Two employees at the Department of Mechanical and Industrial Engineering (Faculty of Engineering) at NTNU in Trondheim have been charged with a data breach and are also being investigated for unregulated research that may be in violation of export control laws.
Universitetsavisa, the University newspaper, was first to report the issue in an article published Monday afternoon, 20 January.
“We regard this as a serious matter and are aiding the police with information and other assistance that they may need for the investigation,” says Bjarne Foss, NTNU’s Pro-Rector for Research.
NTNU notified the Norwegian Police Security Service
Department management discovered irregularities in the research group early last year.
It became clear that the two people who were charged and a group of visiting researchers from Iran had occupied a laboratory to a disproportionate extent, where they were testing samples of materials.
It was subsequently found that a PC in the laboratory, connected to an advanced electron microscope, had been enabled via the Internet, in violation of NTNU’s rules for the use of the equipment.
In April, NTNU reported the case to the Norwegian Police Security Service (PST), which this autumn initiated an investigation. The investigation is still at an early stage and is expected to be time-consuming, PST said.
No need for stigma
The two suspects have been suspended from their positions as long as the investigation is ongoing. During this period, they do not have access to NTNU’s premises and computer systems. The visiting Iranian guest scientists left Norway last year. The last visitor departed in July.
Pro-Rector Bjarne Foss says that there is currently only one charge in the case and that no one has been indicted or convicted. He is also concerned that this individual case should not lead to the stigmatization of a group of staff and students.
“We have many talented staff, PhD candidates and students from Iran. They make strong contributions to our academic community and shouldn’t be considered suspect as a group,” says Foss.
Sharpen access control
The investigation of the two employees from Iran has also brought to light issues regarding NTNU’s access control system.
“Our areas should be as open as possible and as closed as necessary. Universities should be open, both because of tradition and because of our social responsibility. We have a well-established system and routines for access control, but the system depends on trust between colleagues,” Foss.
As a direct follow-up to this case, work has been initiated to tighten up the procedures for access control and further develop the security culture throughout the university.