Security for Think Tanks and Policy Research Organisations | CloseProtectionHire

Think tanks occupy an unusual position in the threat landscape. They are not government agencies and do not receive the security infrastructure that comes with official classification. They are not commercial organisations with obvious financial assets to protect. Yet the intelligence value of their work, their access to officials and decision-makers, and their role in shaping policy before legislation is drafted makes them a documented target for state-sponsored collection.

James Whitfield, Senior Security Consultant, makes the point plainly: the NCSC does not publish sector-specific security guidance for organisations it considers low-risk. Think tanks have their own dedicated guidance document.

Why think tanks are targeted

The policy research environment has a structural information advantage that intelligence services value. A think tank with strong government relationships may have sight of policy positions before they are announced publicly. Its researchers brief ministers, shadow ministers, and civil servants. Its publications shape legislation. Its conferences create informal environments where government and business contacts speak candidly.

The FBI, MI6, and Germany’s BfV issued a joint advisory in January 2023 that included policy research organisations and think tanks alongside universities, venture capital firms, and technology companies as priority collection targets for PRC-affiliated actors. The advisory specifically identified conference environments as documented collection points where elicitation techniques are routinely deployed.

Separately, GCHQ and NCSC published guidance in 2024 specifically for think tanks, identifying Russian intelligence services and PRC UFWD operations as the primary state-actor threats, with Iran’s MOIS as a secondary concern focused on organisations working on Iran policy and sanctions analysis.

The United Front Work Department (UFWD) operates a documented network of influence activities targeting Western policy institutions. Its methodology includes: cultivating relationships with researchers working on China-related policy, funding or commissioning research through intermediary organisations, approaching researchers at academic and policy conferences, and targeting board and advisory council members who have simultaneous relationships with government.

This is not exclusively a threat from authoritarian states. The US Foreign Agents Registration Act (FARA) has produced enforcement actions against individuals who undertook political consulting and research activities for foreign governments without disclosure. The UK National Security Act 2023 introduced equivalent registration requirements through the Foreign Influence Registration Scheme.

The conference and event collection environment

Policy research organisations run and attend events where government officials, business leaders, and foreign counterparts speak frankly. Annual conferences, closed roundtables, track-two diplomatic dialogues, and off-the-record briefings are all intelligence-rich environments.

The elicitation techniques used in these settings are the same as those documented in corporate intelligence and academic environments: building rapport before asking specific questions, steering conversation toward unpublished research findings or government contacts, gathering biographical information about an organisation’s relationships with officials, and identifying researchers who may be receptive to further engagement.

For researchers, counter-elicitation awareness is not about suspecting every conference attendee. It is about recognising a specific pattern: sustained attention from an individual who is more interested in what you know than what they know, questions that build progressively toward specific sensitive information, and approaches that create a sense of flattery or intellectual validation before making a request.

NCSC guidance specifically notes the use of academic and policy conference environments by actors presenting as students, independent researchers, or think tank affiliates from Chinese and Russian institutions. The approach often begins on LinkedIn prior to the event.

Email and document security

NCSC’s 2024 think tank guidance identifies institutional email systems and shared document platforms as the primary intrusion targets. Think tanks generate and hold significant information assets: unpublished research drafts, government briefing documents received in confidence, correspondence with ministers and officials, donor databases, and records of non-public consultations.

The baseline controls are standard but frequently not fully implemented: multi-factor authentication on all accounts, including shared inboxes and admin accounts; DMARC, DKIM, and SPF email authentication controls to reduce phishing and spoofing; encrypted storage for sensitive documents rather than shared drives with broad access permissions; and device management that ensures work devices are separated from personal use.

Phishing remains the most common intrusion vector. Think tank staff receive email from government officials, academics, and journalists routinely, which means a plausible-looking spear-phishing email is harder to identify than in a commercial environment where external contact is more predictable. NCSC guidance recommends simulated phishing exercises as a staff awareness tool.

Cloud document storage requires specific attention: if a shared document platform (SharePoint, Google Workspace, Notion) contains unpublished research, government correspondence, or donor information, access controls should be role-restricted and reviewed quarterly. Former staff and fellows who retain access to institutional systems are a systematic gap.

See the related guidance on insider threat in corporate security programmes for the access control framework that applies to former employee accounts.

Researcher personal security

A researcher who is individually targeted by a state actor faces personal risk alongside institutional risk. Published research, media appearances, and conference presentations create a public profile that a targeting operation can build on.

Residential address protection is the first consideration. UK electoral register entries are public records. NCSC guidance for individuals at elevated risk recommends the Anonymous Registration Scheme administered by the Electoral Commission, which allows registration without a published address. The same consideration applies to Companies House filings for any directorships or company interests.

Device security for researchers who travel to conferences in authoritarian states, or who visit P1 city counterpart organisations, requires the same clean-device protocol that NCSC recommends for corporate travellers: a separate travel device that does not carry unpublished research, government contacts, or internal correspondence. This is particularly relevant for researchers who travel to China, Russia, or Gulf states for conferences or bilateral dialogues.

For researchers who receive threatening communications in connection with published work on sensitive topics, the NPSA ProtectUK guidance on individual threat management and the National Fixated Threat Assessment Centre (NFTAC) are the relevant references for escalation.

The foreign funding and commissioned research dimension

Think tanks that receive funding from overseas sources or undertake commissioned research for foreign-state-affiliated organisations face legal obligations under the National Security Act 2023. The Foreign Influence Registration Scheme (FIRS) requires registration of arrangements to undertake political influence activities in the UK on behalf of a foreign power or foreign-power-controlled entity.

The definition of political influence activities is broad and extends to activities designed to influence government decision-making, parliamentary proceedings, or public opinion on government policy. Research commissioned by a foreign-state-linked organisation and intended to inform UK policy debate may fall within FIRS scope.

This is a legal question that requires legal advice specific to the individual funding arrangement. The point for security purposes is that undisclosed foreign funding creates a vulnerability: if it becomes public through a leak, an investigation, or a journalistic disclosure, it exposes the organisation to reputational and legal risk that a state actor could exploit.

Operational security for sensitive projects

Some think tank research projects carry elevated sensitivity: work on sanctions regimes, analysis of authoritarian government behaviour, research on organised crime, reporting on foreign interference operations. For these projects, a more structured operational security framework is appropriate.

Project-level access control means limiting knowledge of the project to those directly involved, not the full organisation. Draft documents should not circulate on shared drives. External reviewers should access drafts through a secure channel, not via standard email. When the research involves sources who face risk in their home countries, communications with those sources should use end-to-end encrypted channels (Signal, ProtonMail) rather than institutional email.

For think tanks whose staff include individuals who have received personal threats, or whose research has provoked documented hostile responses from state actors, a formal threat assessment and a structured security programme are appropriate, not an overreaction.

See the guidance on security for academic researchers and fieldworkers for the fieldwork-specific security framework that overlaps with think tank research operations. For the security considerations that apply to authors, public intellectuals, and individuals who have published controversial or politically sensitive work – including the long-duration fixated threat model, literary festival security, and address suppression – see our security for authors and public intellectuals guide.

Sources: NCSC Protecting Think Tanks Guidance 2024; FBI, MI6, and BfV Joint Advisory on PRC Economic Espionage January 2023; GCHQ/NCSC Hostile State Threats to UK Democracy 2024; National Security Act 2023; Foreign Influence Registration Scheme FIRS Guidance 2024; NPSA ProtectUK Individual Threat Management 2024; NFTAC Guidance 2024; NCSC Phishing Guidance 2024; US FARA Enforcement Actions 2023.