. \nThese bonds should be growing and strengthening. It is vital to \nour national security.\n    However, we need to be careful that any security measures \ndo not stifle the benefits our country realizes from legitimate \ninternational academic collaboration. At the same time, we \nshould also examine the reasons why universities find \ninternational students so attractive. Part of the reason is \neconomic. Nationwide, States have reduced levels of financial \nsupport to our respective public institutions of higher \nlearning. Universities have responded by cutting financial aid \nand raising tuition fees. International students who usually \npay full tuition have helped make up this reduction in funding \nand have helped universities balance their books.\n    This also makes the allure for foreign funding from \nstudents of foreign institutions such as China\'s Confucius \nInstitute that offer hundreds of thousands and occasionally \nmillions of dollars for academic programming very enticing. We \nneed to make sure that state and federal support for higher \neducation meets the needs of these vital institutions. It is \nvital to our national security.\n    I look forward to hearing from our witnesses today, and I \nyield back the balance of my time.\n    [The prepared statement of Ms. Johnson follows:]\n   \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n    Chairman Abraham. Thank you, Ms. Johnson.\n    I now recognize the Chair of the Research and Technology \nSubcommittee, Mrs. Comstock, for an opening statement.\n    Mrs. Comstock. Thank you, Chairman Abraham, for holding a \nhearing on this important and serious issue. It would be easy \nto think about the theft of information from American \nuniversities by foreign students to be the topic of a modern-\nday spy novel, but in fact it is a very real problem and, \nsadly, not a new one. My predecessor in the House, \nRepresentative Frank Wolf, also worked on this important issue.\n    Academic institutions in the United States are valued for \ntheir openness, innovation, and collaboration with domestic and \ninternational scientists. Our nation has long been a leader in \nscience and technology research and development, and \nconsequently, a magnet for foreign scholars and scientists \nseeking to learn from and collaborate with the best.\n    Unfortunately, various immoral actors have sought to \nexploit our openness to steal American ingenuity and innovation \nand undermine our system. Such thefts can enable foreign \nnations to save themselves billions in research and development \ncosts and support technological advances that they may \notherwise be unable to make on their own in order to gain an \nindustrial or, even more troubling, a military advantage.\n    The FBI has been warning our academic community about these \nthreats for years, while also urging measures be taken to guard \nagainst such activity. Since much of the stolen information \ncomes from research funded by federal agencies, these nations \nare ultimately stealing ideas and innovations from American \ntaxpayers like you and me, undermining the policy intent of \nfederal funding for such research in the first place. It is \nimperative that our academic institutions not close their eyes \nto the very real threat posed by foreign intelligence spies. \nThey cannot be blinded by naivete or ignorance when \ndistinguishing between friend and foe.\n    But to be clear, the solution is not to shutter the doors \nof American universities and colleges to students, researchers, \nand professors from foreign nations. The vast majority of \nscholars who come to the United States do so to work with our \ncitizens on scientific discoveries and breakthroughs based on \nan open exchange of ideas to benefit the scientific community \nand the world.\n    Finding an appropriate balance between scientific openness \nand security concerns is not new, nor is it easy, but it\'s \nessential. As our world continues to be increasingly connected \nelectronically, with more devices that can be used to covertly \ntake pictures or scans, it is getting easier for foreign \ncriminals to steal our information. Other committees just today \nare talking to major players on that front, as we know. That is \nwhy hearings like this are important, as they shine a light on \nthe problem and provide a venue to engage with stakeholders to \nidentify potential solutions.\n    I look forward to hearing what our witnesses have to say \nand hope they have some advice on how to better distinguish \nbetween scholar and spy so that we may find the balance between \nopen scientific collaboration and protecting America\'s research \nand development.\n    As I mentioned, we do have some headline-grabbers here \ntoday, as you might know in the Capitol, but I think this issue \nis every bit as important, and I thank the witnesses for being \nhere today. And I yield back.\n    [The prepared statement of Mrs. Comstock follows:]\n \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Abraham. Thank you, Mrs. Comstock.\n    Let me introduce the witnesses now. Our first witness today \nis Honorable Michael Wessel, a Commissioner of the U.S.-China \nEconomic and Security Review Commission. Mr. Wessel previously \nworked for the Federal Trade Deficit Commission in 1999 and \n2000. He\'s spent more than 2 decades as a staffer for former \nHouse Democratic leader Richard Gephardt. Mr. Wessel currently \nworks for the Alliance for American Manufacturing; Wessel \nGroup, Inc.; and Goodyear Tire & Rubber Company. He holds a \nbachelor of arts degree and a juris doctor degree from George \nWashington University.\n    Our second witness is Honorable Michelle Van Cleave, the \nformer National Counterintelligence Executive. Ms. Van Cleave \nis a former staffer of the Science, Space, and Technology \nCommittee, serving as Counsel in 1989. More recently, she was \nSpecial Assistant to the Under Secretary for Policy and Senior \nAdvisor to the Secretary of the Army for Homeland Defense \nwithin the Department of Defense from 2001 to 2003 before \nbecoming the national Counterintelligence Executive under \nGeorge W. Bush. Ms. Van Cleave received both her bachelor\'s and \nmaster\'s of arts degrees in international relations from the \nUniversity of Southern California. She also earned her juris \ndoctor from the University of Southern California School of \nLaw.\n    Our next witness is Mr. Daniel Golden. He\'s an author of \nthe book Spy Schools. Mr. Golden is a Pulitzer Prize-winning \nwriter with his work regarding admissions preferences at \nprominent American universities when he worked at the Wall \nStreet Journal. He is currently a Senior Editor with ProPublica \nand previously worked at Bloomberg News from 2009 to 2016. He \nreceived a bachelor\'s degree from Harvard University. It\'s good \nto have a Pulitzer Prize winner among us.\n    Our fourth witness is Mr. Crane Hassold, Director of Threat \nIntelligence at PhishLabs. Mr. Hassold previously worked for \nthe Federal Bureau of Investigations from 2004 to 2015 in a \nvariety of analyst positions. Since that time, he had been \nworking with PhishLabs in a threat research role. He holds a \nbachelor of science degree from James Madison University.\n    I now recognize Honorable Michael Wessel for five minutes \nto present his testimony.\n\n           TESTIMONY OF THE HONORABLE MICHAEL WESSEL,\n\n               COMMISSIONER, U.S.-CHINA ECONOMIC\n\n                 AND SECURITY REVIEW COMMISSION\n\n    Mr. Wessel. Thank you, Chairs Abraham, Comstock, and Smith, \nRanking Members Beyer, Lipinski, and Johnson. It\'s great to be \nhere before the committee, and it\'s an honor to appear before \nyou.\n    My name is Michael Wessel, and I\'m a Commissioner on the \nU.S.-China Economic and Security Review Commission. While \nappearing before you in my capacity as a Commissioner, the \nviews I express are my own, although of course my views are \ninformed by the work I and my colleagues do.\n    This hearing is particularly timely in light of the \nPresident\'s actions to confront China\'s policies in the \nintellectual property arena. China has stolen, coerced, and \nsubsidized the massive transfer of intellectual property to \ntheir country from the United States. These efforts have \nadvanced their economic and military power.\n    Clearly, not everything is a zero-sum game. Advancements in \nscience, medicine, technology, and innovation can improve the \nlives of all people around the globe, but China is not as \ninterested in advancing global interests as much as their own.\n    China has made their priorities public. Most important for \nthis hearing is China\'s Made in China 2025 Initiative, which \nidentified 10 key sectors the government would support to be \nglobal leaders in, which have significant economic and national \nsecurity implications. They range from new energy vehicles to \nbiotech, robotics, next-generation information technology, and \nhigh-tech ships. China is using an all-of-government approach \nto stakeout dominant positions in the global market in these \ntechnologies with the commitment of hundreds of billions of \ndollars. China will do whatever it takes legally or illegally \nto achieve its goals.\n    My colleagues will talk about many of the illegal means. I \nwill focus on some of China\'s key public programs and their \ntargeting. Perhaps the most well-known program is the \npropagation and funding of Confucius Institutes all over the \nglobe with roughly 100 here in the United States, as was noted \nearlier. They are purported to teach Chinese language, culture, \nand history. As Politico noted earlier this year, the Confucius \nInstitutes\' goals are little less wholesome and edifying than \nthey sound, and this by the Chinese Government\'s own account.\n    China is willing to influence the current and future \ngenerations of American leaders, their views, and their \nresearch. Last week, Texas A&M terminated its Confucius \nInstitute after Congressman McCaul and Cuellar wrote that, \nquote, ``These organizations are a threat to our nation\'s \nsecurity by serving as a platform for China\'s intelligence \ncollection and political agenda.\'\'\n    Another significant program is known as Project 111. Under \nthat program was the Thousand Talents program, which is \ndesigned to recruit foreign experts in strategic sectors from \nthe world\'s top universities to come to China to assist in \nachieving their goals. The target is now 4,000 participants. \nParticipants receive extensive benefits, including a bonus \npayment of roughly $158,000, in addition to salaries based on \nprevious levels.\n    The FBI\'s Counterintelligence Strategic Partnership has \nwarned that these programs pose a threat to our nation\'s \nacademic community. And I quote, ``Chinese talent programs pose \na serious threat to U.S. businesses and universities through \neconomic espionage and theft of intellectual property.\'\' The \ndifferent programs focus on specific fields deemed critical to \nChina to boost China\'s national capability in S&T fields.\n    The size of the foreign student population of the United \nStates is significant and raises interest--issues that merit \nattention. Of the more than 1 million international students \nstudying here, China accounted for 32.5 percent of the total or \nroughly 350,000. Chinese students have a significant presence \non many campuses and in many labs where critical research is \nbeing done. Many of these labs receive significant federal \nfunding from the Department of Defense or the National Science \nFoundation. At the Berkeley Artificial Intelligence Research \nLab, roughly 20 percent of the Ph.D. students are PRC \nnationals. At the University of Maryland\'s Bing Nano Research \nGroup, 30 of the 38 postdoctoral researchers and graduate \nstudents are from China. Every one of the visiting researchers \nand professors utilizing J visas are from China. The lab \nreceives support from 15 different federal agencies, including \nNASA, DARPA, the Air Force Office of Scientific Research, and \nthe Department of Energy.\n    Bilateral scientific cooperation programs also bear \nattention as there are questions about the real value of some \nof those programs to us. Sunlight is a great disinfectant, and \ntoday\'s hearing is an important step in that process. Raising \nawareness to the potential risks associated with China\'s \nacademic activities vis-a-vis U.S. interests is key. In my \nprepared testimony, I provided a number of recommendations \nabout actions that could be considered. In questions and \nanswers I would be happy to talk about any of them.\n    We cannot allow the debate and actions on this issue to \nfuel the targeting of Chinese people--citizens or people of \nChinese descent. I believe that there can be broad bipartisan \nsupport for commonsense approaches that recognize the diversity \nstrengthens, not weakens us. Thank you, Mr. Chairman.\n    [The prepared statement of Mr. Wessel follows:]\n    \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n    Chairman Abraham. Thank you, Mr. Wessel.\n    I now recognize Honorable Michelle Van Cleave for five \nminutes to present her testimony.\n\n        TESTIMONY OF THE HONORABLE MICHELLE VAN CLEAVE,\n\n         FORMER NATIONAL COUNTERINTELLIGENCE EXECUTIVE\n\n    Ms. Van Cleave. Thank you so much, Mr. Chairman, and \nMembers of the Committee.\n    I had the honor of serving as the first national head of \nU.S. counterintelligence. I was appointed by President Bush in \n2003, and I have spent the years since leaving office with a \ncontinuing sense of gratitude for the honor of having served in \nthat capacity and a continuing sense of obligation to share \nwhat I learned. I\'m especially grateful, therefore, for the \nopportunity to be here this morning to share some of these \ninsights with you as they pertain to the subject of today\'s \nhearing.\n    The United States is a spy\'s paradise. Our free and open \nsociety is tailor-made for clandestine operations. As this \ncommittee is so well aware, American R&D, the engine for raw \nideas and products and capabilities and wealth, is \nsystematically targeted by foreign collectors to fuel their \nbusiness and industry and military programs at our expense.\n    China and Russia both have detailed shopping lists of \ntargeted U.S. technologies and specific strategies for \nclandestine acquisition, ranging from front companies to joint \nR&D projects to cyber theft to old-fashioned espionage. U.S. \nacademic institutions with their great concentration of \ncreative talents and cutting-edge research and open engagement \nwith the world of ideas are an especially attractive \nenvironment for these kinds of activities.\n    Let me say the numbers are frankly staggering. For every \ndollar we invest, some $510 billion annually, we lose most if \nnot all of that equivalent amount to these kinds of illicit \nactivities every year. Each year, reports out of U.S. \ncounterintelligence show numbers that are worse than the year \nbefore. Losses are growing, numbers of foreign collectors are \ngrowing, vulnerabilities are growing, and the erosion of U.S. \nsecurity and economic strength is also growing.\n    So why don\'t we do more to disrupt these operations before \nadversaries make off with our trade secrets, our national \nsecurity secrets, and other valuable information? Let me ask \nyou to hold that thought.\n    The last time I sat in this witness chair was five years \nago at another Oversight hearing on this very subject. In fact, \nMr. Chairman, as we were sitting here having that hearing, the \ncase that you referenced, the MRI exfiltration at NYU, there \nwere surveillance cameras watching them at that very moment. \nAnd toward the end of that hearing, one of the members asked me \nvery pointedly, ``Isn\'t there a way we can go on offense? Isn\'t \nthere a way?\'\' ``Yes,\'\' I answered, ``there is, but national \nsecurity leadership must be prepared to change the way we do \nthe counterintelligence business if we are going to do that.\'\' \nSo today, I\'d like to pick up at that bottom line and get to \nthat point.\n    Unlike most other nations in the world, the United States \nhas never had a national counterintelligence service. Instead, \ncounterintelligence grew up as part of the distributed \nresponsibilities of the three operational agencies--the FBI, \nwhose principal responsibility is to find the spies here and \nput them in jail; the CIA, whose job is to make sure that their \nclandestine collection operates securely in all the realms in \nwhich it is asked to operate; and the military services, who \nhave to be worried about foreign intelligence threats to our \nmilitary operations abroad.\n    And they\'re all very good at what they do. But throughout \nour history, most of our history, there was no national head of \ncounterintelligence to integrate all of these various \nactivities or to provide a common picture of the threat or to \nidentify gaps or to warn of these activities. And 16 years ago, \nthe Congress took a look at this and said this isn\'t working \nright. We have got to make some changes.\n    The Counterintelligence Enhancement Act of 2002 was passed \nto create a national head of counterintelligence to integrate \nall these things--to provide warning of foreign intelligence \nthreats to the United States, to find ways of filling in the \nseams so that foreign espionage couldn\'t exploit those seams, \nand to make sure that we were aware of these kinds of strategic \nthreats to our activities, these kinds of R&D exfiltration, and \nbroader threats to the United States, information threats, \ncyber exploitation, influence operations. These were the things \nthat the office that I headed was asked to worry about.\n    And when I served in that job, we took a look at how CI was \ndistributed in this country, and we said, you know, tinkering \naround the edges isn\'t going to do. We need to make substantial \nchanges in the way we do these operations. We need to have a \nstrategic counterintelligence program that knits together \ndifferent activities, that characterizes a threat, that gets \nahead of the threat, by understanding how these foreign \nintelligence services operate, how they are structured, how \nthey\'re tasked, and and what their vulnerabilities are so that \nwe can get inside of them and stop them before they hurt us.\n    Unfortunately, the strategy that President Bush issued to \ngo forth and do these things in a proactive way was never \nimplemented. Now, why is that? Well, it was signed in 2005. \nThat was the same year that the Director of National \nIntelligence Office was first created. There was a lot of new \nbureaucracy and many new priorities, which pulled away \nresources and direction from what we were trying to do.\n    At the same time, the bigger problem was there was no real \nstrategic counterintelligence program that the new law \nmandated, so it was easy not to follow through on these things \nbecause there was no requirement in fact to do that.\n    I know my time is short, but I do want to urge that we \nspend a little time talking more about what can be done and how \neffective we could be if we worked our counterintelligence as a \nstrategic tool of the nation\'s national security strategy. That \npossibility is open to us. And I will suggest to you that if we \ncontinue to just go along with the old business model of how \nwe\'ve been working case by case by case instead of going after \nthe service proactively as a target, as I know our professional \ncommunity in fact could do if national leadership gave them \nthat direction, we will continue to have these unacceptable \nlosses to our nation. Changes are possible. Good things can \nhappen, but leadership is required. Thank you.\n    [The prepared statement of Ms. Van Cleave follows:]\n    \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Abraham. Thank you, Ms. Van Cleave.\n    I now recognize Mr. Daniel Golden for five minutes.\n\n                TESTIMONY OF MR. DANIEL GOLDEN,\n\n                      AUTHOR, SPY SCHOOLS\n\n    Mr. Golden. Thank you. I\'d like to thank the Committee for \ninviting me and----\n    Chairman Abraham. Mr. Golden, if you will push that button \nand put that mic on.\n    Mr. Golden. Thank you. Thanks very much to the Committee \nfor inviting me. I\'m delighted to be here with such \ndistinguished fellow panelists. In fact, Michelle, I quote her \nprior congressional testimony in my book Spy Schools.\n    My book examines both foreign and domestic espionage \nactivity at U.S. universities, but my testimony today will \nfocus on foreign theft of federally funded academic research.\n    The number of foreign students and faculty has mushroomed \nover the past 40 years. In 2016, the number of international \nstudents at U.S. universities topped 1 million for the first \ntime, almost seven times the total in 1975 and more than double \nthe 2000 figure. And of course they were basically no Chinese \nstudents here before 1978.\n    The number of foreign-born scientists and engineers working \nat U.S. colleges and universities rose 44 percent between 2003 \nand 2013, and in key technical fields like engineering and \ncomputer science, American universities award more than half of \ntheir doctorates to international students.\n    Educational globalization has many benefits: diverse \nperspectives in the classroom cross-cultural understanding, \nskilled labor for research, collaboration of the world\'s best \nminds, and the advancement of learning. But there is an \nalarming side effect. Globalization has transformed American \nuniversities into a frontline for espionage. Some small but \nsignificant percentage of international students and faculty \ncome to help their countries gain recruits for clandestine \noperations, insights into U.S. Government plans, and access to \nsensitive military and civilian research. Academic solicitation \ndefined as the use of students, professors, scientists, and \nresearchers as collectors tripled from eight percent of all \nforeign efforts to obtain sensitive or classified information \nin fiscal year 2010 to 24 percent in 2014, according to the \nDefense Security Service.\n    For foreign intelligence services, a university offers a \nvaluable and lightly guarded target. They can exploit the \nrevolving door between academia and government. Today\'s \nProfessor of International Relations is tomorrow\'s Assistant \nSecretary of State. They can recruit naive students and guide \nthem into the federal agency of their choice.\n    Academic research offers a vulnerable and low-risk target \nfor foreign espionage. University laboratories are often less \nprotected than their corporate counterparts, reflecting a \nculture oriented toward collaboration. Typically, university \nresearchers aren\'t required to sign nondisclosure agreements, \nwhich run counter to the ethic of openness. Open campuses also \nmake it simple to gather intelligence. Spies with no academic \naffiliation can slip unnoticed into seminars, student centers, \nlibraries, and cafeterias and befriend the computer scientist \nor Pentagon advisor sitting beside them.\n    And academia\'s old-fashioned gentlemanly culture abets \nespionage. All it takes for professors in different countries \nto agree to collaborate on research is a phone call, an email, \nor perhaps a handshake at a conference. There\'s not necessarily \na contract that explicitly spells out what data or equipment \neach side has access to. Many science students and faculty are \nunfamiliar with intellectual property safeguards.\n    University administrations largely overlook this threat in \npart for financial and reputational reasons. They\'re ramping up \nenrollment of full-paying international students an opening \ncampuses abroad, which are often subsidized by the host \ncountries.\n    The story of one Chinese graduate student at Duke \nUniversity illustrates how vulnerable academic research is to \nforeign raiders and how little universities do to protect it. I \ncame across this saga when, through a public records request, I \nobtained the agenda of an October 2012 meeting of the National \nSecurity Higher Education Advisory Board, which I heard today \nwas recently disbanded. One agenda item stated that Duke \nUniversity Professor David Smith, quote, ``will discuss how, \nwithout his knowledge, a Chinese national targeted his lab and \npublished and exploited Dr. Smith\'s research to create a mirror \ninstitute in China.\'\' The episode cost Duke significantly in \nlicensing, patents, and royalties, and kept Smith from being \nthe first to publish groundbreaking research.\n    I soon learned that Smith was a renowned researcher who had \nhelped launch the fast-growing field of meta-materials, \nartificial materials with properties not found in nature. His \nlab had invented the first invisibility cloak ala Harry Potter, \nalthough it only concealed objects from microwaves, not the \nhuman eye, and that his lab had Pentagon funding to develop \nways of making weapons invisible.\n    And I identified the Chinese national as Ruopeng Liu, a \nformer graduate student in Smith\'s lab. Through interviews with \nSmith and other lab members, I discovered that Liu had left a \ntrail of specifics suspicious behavior, arranging for Chinese \nscientists to visit the Duke lab and photograph its equipment, \npassing them data and ideas developed by unwitting colleagues \nat Duke, deceiving Smith into committing to work part-time in \nChina by enlisting him under false pretenses to participate in \nthe brain-game program called Project 111 that Michael \nmentioned, and secretly starting a Chinese website based on the \nwork at Duke.\n    After numerous warnings from other members of the lab and \nquestions from the Pentagon, Smith finally began to suspect Liu \nand took away his key to the lab, but Duke still gave him a \ndoctorate. Liu noted in an interview for my book that the \ninvisibility research was considered basic but the are \nadvantages even to stealing open research, mainly saving time \nand avoiding mistakes. With a mole in a U.S. university \nlaboratory, researchers overseas can publish and patent an idea \nfirst, ahead of the true pioneers, and enjoy the consequent \nacclaim, funding, and surging interest from top students and \nfaculty. In fact, a foreign government may be eager to scoop up \na fundamental breakthrough before its applications become so \nimportant that it\'s labeled secret and foreign students lose \naccess to it.\n    Universities should be more smarter and more sophisticated \nabout the intelligence ramifications of research \ncollaborations, student and faculty exchanges, academic \nconferences, and international admissions. I\'d like to see more \ntraining and courses in intellectual property rights, \ncontractual agreements for cross-border collaborations that \nspell out each side\'s access to data and equipment, and \norientation sessions for conferences on study-abroad programs \nthat include tips on recognizing come-ons from intelligence \nagencies. And if students or alumni are exposed as foreign \nspies, universities should deny or revoke their degrees rather \nthan looking the other way.\n    As Americans, we\'re all concerned and rightly so about \nforeign intelligence services interfering in our elections. \nLike democratic elections, a robust, open, and intellectually \ncurious system of higher education is a hallmark of our society \nwe should take pains to protect it as well. Thank you.\n    [The prepared statement of Mr. Golden follows:]\n    \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Abraham. Thank you, Mr. Golden.\n    Mr. Hassold, five minutes, sir.\n\n                TESTIMONY OF MR. CRANE HASSOLD,\n\n           DIRECTOR OF THREAT INTELLIGENCE, PHISHLABS\n\n    Mr. Hassold. Thank you. Chairs Abraham and Comstock, \nRanking Members Beyer and Lipinski, and Members of the \nCommittee, thank you for the opportunity to appear before you \ntoday. My name\'s Crane Hassold, and I\'m the Director of Threat \nIntelligence at PhishLabs, a cybersecurity company based in \nCharleston, South Carolina. The purpose of my testimony today \nis to discuss my research and observations on the threat \nforeign actors pose to American academic institutions through \nthe theft of research as a result of cyber attacks.\n    For background on who PhishLabs is and what we do, we were \nfounded in 2008, and one of our primary missions is to \nidentify, understand, and mitigate cyber attacks where the \nprimary attack vector is phishing. In 2017, we analyzed more \nthan 1.3 million confirmed phishing sites and shut down more \nthan 12,000 phishing attacks each month.\n    For more than 90 percent of targeted cyber attacks, the \ninitial attack vector is phishing. Phishing is effective \nbecause it takes advantage of emotional responses that are \ninherent to human behavior such as fear, anxiety, and \ncuriosity. Through phishing, threat actors can compromise \npersonal and financial information, steal data or intellectual \nproperty, and extort victims for financial gain.\n    Relevant to today\'s discussion, universities are \nparticularly susceptible to risks associated with phishing \nattacks due to the sheer volume of users that interact with our \nnetwork. In December 2017, I identified a series of malicious \ndomains hosting phishing sites, targeting various universities \nin the United States and other countries. Unlike most other \nuniversity phishing sites, these were uniquely crafted to mimic \nthe login pages of university libraries.\n    Using a combination of technical analysis and open-source \nresearch, I identified hundreds of other phishing sites linked \nto the same threat actors that had targeted other universities \naround the world. To date, I\'ve identified nearly 800 distinct \nphishing attacks linked to this group, which we refer to by the \nname Silent Librarian dating back to September 2013. These \nattacks, which are significantly more sophisticated than most \nphishing attacks I\'ve seen, have targeted 300 different \nuniversities in 23 countries, including 174 institutions in the \nUnited States. It is clear the universities targeted by this \ngroup are not randomly selected. Targets in these phishing \ncampaigns are generally prominent research technical or medical \nuniversities.\n    In addition to universities, I also observed other notable \nnonacademic American institutions targeted by the group such as \nLos Alamos National Laboratory, the Electric Power Research \nInstitute, and multiple major medical centers. Based on my \nresearch, the purpose of these attacks is to compromise \nuniversity credentials and use those credentials to access and \nexfiltrate data from university resources such as academic \nresearch databases.\n    I also identified one Iranian website that was used to \nmonetize the stolen credentials, which has been in operation \nsince at least 2015 and, based on data shown from the site, has \nbeen visited more than 1 million times.\n    Since the beginning of my research into this group and \ntheir attacks, I have worked closely with the FBI to provide \nintelligence into the group\'s tactics and motivations. I have \nalso partnered with REN-ISAC, an information-sharing \nclearinghouse for higher education institutions to notify \ntargeted universities of imminent or recent phishing campaigns.\n    As referenced by a few members already, on March 23, 2018, \nthe Department of Justice indicted nine Iranians associated \nwith a company named the Mabna Institute. According to the \nindictment, this group allegedly conducted phishing attacks \nagainst more than 100,000 targets at international universities \nand private sector companies to steal more than 31 terabytes of \nacademic data and intellectual property. The cost spent by \nAmerican universities to procure resources compromised by the \ngroup is reportedly in excess of $3 billion.\n    The DOJ also alleges in the indictment that much of this \nmalicious activity was conducted at the direction of the IRGC, \none of the Government of Iran\'s primary intelligence collection \nentities. Based on the evidence detailed in the indictment, it \nis likely that the Mabna Institute and Silent Librarian and are \nthe same group.\n    It is also important to note that the indictment has not \nseemed to deter the group from continuing their malicious \nactivities. As of the date of this testimony, I\'ve observed 27 \nnew phishing sites created by the group since the indictment \ntargeting 20 different universities, 10 of which are located in \nthe United States.\n    Based on my analysis of these attacks and conversations \nI\'ve had with members of the university security community, \nthere are a range of ways academic institutions can better \nprepare and respond to the cyber threats posed by malicious \nthreat actors. Universities should accept credential phishing \nas a significant threat and focus on identifying ways to better \nprotect their users against them.\n    Users--universities should place more of a focus on fully \nmitigating phishing sites targeting their users rather than \nimplementing quick responses like simply blocking access to \nmalicious websites on an internal network that still leave open \nthe opportunity for further compromise. And, like other \ninstitutions, universities should also invest more in security \ntraining that raises the awareness of students and faculty to \npotential cyber threats.\n    Thank you again for the opportunity to testify before you \ntoday, and I look forward to answering any questions.\n    [The prepared statement of Mr. Hassold follows:]\n    \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Chairman Abraham. Thank you, Mr. Hassold.\n    I thank all the witnesses for their testimony. I\'m going to \nrecognize myself for five minutes for questioning.\n    Mr. Wessel, Ms. Van Cleave, and Mr. Hassold, I think these \nquestions will go to you. Is it fair to say that the open and \ncollaborative nature of U.S. academic institutions make them \ninherently vulnerable to the threat of foreign exfiltration? \nAnd if so, how do we strike that balance in protecting our \nresearch and our systems while ensuring collaboration? Mr. \nWessel, I\'ll start with you.\n    Mr. Wessel. Thank you, Mr. Chairman. I think, as I pointed \nout in my testimony, we can identify what some of the high-\nvalue targets are and focus on those first so that we can look \nat critical areas of research that relate not only to the \neconomic domain but China\'s national security desires, other \ncountries\' national security desires. One can do a gap analysis \nto determine whether, for example, China needs hot engine \ntechnology to be able to develop jet engines for their \nfighters.\n    We can then net back and look at some of those cooperative \nresearch programs, the labs here in the United States that are \ndoing work with cleared defense contractors or doing it on \ntheir own and try and upscale what the systems in place are to \nensure that our systems are secure, to assess foreign students \nwho are part of those labs, and make sure we\'re doing better \nanalysis of their visas and the connections they have, and to \ntry and track where the information may or may not be going. So \nit\'s threat analysis and using that to try and identify gaps \nand go forward. We also have a lot more to do beyond that.\n    Chairman Abraham. Ms. Van Cleave?\n    Ms. Van Cleave. Mr. Chairman, clearly, the academic \ncommunity, as you describe it, is open and free, and value the \nfree exchange of ideas and interaction of all peoples and \nthat\'s the way to advance our knowledge and understanding. \nAcademia is very rich. It is very rich in creative people, it \nis very rich in people who are going to have significant \nrelationships with other creative people throughout the \ncountry. And so from the standpoint of a foreign intelligence \nservice, here\'s an opportunity to do the basics of espionage. \nIt is the opportunity to spot potential sources, to evaluate \nthose sources, to find people who know other people that can \nintroduce them to significant potential sources. So for an \nespionage service, is academia a great place to operate? \nAbsolutely, it\'s a great place to operate.\n    My point--my principal point to you is to say, look, yes, \nwe need to have awareness. And awareness is significantly \nimportant, and the more that all Americans can understand the \nextent to which they don\'t want to be taken advantage of by \nforeign actors, that is excellent. But we have more to do as a \ngovernment as well. It is clear to me that the advantage lies \nin being able to see inside of what the foreign intelligence \nservice is after in the first place. If we know who their \npeople are and where they are and how they\'re operating and we \nknow they\'re at this university but not that university, we \nhave the advantage to protect ourselves and to disrupt what \nthey\'re doing much more effectively than if all of our eggs are \nin the defense basket.\n    Chairman Abraham. Mr. Hassold, your take?\n    Mr. Hassold. Thank you. I think from a traditional \ncounterintelligence perspective, collaboration allows for \nthings like source recruiting and things like my panelists \npreviously have said, but from a cyber perspective, I believe \nthat collaboration centralizes the information that\'s used by \nuniversities from a research perspective that allows for an \ninherent risk by pooling all of the data and research into one \nlocation that can be accessed by foreign adversaries. So I \nthink from a cyber perspective it\'s more of a sense of \ncentralizing the data and making the data more vulnerable for \nattackers.\n    Chairman Abraham. All right. Thank you.\n    Mr. Wessel, in your testimony you stated that we needed to \nact to preserve our own technology and confront China\'s \npredatory and protectionist actions to ensure the existence of \nthe global commons. Has the U.S. Federal Government taken steps \nto confront this at our academic institutions? How would you \nsuggest we confront China\'s actions? And what consequences do \nwe take the appropriate action to do so?\n    Mr. Wessel. Thank you, Mr. Chairman. Although that probably \nwould take me a day or two to respond, I don\'t think we\'ve done \nenough to send a message that--both to the Chinese and other \nnations but also to players here about the seriousness. As you \nprobably recall, in May 2014, five PLA hackers were indicted \nfor going into a number of our major companies here, not \nuniversities but major companies. There\'s no follow-up action \nto that. The indictment was sealed. Those five PLA hackers may \nnot be able to come to Disneyland, but they\'re doing quite \nwell. So there have been few costs to the Chinese or other \nnations for what they\'re doing.\n    You talked about indictments, et cetera. There are some \none-offs. We have to do a much better job of identifying the \ncritical technologies that China and other nations want and \nenhancing the safeguards around those. And, as the President is \ndoing now in terms of the theft and coercive taking of \nintellectual property by the Chinese is make sure that there \nare sanctions that are effective and people understand that the \noverall framework has to change. Sanctions to respond to the \nillegal activities need to be upgraded. They need to be much \nmore public. We also need to do a much better job of training \nthose people here as to what the risks are.\n    Chairman Abraham. Thank you. My time is up.\n    Ms. Esty, you\'re recognized for five minutes.\n    Ms. Esty. Well, thank you very much.\n    Again, I want to thank all of you for joining us here \ntoday. This is an extremely important topic.\n    I represent Connecticut. I have Yale just to the south of \nme, UConn Medical Center to the north of me, and so these are \nvery serious issues for the research institutions that I\'m \nhonored to represent.\n    To all of you, and based on the anecdotes you shared with \nus here today, it seems like there\'s a very serious lack of \nsituational awareness of people in the academy. I have a \nhusband who\'s not in this field but has a lot of foreign \nstudents. He has grad students. We increasingly in the STEM \nfields have--the vast majority of our students are foreign-\nborn. We have benefited enormously by that openness, but that \nmakes us extremely vulnerable.\n    Can you try to drill down for us a little bit on what you \nthink we can do to raise that level of awareness within \ninstitutions that allows them the freedom that they are going \nto want to have and need to have to share widely--that \ncollaboration is important--but to be aware that with that \nopenness comes a responsibility to be more on guard? And I \nthink frankly we have not been. People are becoming aware of \nthe phishing risks, but maybe not this broader one, don\'t \nreally think that it\'s possible that you might actually have \nspies. It\'s sort of not in the mindset of the academics. So how \ndo we preserve that openness but raise that awareness?\n    And if you have thoughts of appropriate ways for us to do \nthat, I think it\'s really important because it\'s not always \nlaws that we need to be passing. A lot of times it\'s actually \nhelping people do the right thing and being aware of what the \nrisks are. Thank you.\n    Mr. Golden. I\'ll mention one or two things. Intellectual \nproperty courses are, at most universities, confined to law \nschools, so there\'s generally not access for, you know, science \nstudents to take them, and, as a result, studies have shown \nthat relatively few graduates in fields like engineering or the \nsciences understand concepts like what is a trade secret. So I \nthink having those kind of courses or training more broadly.\n    And the other point I\'d make is that, you know, \nuniversities have security people and research security people, \nbut they tend to be, you know, dependent on professors and \npeople in the classroom to report something that they see that \nmight, you know, seem amiss.\n    And, you know, in fact one case that did happen that I \nlooked at in my book where there were two scholars visiting \nBoston from a university in China that\'s partly run and funded \nby China\'s intelligence ministry and the scholars were just \nkind of visiting all these different universities. They didn\'t \nreally have an office at UMass Boston; they were just dropping \nin wherever they felt like it, the Northeastern research \nsecurity people got a tip and, you know, recognized that we \nbetter monitor what these two people are doing. So--but they\'re \ndependent on professors and grad students to let them know, and \nso training or understanding would be of great benefit there.\n    Ms. Esty. Does anyone have courses already developed and is \nthat something you could maybe--may be that\'s something that \nneeds to be done to do a mini course. Having been a law \nstudent, a lot of law students don\'t take intellectual property \ncourses, so I think you\'re going to need to have something \nthat\'s a mini version that\'s accessible to people but to \nrealize that these things have real value. You have a \nresponsibility to safeguard it, and that\'s part of your \nbasically fiduciary duty as a researcher and as a student to be \naware of that. And that if you see something, say something \nnotion. I think there\'s a lot of times people don\'t know. And \nsomething may strike them as a little odd but they don\'t \nrealize like that could mean something.\n    And so maybe that\'s something you can follow up with us \nwith some suggestions about developing curricula and things \nthat we could try to get help from the National Science \nFoundation and others to work with our research institutions \nlarge and small to have them be more aware of these are the \nkinds of things you might see and you should be equipping your \nfaculty to be aware because, again, I think we\'re concerned \nabout clamping down on academic freedom, and so this may lend \nitself to awareness at the very least. So----\n    Mr. Golden. Definitely. I\'d be glad to.\n    Ms. Esty. Well, thank you. I appreciate that. And I see my \ntime is almost up. Thank you, and I yield back.\n    Mr. Wessel. If I could just add quickly because it\'s been \nnoted by you, Mr. Chairman, and others that much of this \nresearch is federally funded. It\'s our--your constituents\' tax \ndollars. There can be ties to that with the universities to \nmake sure they are putting in place the kind of \ncounterintelligence and other systems and education in place to \nmake sure that their professors, their researchers, their \nstudents have a better understanding of what the threat factors \nare.\n    Chairman Abraham. Thank you. Mrs. Comstock?\n    Mrs. Comstock. Thank you.\n    The Iran case demonstrates that nefarious foreign actors \nuse cyber means to access valuable research and development, \nand numerous case studies in China, as was detailed, reveal \nthat human intelligence is used to gain access. And the FBI has \nrecognized two methods: seeding operations and recruitment \noperations. So could you discuss, any of you, any specific \ncases that fall into each of these and the methods or means \nutilized by the foreign agents to access and exfiltrate \nvaluable R&D?\n    Ms. Van Cleave. Well, I suspect Dan has a long list of \nparticular cases that he can cite, but I just want to confirm \nthat those methodologies, as well as others, are used \nsystematically by foreign intelligence services not only on our \ncampuses but, you know, elsewhere in the country to go after \nthe things that they are interested in. And it isn\'t casual. \nSometimes there\'s a misunderstanding that, you know, maybe it\'s \njust a casual undertaking. That\'s not the case.\n    China, for instance, and Russia as well, have very \nsophisticated, which is to say highly developed, acquisition \nstrategies for where they\'re going, the things that they want, \nhow they\'re going to get them. The cyber opportunities \ncertainly are tremendous now, but old-fashioned espionage is \nstill very much a part of these activities. And what that says \nto me as a counterintelligence professional is that we have an \nopportunity. If we can gain the intelligence insights into what \nthey\'re doing and how they\'re doing it, then we have the chance \nto get inside of those operations in order to be able to \ndegrade them or stop them or better protect ourselves.\n    So whether it\'s cyber operations that would influence our \ndemocratic institutions and processes or whether it\'s \nespionage, going after our national security secrets or our \nlaboratories or the research activities in academia, getting \ninside of those operations gives us the advantage. And that\'s \nwhere we\'ve been falling short.\n    Mrs. Comstock. Okay. And are these actors being recruited \nand then sent to the United States to infiltrate in some way \nwhen it\'s actual people or are they being recruited by other--\nyou know, here trying to get--what is the recruitment process \nwhen it\'s human intelligence?\n    Ms. Van Cleave. All of the above.\n    Mrs. Comstock. Right.\n    Ms. Van Cleave. Again, it looks at where are the \nopportunities, so you----\n    Mrs. Comstock. They target--they go for what they want to \naccess first----\n    Ms. Van Cleave. Right.\n    Mrs. Comstock. --and they build the plan----\n    Ms. Van Cleave. Right.\n    Mrs. Comstock. --around that?\n    Ms. Van Cleave. So put yourself in their place. So if you \nare a Chinese Government entity that is looking to develop \nnext-generation ASAT capability and you know that these \nspecific kinds of technologies are the subject of research at \nparticular universities here or in laboratories, what do you \nwant to do? You want to be able to get close to the people who \nare close to that. You want to find other ways in to try to \nacquire these technologies, and so you\'re going to use all of \nthe means at your disposal in order to do that. But it isn\'t \ncasual. You\'re very serious about your objectives, and you know \nthat this works quite well. The Russians, the same. They used \nto build in--and they probably still do--the acquisition of \nWestern technologies into their design plans for weapons \nsystems. They knew they could get what they needed here, and so \nthat would be part of their planning activity. So that very \nmuch is still going on.\n    Mrs. Comstock. Thank you. Mr. Golden?\n    Mr. Golden. I could speak to this issue a little bit. I \ncould give you any number of cases. They\'re not always where \nthe government directly sends somebody or recruits somebody. As \nMichael mentioned, China has these very aggressive brain-game \nprograms that provide incentives for particularly researchers \nin the United States of Chinese descent to come home and--with \nresearch that they might not have come by honestly. And those \nprograms have not succeeded in recruiting sort of tenured \nprofessors at top-notch American institutions. They don\'t \nreally want to go back to China no matter what the offer is. So \nthey tend to appeal to sort of fringe professors at lesser \ninstitutions, maybe they don\'t have tenure, and the message to \nthem is kind of don\'t come home empty-handed. So there\'s kind \nof an incentive for them to bring something back.\n    There was a case involving a research assistant at Medical \nCollege of Wisconsin. Hua Jun Zhao, he basically--his professor \nhad invented kind of a cancer-fighting compound, and he applied \nfor one of these brain-game programs saying that he was the \ninventor. And the application he sent was basically a duplicate \nof a grant proposal that his professor had filed. So there\'s \nthat kind of case.\n    In the Duke case I mentioned, it\'s not clear if Ruopeng Liu \nwas actually working for the Chinese Government. More likely, \nhe was on his own knowing, that this would be welcomed when he \ngot home. You know, and in fact it was. He got heavily \nsubsidized by the government and he set up a business and an \ninstitute, you know, but it still kind of, you know, theft of \nan American research that he was enterprising enough to go \nafter essentially.\n    Mrs. Comstock. Thank you, Mr. Chairman.\n    Chairman Abraham. Thank you, Mrs. Comstock.\n    Mr. Beyer, five minutes.\n    Mr. Beyer. Mr. Chairman, thank you very much. And look, \nbefore I dive into this, I just want to take a moment to again \nimplore this committee to provide oversight to EPA \nAdministrator Pruitt. Administrator Pruitt\'s alleged unethical \nbehavior, his wasteful use of taxpayer money, his ongoing \nefforts to undermine the EPA\'s mission to protect our \nenvironment and our public health, this warrants serious \nCongressional oversight.\n    I previously requested that Chairman Smith bring \nAdministrator Pruitt before the Science Committee to testify as \nto standard practice, and now, amid daily and abundant \nscandals, this is more crucial than ever.\n    Administrator Pruitt\'s predecessor, Gina McCarthy, Mr. \nChairman, as you know well, testified before this committee \nagain and again and again, once just on text messages to her \nhusband. Administrator--in contrast, Administrator Pruitt has \nbeen confirmed 14 months ago and he has yet to appear before \nthe committee that has oversight. He cannot be allowed to \ncontinue to sell our nation\'s clean air and water to special \ninterests without consequences even without our questions.\n    And if the President refuses to hold him accountable, then \nCongress has to do its job. Science, Space, and Technology \nCommittee needs to do its job and conduct meaningful oversight.\n    Thank you, Mr. Chairman, for that digression.\n    Mr. Golden, your book gives lots of examples about how \nforeign intelligence agencies especially from China attempt to \nuse various methods to obtain sensitive research and technical \ninformation through the use of human sources, spies. Given the \nincreasing power of digital tools to wage cyber warfare and \ncollect colossal amounts of data, for example, Mr. Zuckerberg, \nwho\'s over at the House Energy and Commerce Committee this \nmorning, why do foreign intelligence agencies need human \nresources at all anymore?\n    Mr. Golden. Thank you. That\'s a good question and I don\'t \nhave a definitive answer, but I think that cyber and human \nintelligence gathering should be seen as complementary rather \nthan sort of as in competition. I mean, there are insights you \ncan gain, secrets you can find out that are not necessarily in \nthe digital world so that, you know, there\'s a certain body of \ninformation that cyber and data hacking or gathering is vital \nto gain, but there\'s still, you know, many things that people \ndon\'t, you know, confide to email, don\'t put down in writing, \nand can be gained by recruiting a source. And other things can \nalso be done by human intelligence but not by cyber. For \nexample, recruiting a graduate student and steering him to \napply for a job in a given federal agency is not something that \nyou can do with a cyber attack, you know?\n    Mr. Beyer. Do you see any difference in the trade craft, \nfor example, between China and Russia?\n    Mr. Golden. I\'m not sort of an expert more broadly beyond \nacademia, but I would say that the China--most of the examples \nyou find in China or most of what I\'ve learned have to do often \nwith targeting research, and the Russian examples more often \nhave to do with seeking political or economic secrets.\n    Mr. Beyer. Thank you very much.\n    Mr. Wessel, in your testimony you talked about the National \nSecurity Higher Education Advisory Board created in 2005. And \nwe learned earlier the FBI disbanded it. Do you think when it \nexisted that it served a useful function, and how important is \nit to have this regular communication between the law \nenforcement intelligence communities on the one hand and the \nacademic communities on the other?\n    Mr. Wessel. I think that is vital and it should be \nreinstated, and I think we need to find other ways of \ncommunicating and collaborating with our universities, \nespecially, again, those with high-value targets--that are \nhigh-value targets. There are lists of those universities that \nare engaged in classified research as it relates to defense \ncontracts, et cetera. There are some critical areas of cutting-\nedge research that we view as the future of America\'s economy \nand our success. And the collaboration is vital. If we view the \nacademic institutions as a principal threat vector, the \ngovernment needs to be doing much more to make sure that our \nuniversities are playing their role.\n    Mr. Beyer. To continue--thank you, Mr. Wessel--you \nsuggested that the Confucius Institute, their personnel should \nbe required to register as foreign agents under the Foreign \nAgents Registration Act. How does the Confucius Institute \ndiffer from the Goethe-Institut, the British Institute, \nAlliance Francaise?\n    Mr. Wessel. I can\'t say that I know all of those other \nentities, so I\'m not sure I\'m qualified to answer other than \nthe Confucius Institutes have a very clear role in extending \nChina\'s soft power at a time when we find them to be \nchallenging us on many fronts both in terms of such issues as \nthe South China Sea and geopolitical issues but also again \nmilitarily and economically. So with my work on the China \nCommission, that\'s what I focus on, not what some of the other \ncountries are doing, so I\'ll have to get back to you on that.\n    Mr. Beyer. Okay. All right.\n    Mr. Golden. I could speak to the--that issue a little bit.\n    Mr. Beyer. Mr. Golden, only if the Chair--the new Chair--\nperhaps we will cycle back to it because my time is up.\n    Mr. Golden. It\'s okay.\n    Mr. Beyer. Thank you very much.\n    Mr. Higgins. [Presiding] Thank you. And the Chair--my \nChairman has excused himself for a moment, so I\'m going to \nrecognize myself for five minutes of questioning.\n    Ms. Van Cleave, just to clarify for the American people \nwhom we serve, we\'re understanding today, and based upon \nresearch of myself and my colleagues prior to this hearing, \nthat the American people are funding, through university \ngrants, the Federal Government harvests treasure from the \nAmerican people to fund university grants that go to research \nand development programs at our universities. Those research \nand development programs designed to enhance the economic \nstrength of America and the military might of America, the \npredominance of American university-level research, and that \nresearch is being stolen and harvested by foreign nationals and \nbrought to their own nations in order to give those nations \npredominance, as paid for by the American people. So \nessentially the American people are funding the predominant \nposition of foreign nations, is that correct?\n    Ms. Van Cleave. Very well put, Mr. Chairman.\n    Mr. Higgins. Let me ask you, regarding university grant \napplications for research and development, do those \napplications include any verification of policies or procedures \nthat are in place at that university to protect intellectual \nproperties and to confirm that they have cybersecurity systems \nin place and even general security systems in place? Does a \ngrant application right now include any sort of confirmation \nthat that university has the ability or even the intent to \nprotect the research and development that we would fund through \nthat grant?\n    Ms. Van Cleave. Certainly through classified research \ngrants, I know very careful restrictions like that are in \nplace. I think some of my other panelists can speak to open \ngrants.\n    Mr. Higgins. Comment?\n    Mr. Wessel. Just----\n    Mr. Higgins. Mr. Wessel?\n    Mr. Wessel. Just as it relates to nonpublic meaning, you \nknow, when a pharmaceutical company goes to a research \ninstitute for collaborative research on, you know, cancer \ndrugs, et cetera, there are extensive documents about what \nsecurity measures they may--they must put in place, \nnondisclosure agreements, et cetera. My understanding is for a \nnumber of federal programs that does not exist.\n    Mr. Golden. When research is export-controlled, you know, \nthen it\'s limited to certain countries so students need \napproval and some that can\'t get approval sometimes. Basic \nresearch, I don\'t think there\'s many security provisions, \nalthough on the Duke case I mentioned, when they then published \nan article that showed that some of the funding was from the \nChinese Government on this invisibility research, you know, the \nPentagon funders got upset and contacted the professor and--who \nput a--who ended that, so there are some monitoring there.\n    Mr. Higgins. Thank you for those answers. In my opinion, to \nmy colleagues I suggest that grant applications should include \nsome verification of the levels of training and awareness that \nwe are certainly highlighting today.\n    Mr. Hassold, through your work, you found that at least 144 \nuniversities were breached by Iranian hackers over the last \nfive years. These hackers took 31 terabytes--that\'s my \nunderstanding--31 terabytes of R&D-related materials. Were \nthese universities being targeted specifically because of the \nresearch conducted there?\n    Mr. Hassold. So those numbers came from the DOJ indictment. \nThe numbers that I have found is 174 American universities that \nhave been targeted by this group. The firsthand observations \nI\'ve been able to see is that the purpose of that targeting was \nto get access to the centralized academic databases that most \nAmerican and most Western universities have access to to \nexfiltrate research articles from those databases. Of course, \nthe--one of the clear indications based on the targets that \nhave been selected in those attacks is the possibility that \nresearch specific to certain universities is exfiltrated. When \nyou look at some of the targets, some of the high-profile \ntargets that the U.S. Government works with, there\'s that \npossibility. I think that\'s hinted at in the indictment but \nthat is secondhand information that I have.\n    Mr. Higgins. And do you agree that universities should \nprovide proper training for their professors, researchers, and \nstaff to defend against cyber threats? Do you agree with that \nassessment?\n    Mr. Hassold. Absolutely 100 percent.\n    Mr. Higgins. I would suggest to my colleagues that today\'s \nhearing has made clear the extent to which our nation\'s \nresearch and development is targeted and exposed, and witness \ntestimony confirms this threat is real. We must ensure that \nuniversities are taking this threat seriously and understand \nthe precautions being taken to safeguard their equities. I \nbelieve we would greatly benefit as a nation by hearing from \nour universities on this matter, and I hope this committee \ncontinues to take action on this issue.\n    My time is expired. The Chair recognizes Ms. Bonamici from \nOregon for five minutes.\n    Ms. Bonamici. Thank you very much, Mr. Chairman, and thanks \nto the Chairs and the Ranking Members and our witnesses for \ntestifying today. I appreciate the concerns of course that were \nraised in the testimony and by our colleagues, but I also want \nto acknowledge the immense benefits economically, socially, and \nacademically of welcoming foreign students to our academic \ninstitutions. This is about finding the right balance.\n    When informed of this hearing, my alma mater, the \nUniversity of Oregon, was proud to point out that they have \nlong sought international students not only for the \nintellectual and cultural diversity they bring but also for the \nopportunity to encourage American students to be more globally \naware and engaged. With that in mind, I hope our focus today \ncan be finding that appropriate balance to make sure that our \nuniversities are secure and vigilant but also accessible hubs \nof learning and creative exchange.\n    And I want to thank Ranking Member Beyer for asking about \nthe National Security Higher Education Board. It seems that \nthat is something that we could work on together to make sure \nthat that is reconvened and operating because I know it\'s been \nbeneficial to universities in my home State and across the \ncountry. That\'s been a useful venue for the academic and \nsecurity communities to discuss those challenges.\n    I wanted to ask, we know that there are many American \nstudents who study abroad and academics as well working abroad \nwho could be vulnerable to recruitment or unwitting involvement \nin espionage by a foreign actor. So could any of you describe \nwhat, if anything, we\'re doing to protect and prepare our \nstudents, professors, and researchers from being exploited when \nthey are abroad? Mr. Golden, you look like you are turning on \nyour microphone.\n    Mr. Golden. Good observation. The--thanks. You know, \nthere\'s one renowned case in this field of Glenn Duffie Shriver \nwho had been a student at Grand Valley State and soon after he \ngraduated he went to China--he went to China first in college \nin a study-abroad program and right after--and was recruited by \nChinese intelligence and they--you know, they paid him to take \nthe foreign service exam but he failed and then they paid him \nto try and enter the CIA and he was caught and imprisoned. And \nthe FBI made a video about it called Game of Pawns and----\n    Ms. Bonamici. Widely panned I might----\n    Mr. Golden. Yes, it wasn\'t that well-received but it also--\nyou know, they tried to get universities to show it in their \norientations for study-abroad programs, and the universities, a \nlot of them objected. They felt they had limited orientation \ntime. There\'s a lot of things to orient the students about, you \nknow, local conditions, what do you do if you\'re ill, stay away \nfrom drugs, whatever, and so most of them did not show it. Now \nthat might have been a good decision on aesthetic grounds, but, \nyou know, there probably could be some, you know, discussion of \nsome kind of orientation for students before they go overseas, \nas well as for the professors----\n    Ms. Bonamici. Right.\n    Mr. Golden. --who lead those trips and because they are, \nyou know, playing in the other country\'s territory and they are \npotential targets.\n    Ms. Bonamici. I believe that was back in 2014 that video \nwas made. That could be something that we could discuss as well \nto make sure that there is something meaningful.\n    Last December, the White House released its national \nsecurity strategy that indicated that the Trump Administration \nplans to consider restrictions on foreign STEM students from \ndesignated countries to ensure that intellectual property is \nnot transferred to our competitors. Mr. Golden, you were quoted \nin an Inside Higher Education article responding to when FBI \nDirector Christopher Wray testified, and you said, quote, ``The \nvast majority of Chinese students are just here to learn and \nmaybe do research and they bring energy and intelligence and \nfresh perspective to American higher education. They\'re quite \nvaluable. It would be wrong and unfair to assume that some very \nlarge proportion of them are here for clandestine purposes.\'\' \nAnd I appreciate that, and again, this is about finding the \nbalance.\n    Can you talk about the concerns or the problems that might \ncome from casting an entire group of students, researchers, and \nprofessors from a particular country as a danger to national \nsecurity based on that country of origin, and how might that \nhinder our ability to attract the brightest minds around the \nworld to study, conduct research, and work here in the United \nStates?\n    Mr. Golden. Sure. Yes, in general, the globalization of \nhigher education I think is a wonderful thing, and the \nadvantages outweigh the drawbacks. And the students from China \nand other countries, they come and, you know, many of them are \nextremely bright and wonderful researchers and contribute to \nresearch done in the United States. And in fact, you know, the \ngreat majority--although the percentage has gone down some, the \ngreat majority who come over as graduate students or get their \ndoctorates here stay here for, you know, at least five to ten \nyears after or make their whole careers here. And then, you \nknow, the research they do, you know, redounds the benefit to \nthe United States rather than China.\n    I mean, particularly since Tiananmen Square, that\'s been \nthe case. And if you look at it in that light, China almost \nhas--you know, they\'re losing so much talent that that\'s why \nthey\'re having these aggressive brain-drain programs and that\'s \nwhy they feel probably pressure to use espionage because, you \nknow, so many of their best and brightest are making their \ngreatest discoveries in the United States for the benefit of \nAmerican universities and the American economy and the American \nGovernment.\n    So, you know, I think it would be a mistake to, you know, \nturn off the faucet of bringing Chinese students to this \ncountry, and instead, that\'s why we ought to look for more--\nother things such as, as I mentioned, intellectual property \nclasses, more collaboration agreements that spell out what can \nand can\'t be done on each side and those kinds of things \nbecause, you know, foreign students contribute a great deal to \nthe United States in any number of ways.\n    Ms. Bonamici. Thank you. I see my time is expired, but as I \nyield back, I want to note that there have been several topics \nhere that we could work on on a bipartisan basis to make sure \nthat we\'re protecting our universities and our data. And thank \nyou very much. I yield back.\n    Mr. Higgins. I thank my colleague.\n    And Mr. Loudermilk from Georgia is recognized for five \nminutes for questions.\n    Mr. Loudermilk. Thank you, Mr. Chairman. And I agree with \nMs. Bonamici. This is something that should be bipartisan. It \nis something definitely concerning to me, and it should be to \nnot only every member of this committee but Congress and those \nin the universities. This is a meeting of two areas of which I \nhave experience and a great interest working in intelligence \nand technology in the Air Force.\n    I was greatly concerned when it was mentioned that Sandia \nLabs has been a target. Working with Sandia Labs in the past I \nknow the type of research and development they do, and it is \ndefinitely of a national security concern with me and even with \nother research institutions that I work with in this capacity \nand that I have in my 20 years in the IT sector. This is an \narea that should have much more attention than we are giving it \nright now.\n    And, Mr. Golden, I want to congratulate you. There is a \nwaiting list for your book at the Library of Congress, which I \nam on, so apparently it is beginning to grow.\n    Mr. Hassold, as you\'ve mentioned, you\'ve conducted \nextensive work on the Iranian breach at these institutions and \nprovided the FBI with your findings. Can you walk us through \nhow the Iranians were able to breach these university systems?\n    Mr. Hassold. Sure. So with any phishing attack, it always \nstarts with the lure that is generally email-based. All of \nthese attacks were--had email-based lures. So they were sent \nout to a number of different students and faculty. Some were \nvery targeted, as is referenced in the indictment from a couple \nweeks ago. Some were more general, sent to a wider range of \nstudents and faculty. When you look at those lures, they are \nincredibly sophisticated. The spelling, grammar, the things \nthat you traditionally look for to identify potentially \nmalicious emails, everything there has been perfect.\n    And one of the--I think the interesting and notable aspects \nof them is that they have barely evolved over time. If you look \nat a lure from three years ago, I had--I found a lure from \nthree years ago that targeted American University, and I found \nanother lure targeting an Australian university just 3 or 4 \nmonths ago. The content of those emails were exactly the same. \nAnd I think one of the interesting parts of that is sort of it \ndenotes the probable success rate that the threat actors had \nwith using those lures.\n    So the lures were very sophisticated. They--if you look at \nsome of the information that was contained within them, it\'s \nclear that they did probable manual reconnaissance to collect \ninformation that is targeted to the university specifically \nthat makes them more persuasive. From the lures, you go to the \nphishing sites themselves. The content of the phishing sites is \na near replica of the legitimate login pages that someone would \nsee if they\'re going to the actual site. The URLs were \npatterned to look extremely similar to the actual login page. \nAnd then after someone enters information into those phishing \npages, they would generally be sent off to what we would call a \ndrop email account, which is generally a temporary email \naccount where the compromise credentials are received.\n    Mr. Loudermilk. Okay. And if we could bring up--I\'ve got a \ncouple of slides--screenshots of the landing page.\n    [Slide.]\n    [GRAPHIC] [TIFF OMITTED] T9781.091\n    \n    Mr. Loudermilk. The one on the top is the actual University \nof Pennsylvania library page. Actually, the top one is the \nphishing site. I\'m correct--corrected, and at the bottom is the \nactual. This is incredible. I mean, this is highly \nsophisticated. It indicated to me, looking at this, that this \nis not just a rogue actor. This has state sponsorship. There is \na lot of work gone into this, which, from the technology \nstandpoint or an IT standpoint, you\'re only going to put this \ntype of effort to go after a highly valued target and--which is \nreally concerning.\n    And based on your experience with this and the other work \nthat you\'re doing, how vulnerable are these institutions as \ncompared to, let\'s say, our business community or corporations? \nAre they more--is academia more vulnerable or less?\n    Mr. Hassold. I think one of the primary vulnerabilities for \nthe academic community is not that--is not that different than \nthe--than most other industries and most other businesses. I \nthink the challenge, as I said in my testimony, is that you \nhave a number of different components that feed into the \nuniversity network. You have students, you have faculty, and \nthen you have employees--\n    Mr. Loudermilk. Right.\n    Mr. Hassold. --and each of those need to have awareness and \ntraining. And by nature of the academic community, a lot of \nthose members are transient, so the ability to train them and \ngive them like fully--a full awareness of the actual risks is \nmuch more challenging than some other businesses where most of \nthe employees are sort of centralized and you have a better \nopportunity to train them.\n    Mr. Loudermilk. Are they a softer target? And then a lot of \ntimes we look at often more effort is put into going after--\nwell, if you have two targets of high-value, you\'re going to \nput more effort in the softer target than the harder. Are the \nuniversities a softer target than, let\'s say, the corporations \nbecause of the--what you just laid out for us?\n    Mr. Hassold. I think that they hold sort of like--sort of \nlike you mentioned, they hold specific value to the people who \nare targeting them, so I don\'t think they are softer and the \ntechnical defenses are that much worse than general businesses, \nbut I think they hold a certain value to the people who are \ntargeting them that\'s much different than you look at the \nreasons that generally--general businesses are being targeted.\n    Mr. Loudermilk. Okay. I do have several other questions but \nI see my time is expired, so if we do a second round or if \nsomebody else yields any, I\'ll have a couple other questions \nfor you.\n    With that, Mr. Chairman, I yield back.\n    Mr. Higgins. I thank my colleague.\n    And Mr. Lipinski from Illinois is recognized for five \nminutes for questions.\n    Mr. Lipinski. Thank you, Mr. Chairman.\n    And I want to thank the Chairman and Ranking Member for \nholding this hearing. Certainly this is a very important issue. \nI have been very outspoken about the theft of intellectual \nproperty, especially by Chinese actors, but others around the \nworld. It\'s a great threat to our economic security. I, though, \nthink that we need to make sure that we\'re using a scalpel and \nnot an ax to this problem.\n    I appreciate Mr. Golden\'s comments about the value of \nhaving foreign nationals come to study here in the United \nStates. So many Chinese have come here, as you mentioned, Mr. \nGolden, and have contributed to the United States not just both \nresearch-wise and also in regard to helping economically our \nnation.\n    As an academic, I understand that, you know, my impression \nis that there is a lot more that can be done in order to make \nsure that our academic researchers are aware of the threats \nthat are out there, nothing that I was doing--when I was doing \nmy research was--would\'ve been of interest to anyone \neconomically for espionage, but--or for any reason like that, \nbut I know Mr. Golden had mentioned a few things that you think \nshould be done to improve security at universities and \nawareness by professors and students of potential intelligence \nthreats they face.\n    I want to know if there\'s anything else that any of our \npanelists wanted to add that can be done that you think \nuniversities should be doing, and is there any way to encourage \nuniversities to do more of improving awareness of faculty \nmembers, staff, and students at universities? Ms. Van Cleave?\n    Ms. Van Cleave. Congressman, I understand that within the \n56 field offices of the FBI one of their responsibilities is to \nbe able to work with universities within their jurisdictions to \nbe able to raise awareness. So to have good relations between \nthe field offices of the FBI and the universities is something \nwhere one would encourage university leadership to take \nadvantage of that kind of awareness opportunity that the Bureau \nrepresents, and we\'ve asked them to take on the job.\n    But I\'d also like to interject something to sort of round \nout the picture here. We\'ve talked about the value--the \nextraordinary value of having international students here on \nour campuses, and it\'s good for us, it\'s good for our student \npopulation, it\'s good for America generally to have them here. \nAnd we\'ve also said it\'s good for the foreign students who come \nhere. Their lives are enriched, and especially those who are \ncoming from countries that may be closed or may not have our \nfreedoms and liberties.\n    And we are welcoming them here and showing them perhaps a \ndifferent way, a new way of life, which leads me to interject \nthis: The foreign intelligence presence on our universities is \nnot limited to trying to develop sources or trying to access \nour research. There is yet a third purpose behind their \npresence on our university campuses. For some countries that \npurpose is to enforce their security concerns about their \nforeign nationals who are present there. So look at it from the \nstandpoint of those young students who may be here experiencing \nnew things, while at the same time, they know they\'re being \nwatched. And that is something that I find to be troubling. So \nI think we should be also aware of that purpose of the foreign \nintelligence presence on our universities.\n    Mr. Golden. That\'s actually--I think Michelle makes a very \ngood point there because there\'s always--there\'s been a feeling \nat several universities I think that in some classes Chinese \nstudents may be afraid to speak candidly for fear that other \nstudents are keeping an eye on them and reporting back. You \nknow, and there\'s been recent publicity about--I think it\'s \ncalled the Chinese Student and Scholars Association and its \nconnection to the Chinese Embassy. And I spoke to Derek Bok, \nthe former President of Harvard, for my book and he said that a \nprofessor at Harvard Law School at one point had come to him \nand said Chinese students were telling them they couldn\'t speak \ncandidly in class because of that fear. And Harvard tried to \nfigure out what it could do about it and couldn\'t come up with \nanything.\n    Mr. Lipinski. Well, I was going to ask, what can be done \nabout that?\n    Mr. Golden. Yes, he said they just didn\'t have the capacity \nto try and investigate that on their own. Harvard didn\'t know \nwhat to do, so I don\'t think they did much of anything. But it \nis another concern of students feeling like they don\'t have the \nfreedom to speak up.\n    Mr. Lipinski. And anyone else, any suggestions, \nrecommendations, incentives that we could give to universities \nto make sure that they are, you know, paying attention to all \nof these issues?\n    Mr. Hassold. I think one of the things that--one of the \nfocuses is--that we talked about today is cooperation between \nuniversities and law enforcement. I think there also needs to \nbe more cooperation between universities themselves. Mr. Beyer \nearlier brought up REN-ISAC, which is an absolutely fantastic \nresource that universities have access to. It\'s very much a \ncentralized repository of knowledge specifically for cyber \nattacks targeting universities. As I understand it, I\'ve gotten \nto know the folks over there pretty well over the course of my \nresearch. Their operational team is only about a half dozen \npeople at this point, and they handle about, you know, a couple \nhundred institutions. Those types of entities are--would be \nmuch more valuable to the university as a whole so they \nunderstand what\'s going on, targeting other universities and \nnot just what\'s going on targeting their own university.\n    Mr. Lipinski. Very good. Thank you. Thank you, Mr. \nChairman, for the extra time.\n    Mr. Higgins. I thank my colleague, and I recognize Mr. \nMarshall from Kansas for five minutes for questioning.\n    Mr. Marshall. Thank you, Mr. Chairman. My first question is \nfor Ms. Van Cleave.\n    Ms. Van Cleave, I\'m a freshman Congressman, and one of my \njobs is trying to prioritize and figure out how big problems \nare. There\'s plenty of problems for us to solve. You know, our \ntrade deficit was a $575 billion problem. I\'ve been told that \nthis intellectual theft may be worth $500 billion, $1 trillion. \nCan you kind of put a number to it or just a wild guess on how \nmuch is this impacting our country every year?\n    Ms. Van Cleave. So the Intellectual Property Commission \nheaded up by Admiral Blair and Ambassador Huntsman first met in \n2013 and issued a landmark report. They updated it just last \nyear, and their estimate is $510 billion roughly in \nintellectual property theft in the last year.\n    Mr. Marshall. And all that could basically buy down our \ntrade deficit. That\'s amazing.\n    I think I\'ll go to Mr. Wessel next. Mr. Lipinski talked \nabout using a scalpel. I would talk about using a laser. If you \nwere to focus on the companies that are the bad actors, the \ncheaters, the people that are basically robbing our banks, what \nare we doing now to punish them? What could we do? Why aren\'t \nwe punishing these people that are trying to steal--and \nstealing the bigger companies? Is anything happening?\n    Mr. Wessel. There are some things happening at--you know, \nthe problem, as identified by the Commission and many others is \nongoing and, you know, there\'s no way to get your hands around \nit all the time. But the failure to have significant ongoing \nsanctions has sent a message that much of what goes on you can \nget away with.\n    You may recall that President Xi and President Obama signed \na memorandum of understanding on the use of cyber espionage for \neconomic gain. The problem was that the Chinese don\'t view \neconomic gain as, you know, a separate inbox on the President\'s \ndesk. Economic and national security are inextricably \nintertwined. So part of the problem is making sure we define \nthe issue, we have coherent responses, and that there are real \nsanctions and costs for what happened.\n    I mentioned earlier about the indictments of the five PLA \nhackers for going into five U.S. companies, Westinghouse, a \nnumber of others. The indictment was sealed. There\'s been no \nfollow-up action.\n    Mr. Marshall. And when you say sanctions, can we do \nsanctions just on companies rather than entire countries?\n    Mr. Wessel. Yes, you can. I mean, we\'ve had--there--in \nthose--that situation there was a tasking, meaning that certain \ncompanies ask the Chinese Government for information or work \nwith them to get it. The information was obtained through five \nPLA hackers and transferred back to the companies. And then \nthat was utilized. U.S. Steel filed a case at the ITC on this \ntrying to have a sanction that was ultimately ruled--the case \nwas thrown out. There are ways of looking at what has been \ntaken, what has been applied in the market and sanctioning \nspecific companies where also a broader problem that\'s going to \nneed a more general solution to.\n    Mr. Marshall. Give me an example of something that we as \nAmericans would consider intellectual theft that the Chinese \nwouldn\'t, that it\'s okay? That--you kind of mentioned something \nthere that I didn\'t quite follow that.\n    Mr. Wessel. No, when they were--after they signed the \nagreement, there was this view that China was going to limit \nits cyber incursions into the United States and the prohibition \nor the agreement was it was not going to affect economic \nissues. They wouldn\'t do it for economic gain. But China views \ntheir economic progress, their security, their growth rate as \npart of their national security. If they can\'t----\n    Mr. Marshall. So their means justifies the ends? It\'s \nokay----\n    Mr. Wessel. Correct.\n    Mr. Marshall. --to cheat as long as it benefits----\n    Mr. Wessel. Correct. Their----\n    Mr. Marshall. --their national security so to speak?\n    Mr. Wessel. Correct. And a different definition. They \ndidn\'t view it as economic espionage; they viewed it as----\n    Mr. Marshall. Yes.\n    Mr. Wessel. --enhancing their national security.\n    Mr. Marshall. Mr. Golden, what would you do to microfocus, \nto laser in on the companies that are cheating?\n    Mr. Higgins. Would the gentleman turn his mic on, please?\n    Mr. Marshall. Okay.\n    Mr. Golden. So I focused--my book is about espionage in \nacademia and higher education----\n    Mr. Marshall. So, great. So people are espionaging \nintellectual property from universities. What would you do to \npunish them? What are we not doing? Why do we just turn her \nhead and say it\'s okay?\n    Mr. Golden. Well, yes, that\'s a good question Congressman, \nand I can speak to that. You\'re right; there has been a number \nof examples where, you know, people have been caught spying, \nand the universities have not really punished them. For \nexample, the case a few years ago of the Russian illegals in \nthe United States, the 10 Russian illegals----\n    Mr. Marshall. Right.\n    Mr. Golden. --the case that gave rise to the show The \nAmericans, seven or eight of them had been in U.S. universities \nand one of them had gone to Columbia Business School, and \nevidence came out that her role there had been to recruit \nclassmates and professors, and yet Columbia didn\'t revoke her \ndegree when it came out that she wasn\'t Cynthia Murphy, she was \nLydia Guryeva and she was working for Russia.\n    Mr. Marshall. We\'re over my time. I\'m sorry. I yield back \nthe rest of my time. Thank you.\n    Ms. Van Cleave. Mr. Chair, if I might interject, I need to \ncorrect the record of an answer I just gave a moment ago. The \n$510 billion figure which I cited in fact is the amount that we \nannually invest in R&D, but consulting my notes of the \nHuntsman-Blair Commission report, they had this to say last \nyear: ``We estimate that at the low end the annual cost to the \nU.S. economy of several categories of IP theft exceeds $225 \nbillion with the unknown cost of other types of IP theft almost \ncertainly exceeding that amount and possibly as high as $600 \nbillion annually.\'\'\n    Mr. Marshall. Six hundred billion?\n    Ms. Van Cleave. Yes.\n    Mr. Marshall. Yes, thank you.\n    Mr. Higgins. I thank my colleagues, and if our panelists \nwill accommodate us, we\'ll have a second round of questioning \nif you can all stay. Thank you. I recognize myself for five \nminutes for questioning.\n    Mr. Wessel and Ms. Van Cleave, the China-United States \nExchange Foundation, a China-based and government-connected \nfoundation, is registered as a foreign agent representing \nChina. Do you find it concerning that some universities in the \nUnited States have accepted funding from this foreign agent, \nand how should universities handle outside organizations like \nthis when it comes to potential funding? Mr. Wessel?\n    Mr. Wessel. I find it very troubling and talk about that \nbriefly in my testimony. It\'s a function of a number of things, \nincluding the funding problems I think was referred to earlier \nthat we face with higher education. They are seeking these \nfunds. They are seeking foreign students who often pay the full \nboat when they\'re applying.\n    I think, number one, we should be monitoring their \nactivities. Number two, we should be requiring that students \nwho attend those programs be informed of the nature of the \nsponsorship. The curriculum, the personnel are chosen by the \nChinese Government or those working for the Chinese Government, \nand their materials should have a disclaimer on it so people \nunderstand that this is an attempt to influence and it\'s \nessentially propaganda.\n    Mr. Higgins. Ms. Van Cleave?\n    Ms. Van Cleave. It\'s hard to add to that statement. I fully \nendorse what Michael said. This is a serious concern. Of \ncourse, it is also an opportunity when we know that there\'s a \nspecific foreign interest in a particular university. From a \ncounterintelligence perspective, it shines a light that that \nnation-state has a particular interest here and is willing to \ninvest money in it, but it\'s small compensation for the risk \npresented.\n    Mr. Higgins. Is there enhanced vetting at the federal level \nfor a foreign exchange student out of a potential threat \nnation-state like China where there\'s examples of intellectual \nproperty theft? Is there enhanced vetting at the federal level \nright now prior to the university level?\n    Ms. Van Cleave. Not that I am aware of. Others on the panel \nmay have a different insight on that----\n    Mr. Higgins. I think they should be.\n    Ms. Van Cleave. --but as long as they\'re meeting the \nrequirement for the visa to be issued and they have the support \nof the university, we are a very open and welcoming country.\n    Mr. Higgins. Let me ask you each this question. How can the \nUnited States universities vet or conduct due diligence on \npotential Chinese or other foreign partners that may have \naccess to our laboratories and in our universities?\n    Mr. Wessel. My view of that is that\'s primarily a \ngovernmental role and not the universities\' but that--where \nthere are--again research that\'s going on either with cleared \ndefense contractors with governmental agencies where there\'s \nfederal money, there should be a certain level of scrutiny.\n    And to your earlier question, one of the problems we found \nat the China Commission was that foreign students were coming \nin under visas, for example, to study liberal arts, and once--\nand they would change a semester later to physics, to computer \nsciences, et cetera, where there may be threats that we want to \nlook at. Universities should be responsible when the terms of a \nstudent\'s participation at the university has changed, to talk \nto the authorities, inform them, and then leave it to the \nauthorities as to whether there should be follow-up.\n    Mr. Higgins. Do you believe vetting at the federal level \nshould be tied to the intended course of study for foreign \nexchange students?\n    Mr. Wessel. I believe the--for the target of the research--\nand so I\'m focused more on the laboratory work that\'s done \nrather than just the general teaching at a university, so a \ncomputer science course is one thing, but if that person goes \ninto computer science lab where there may be work on \nencryption, for example, that should have higher scrutiny.\n    Mr. Higgins. And for federally funded university \nlaboratories, should there not be a responsibility to report \nthat adjustment of that student\'s intended course of study?\n    Mr. Wessel. Yes. As I said earlier, if they change the \nterms of their visas when they came here and what the situation \nthey were supposed to enter, if that changes, there should be \ninformation to the Federal Government.\n    Mr. Higgins. Thank you for your answers.\n    I recognize my colleague, Mr. Beyer, for five minutes for \nquestions.\n    Mr. Beyer. Thank you, Mr. Chairman, very much.\n    You know, the National Science Board recently released its \nbiennial Science and Engineering Indicators report, and the \nbasics is that federal investment in basic research and \ndevelopment vis-a-vis the United States, the Chinese are \nrapidly gaining ground on us. I talked to many of my friends in \nthe medical field, and they just talk about how much more \nthey\'re investing than we are. And of course this is \nunacceptable if we want to maintain our leadership in science \nand engineering.\n    But to the point of this commission, what role does \npersistent flat funding of U.S. science research have on our \nreliance on cost-sharing with international partners or give us \nadditional vulnerabilities in terms of espionage? Anyone want \nto grapple with that question?\n    Mr. Wessel. I think it makes us vulnerable. There have been \ninstances in the past, again, from the China perspective where \nthere have been investments by or attempted investments by \nChinese entities, government-affiliated in our universities and \nthose that have, you know, stable funding in States where \nthey\'re a public university where there have been budget cuts \nfor any of a number of reasons, and there has been greater \nreceptivity to those investments. That of course then opens up \nthe underlying research to advantage other players. That has a \nserious cost to it.\n    Mr. Beyer. Great. Mr. Golden, some half-hour ago you wanted \nto jump in on the Goethe-Institut vis-a-vis--well, the \nConfucius Institute vis-`-vis Goethe, et cetera.\n    Mr. Golden. Yes, thank you, Congressman, for giving me that \nopportunity. Well, one difference between the Confucius \nInstitutes and these arms of other nations is that they tend to \nbe on campus, whereas the institutes of the French, German, \nBritish Governments tend to be off-campus. And, you know, the \nConfucius Institute courses at many universities they are not \nfor academic credit but at some universities they are, so \nthey\'re more, you know, integrated for whatever reason kind of \ninto the academic environment and thus, you know, might be \npotentially more influential. And of course they\'re also \naccompanied in some cases by quite a bit of money to the \nuniversity.\n    I was also going to say about them, you know, there was \nmentions of the foundation that is part of the Chinese \nGovernment. The Confucius Institute for all intents and \npurposes are an arm of the Chinese Government. They\'re from an \naffiliate of the Education Ministry. And the research for my \nbook indicated that they\'re not intended as an arm of espionage \nbecause it\'s the Education Ministry, but at times, the--China\'s \nIntelligence Ministry does approach Directors and staff of \nConfucius Institute and ask them to gather information. And the \nFBI does as well. Both China and the United States are \ninterested in using Confucius Institute personnel as \nintelligence assets because they\'re so well-positioned.\n    Mr. Beyer. Okay. Thank you very much. You know, the \nNational Science Foundation has had a long-standing policy of \nrarely doing direct support for foreign organizations and that \nwhen they did, it would have to be allocated only to the U.S. \nportion of a project. But in January this year, they revised \nits quote/unquote ``proposal and award policies and procedures \nguide\'\' to address all the international branches of American \nuniversities which are springing up around the world. And \nanother revision calls for funding for a collaborative project \ninvolving foreign organizations, and they both now require the \nproposal requesting funds for an international branch or for a \nforeign organization to justify why the research activities \ncannot be performed on a U.S. campus or by a U.S. organization.\n    Do you have any thoughts on National Science Foundation\'s \npolicy change from rarely doing it out of the United States to \njust now allowing it for foreign organizations and for--or for, \nsay, the George Mason campus in Qatar? Any thoughts?\n    Mr. Wessel. My thought is I\'d prefer--vastly prefer that it \nbe occurring on U.S. university campuses, and if there\'s a gap \nhere that our government, NSF, and others work to fill that gap \nhere rather than through a foreign university collaboration.\n    Mr. Beyer. Yes. Well, thank you. You know, that\'s sort of \nthe half-point I wanted to make. On the one hand, the previous \nquestion, we want a--we keep hearing again and again that the \nNational Science Foundation is able to award an ever-smaller \npercentage of its excellent proposals with money because \nthere\'s just not enough research money with this interesting \nchange in policy, suggesting that they\'re going to invest \noverseas rather than here. So--anyway, thank you very much.\n    Mr. Chair, I yield back.\n    Mr. Higgins. I thank my colleague and recognize Mr. \nLoudermilk for five minutes for questions.\n    Mr. Loudermilk. Thank you, Mr. Chairman. I appreciate the \nadditional time.\n    Mr. Hassold, I kind of want to circle back to where we left \noff in the previous questioning regarding the Iranian attacks \non our universities. We were discussing whether or not they \nwere softer targets, and you explained that there\'s more \ntransition within the universities and a lot of corporate \nbusinesses. A follow-up on that is did these Iranian actors \nhave the same success rate with non-academic organizations, \ninstitutions as they did the academic?\n    Mr. Hassold. The outcomes of the attacks is something I do \nnot have insight into, as well as I believe the private \norganizations that were targeted is something that\'s only--that \nI only know of through the FBI--or the DOJ indictment.\n    Mr. Loudermilk. Okay. I appreciate that. Of the 31 \nterabytes that\'s been reported that was stolen, what type of \ndata was contained in that?\n    Mr. Hassold. That\'s also something that\'s--that I don\'t \nhave specific knowledge into. I just know that they--that the \ntargeting that I observed was the academic research databases. \nI\'m assuming that much of that 31 terabytes came from that \nexfiltration data.\n    Mr. Loudermilk. Okay. And from what I\'ve read, a lot of it \nis medical research and R&D-type information. How do these \nuniversities respond? When you notify them or when they realize \nthat they\'ve been a target of a phishing attack or an outside \nbreach into their systems, how have they responded to these, \nspecifically, the Iranian attack?\n    Mr. Hassold. So since I\'ve started researching the group \nand their attacks, every time I\'ve identified a new American \nuniversity that\'s been targeted, I have both contacted REN-ISAC \nto let them filter the information through their specific \ncontext for universities, as well as when I\'ve been able to \nidentify a specific point of contact at a university, I \ndirectly informed them of potential phishing attack. REN-ISAC \nhas been fantastic. They have--we\'ve been in communication a \nsignificant amount, and they have confirmed that notifications \nhave gone out.\n    I haven\'t gotten response back from universities based on \nmy communications. However, I wouldn\'t really expect that. I \nwould really more expect them to take the information and try \nto mitigate on their side. From what I understand with most \nphishing attacks, the way a lot of universities deal with them \nis that they block the malicious sites and most infrastructure \non their internal networks, which is a quick way to deal with \nthem. However, one of the issues with that is if there is a \nuser that is not network that tries to access the malicious \nsites, that same protection is not afforded to them. So things \nlike actually trying to mitigate the actual sites and shutting \nthose sites down is an additional step that could be done to \nhelp prevent the damage caused by these types of attacks.\n    Mr. Loudermilk. Well, have you seen, are they reporting \nthese IP addresses to have them blacklisted or do they \ncommunicate with other universities? I mean, the strength of \nthese research universities is the collaboration on their \nresearch and development. Are they collaborating with one \nanother to highlight that, you know, we\'ve been subjected to a \nphishing attack, we\'ve been--data has been breached? Are they \ngoing outside of their own infrastructure? I mean, I commend \nthem. You know, you go into your gateway, your firewall, you \nblock that IP address, but from an IT perspective, there seems \nto be so many more things that could be done, hiding your page \nsuch as this so it\'s not available to the public to replicate \nthat, that you have to be interior to the network to actually \nget to that page, reporting to your internet provider to have \nthe IP blacklisted, I mean, that\'s one step that--of course, \nthey can change their IP addresses, but also education and \ncollaborating with other universities. I mean, do you see that \nthey\'re doing this and what other steps could they or should \nthey be taking?\n    Mr. Hassold. I\'m sure every university is different \nspecifically how they deal with these types of attacks. There \nare resources like REN-ISAC, which I\'ve mentioned multiple \ntimes, that sort of is that central place for intelligence and \ninformation-sharing that they can use. I don\'t know how much \nuniversities directly interact with one another, especially--I \nwould assume that there would be some sort of interaction.\n    There are some other defensive tactics that would probably \nstem the effectiveness of these types of attacks like \nmultifactor authentication that a lot of schools don\'t utilize. \nAnd from what I\'ve learned with my discussions with university \npartners, as well as some of the folks at REN-ISAC, the cost \nassociated with implementing multifactor authentication is \npretty significant, and a lot of universities don\'t have the \nsources of funding to be able to pay for things like that. But \nsomething like multifactor authentication would be able to \nprevent some of these types of attacks after the fact by not \nallowing foreign actors to be able to login to the actual \nlegitimate pages.\n    Mr. Loudermilk. I appreciate that. And so as with any \nattack, it appears this could have been prevented by, you \nknow--and hindsight is 20/20, but it could have been prevented.\n    Last question. Are the universities taking this serious \nenough to prevent it from happening in the future? And I\'ll \nopen that up to anybody on the panel.\n    Mr. Hassold. That\'s a good question. That would be a \nquestion I think would be better suited to be answered by the \nactual universities. I think they would probably have better \ninsight into it. But I think this--these--this type of threat \nis so sophisticated that dealing with it would take significant \nresources to do and a significant planning and collaboration \namongst the entire academic institution.\n    Mr. Loudermilk. Thank you. Anyone else care to--all right. \nWell, Mr. Chairman, thank you. I yield back.\n    Mr. Higgins. I thank my colleague.\n    This has certainly been an enlightening conversation we\'ve \nengaged in today. I thank the witnesses for their valuable \ntestimony and the Members for their questions. The record will \nremain open for two weeks for additional comments and written \nquestions from Members.\n    The Science, Space, and Technology Oversight Subcommittee \nand Research and Technology Subcommittee joint hearing is \nadjourned.\n    [Whereupon, at 12:01 p.m., the Subcommittees were \nadjourned.]\n\n                               Appendix I\n\n  \n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n                                 [all]\n</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>\n'