From research and innovation to technology
Research security is relevant to a mix of people and organisations, ranging from universities and other research organisations, through to tech start-ups and larger companies, and organisations looking to invest in emerging technologies. The thread that connects these different groups is the journey from research and innovation to operational technology.
We can examine this journey using the idea of ‘technology readiness levels’ or TRLs. The TRL framework is used to describe the development of a technology from its emergence from basic research, through its development, and into its delivery as an operating or commercial technology. The model was originally developed by NASA in the United States, but is now widely adopted.
In a previous post we examined the difference between the UK government’s Trusted Research and Secure Innovation campaigns. One way to think about that difference is that the Trusted Research campaign is aimed at technologies at the lower end of the TRL framework, while Secure Innovation focuses on technologies that are operational or nearly operational.
The thread connecting basic academic research, commercial research and development, and intellectual property is the journey up the TRL framework. Being able to follow that journey is helpful for lots of reasons. It means that a proportionate level of security can be applied to the idea at each stage. As one report by the US JASON scientific advisory group argues, if security controls are too tight at lower levels of technological readiness then this may constrain innovation or allow bad ideas to go unchallenged. Similarly, as ideas move up the framework, the argument for greater security increases.
Crucially, the pace of innovation is increasing. The authors of the JASON study observe that there is an “increasing connection and decreasing distance” between academic research and commercial development. In other words, the journey between fundamental research and usable technology is getting shorter. This makes the ability to follow ideas through the TRL framework, and to secure them appropriately, all the more important.
We assess that organisations that work at the lower end of the TRL framework are likely to encounter increasing regulation and scrutiny around their work, as governments and external partners increasingly prioritise research security earlier on in the journey from basic research to operational technology. Organisations developing a research security strategy for the first time are recommended to seek guidance and support.
