If you want power and influence in the world today, you must have a counterintelligence plan to help prevent or thwart spying, intelligence gathering, and sabotage. Even ISIS has crafted a relatively sophisticated counterintelligence strategy as explained in the Counter Jihad Report. ISIS’s planning includes a blueprint for an Islamic Caliphate by 2020.
A Robust Counterintelligence Plan
Meanwhile William Evanina, head of the National Counterintelligence and Security Center (NCSC), a branch of the U.S. National Intelligence Director’s Office, recently published the 2016 “National Counterintelligence Strategy” plan. The plan describes and identifies the diverse types of events that threaten the US and how the US plans to detect, exploit, disrupt, and neutralize them. The report also lists five “Mission Objectives” and two “Enabling Objectives.”
The report also identifies enemies and their surrogates: terrorists, cyber intruders, malicious insiders, and transnational criminal organizations, as well as global industrial competitors.
According to Evanina, the US report deals for the first time with threats that have spiked dramatically since the introduction of the newest computer databases, smartphones, and other technological advances. Examples of these threats include those allegedly carried out by Chinese hackers and attacks from Iran and others on critical US infrastructure including New York City’s water supply that continue unabated.
Organizational Structure of US Intelligence
The Defense Intelligence Agency (DIA) is the umbrella organization made up of the General Defense Intelligence Program, Defense Intelligence Officers and six directorates: Security & Counterintelligence; Operations, Plans & Training; Foreign Intelligence; JCS Support; External Relations; and Resources & Systems.
The US has invested billions in counterintelligence, but the recent terrorist attack in San Bernardino, California in which terrorists used encrypted communications, show the DIA still has major obstacles to overcome.
The National Counterintelligence Glossary from the report:
- Acquisition – Acquiring by contract with appropriated funds of supplies or services (including construction) by and for the use of the Federal Government through purchase or lease, whether the supplies or services are already in existence or must be created, developed, demonstrated, and evaluated. Acquisition begins at the point when agency needs are established and includes the description of requirements to satisfy agency needs, solicitation and selection of sources, award of contract, contract financing, contract performance, contract administration, and those technical and management functions directly related to the process of fulfilling agency needs by contract. – Federal Acquisition Regulations, as of 29 January 2013
- Counterintelligence – Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities. – Executive Order 12333, as amended, United States Intelligence Activities
- Counterintelligence Programs – Capabilities and activities established within an organization for the purposes of identifying, deceiving, exploiting, disrupting, or protecting against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign intelligence entities. – Intelligence Community Directive 750, Counterintelligence Programs
- Counterintelligence Risk Assessment – An assessment that examines threat information and identifies organizational vulnerabilities to make an informed determination about the likelihood and consequence of the loss or compromise of sensitive information and assets to foreign intelligence entities.
- Cyber Effect – The manipulation, disruption, denial, degradation, or destruction of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. – Presidential Policy Directive/PPD-20, U.S. Cyber Operations
- Cyberspace – The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer, information or communications systems, networks, and embedded processors and controllers. – Presidential Policy Directive/ PPD-20, U.S. Cyber Operations Policy
- Espionage – Intelligence activity directed toward the acquisition of intelligence through clandestine methods. – National Security Council Intelligence Directive No.5, U.S. Espionage and Counterintelligence Activities Abroad 11 National Counterintelligence Strategy 2016
- Foreign Intelligence Entity (FIE) – Known or suspected foreign state or non-state organizations or persons that conduct intelligence activities to acquire U.S. information, block or impair U.S. intelligence collection, influence U.S. policy, or disrupt U.S. systems and programs. The term includes foreign intelligence and security services and international terrorists. – Intelligence Community Directive 750, Counterintelligence Programs
- Information Technology (IT) – Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which 1) requires the use of such equipment; or 2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources. – Committee on National Security Systems Instruction No. 4009, National Information Assurance Glossary
- Insider – Any person with authorized access to any U.S. Government resource, to include personnel, facilities, information, equipment, networks, or systems. – National Insider Threat Policy, 2012
- Insider Threat – The threat that an insider will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the U.S. through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities. – National Insider Threat Policy, 2012
- Intelligence Community –The term “intelligence community” includes the following: (A) The Office of the Director of National Intelligence. (B) The Central Intelligence Agency. (C) The National Security Agency. (D) The Defense Intelligence Agency. (E) The National Geospatial-Intelligence Agency. (F) The National Reconnaissance Office. (G) Other offices within the Department of Defense for the collection of specialized national foreign intelligence through reconnaissance programs. (H) The intelligence and counterintelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Coast Guard, the Federal Bureau of Investigation, the Drug Enforcement Administration, and the Department of Energy. (I) The Bureau of Intelligence and Research of the Department of State. (J) The Office of Intelligence and Analysis of the Department of the Treasury. (K) The Office of Intelligence and Analysis of the Department of Homeland Security. (I) Such other elements of any department or agency as may be designated by the President, or designated jointly by the Director National Intelligence and the head of the department or agency concerned, as an element of the intelligence community. – National Security Act of 1947, 50 U.S.C. sec. 3003(4) 12
- Personally Identifiable Information (PII) – Information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. – Office of Management and Budget Memorandum 07-16 Safeguarding Against and Responding to the Breach of Personally Identifiable Information
- Private Sector – For-profit businesses, non-profits, and non-governmental organizations (including but not limited to think tanks, business trade associations, and academia) not owned or operated by the government.
- Public Sector – Federal, state, territorial, tribal, and local governments that provide basic goods and services that either are not or cannot be provided by the private sector.
- Sensitive Information and Assets – Refers to: 1) Information classified pursuant to Executive Order 13526, Classified National Security Information, including such information provided to industry in accordance with EO 12829, National Industrial Security Program, and EO 13549, Classified National Security Information Programs for State, Local, Tribal, and Private Sector Entities; 2) Critical infrastructure, as defined in EO 13636, Improving Critical Infrastructure Cybersecurity, which includes systems and assets, whether physical or virtual, so vital to the U.S. that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters; and 3) Controlled unclassified information, as determined by department and agency heads in accordance with EO 13556, Controlled Unclassified Information.
- Supply Chain – A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to customers. – Committee on National Security Systems Instruction No. 4009, National Information Assurance Glossary.