A new National Science Foundation (NSF) award will support an innovative effort in the School of Information Sciences at the University of Illinois to strengthen research security by using structured role-playing games (RPG) to model the threats facing academic research environments.
The project, titled "REDTEAM: Research Environment Defense Through Expert Attack Modeling," addresses a growing challenge: balancing the open, collaborative nature of academic research with increasing national security risks and sophisticated adversarial threats. Traditional cybersecurity and compliance frameworks often overlook the human factors that shape real-world decision-making in research environments, where collaboration pressures, funding incentives, and international partnerships can introduce unexpected risks. This project aims to help universities better understand these dynamics by examining the human and behavioral dimensions of research security.
Research security is a critical priority for universities as global competition for advanced technologies intensifies and geopolitical pressures increasingly intersect with academic collaboration.
"Our approach draws on established red-teaming methods from cybersecurity and national security, extending them to examine the social dynamics and human decision-making factors that shape risk in academic research environments," explained Anita Nikolich, director of research and technology innovation and research scientist, who serves as principal investigator on the project.
Instead of relying on theoretical models or compliance checklists, the team will conduct structured, facilitated role-playing game (RPG) workshops that simulate realistic academic scenarios involving competing priorities, ambiguous ethical decisions, and potential adversarial manipulation.
These RPG-based exercises allow participants to assume real-world roles such as researcher, administrator, or security professional, and experience how complex decisions unfold in practice. Unlike traditional tabletop exercises or policy reviews, role-playing simulations encourage participants to explore trade-offs and motivations that often remain hidden in standard security planning.
"Role-playing games allow us to bring players' attention to how they make decisions," said David Dubin, teaching associate professor and co-principal investigator. "And peer-empowered RPGs like Fiasco invite participants to think more critically about assumptions and incentives than do games governed by adjudicators or traditional discussion-based exercises." Fiasco is an award-winning RPG designed by Jason Morningstar, owner and creative director at Bully Pulpit Games.
The project will convene interdisciplinary participants from multiple universities across the research ecosystem, including faculty, cybersecurity experts, research administrators, and compliance professionals, for two intensive workshops. Insights from the workshops will inform future research security frameworks and ensure that these frameworks safeguard scientific investments while preserving the openness and collaboration essential to academic innovation.
"Research security isn't just a technical problem, it's a human problem," said Nikolich. "If we want effective security programs, we have to understand the real pressures researchers face and design solutions grounded in how science actually happens."