U.S. counterintelligence plan stresses public/private partnerships
The latest version of the strategy, released this month, stresses the importance of an integrated approach to countering threats from foreign entities.
In the wake of several high-profile breaches of sensitive government databases, U.S. intelligence officials are emphasizing a whole-of-government approach to countering cyber espionage from foreign intelligence entities that includes a better working partnership with the private sector.
As the recently released 2016 National Counterintelligence Strategy points out, just recognizing the threat isn’t enough; the United States needs an integrated process for countering those threats, covering everything from acquisition to personnel decisions to deploying its IT assets.
The report defines counterintelligence as: “Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities.”
The report includes four mission objectives that outline activities necessary to counter foreign intelligence entities and insider threats, along with two enabling objectives to provide the foundation for the mission objectives’ success.
Included in both the mission and enabling objectives—and mirroring recent legislation passed by Congress—the strategy identifies partnerships and information sharing with private entities as crucial to national security in counterintelligence and cyberspace. One area in which the report explicitly outlines a robust partnership is in protecting sensitive information. “To effectively protect our information and assets, the U.S. Government must engage stakeholders across the public and private sectors to ensure a common understanding of, and response to, FIE [foreign intelligence entity] activities,” the report notes.
One of the more hotly contested aspects of cyberspace operation is the continuously blurring line of espionage and cyber “war.” Intelligence officials such as the Director or National Intelligence James Clapper have noted before Congress that, as troubling and egregious as the hack of the Office of Personnel Management databases was, it was not an act of war. In fact, it’s the same kind of thing the United States does. “So when we talk about what are we going to do for, to counter espionage or punish somebody or retaliate for espionage, well we, I think it’s a good idea to at least think about the old saw about people live in glass houses shouldn’t throw rocks,” Clapper said at a Senate Arms Services Committee hearing in September, drawing fervor from the panel’s chairman for the seeming weak or lack of response from the U.S.
The 2016 National Counterintelligence Strategy does, however, explain that the U.S. must employ coordinated offensive and defensive counterintelligence activities as a means of disrupting FIE objectives and advances. The report calls on members of the Intelligence Community to “Conduct and support, as appropriate, [counterintelligence] operations that corrupt the integrity of foreign adversaries’ intelligence cycles.” Such information gathered from these practices will form the basis of a coordinated, agile and highly responsive process for both identifying and prioritizing FIE threats and intelligence gaps, the report said.
U.S. intelligence officials have been warning that the next phase of cyber activity from adversaries they fear most is the manipulation and altering of data. “I believe the next push on the envelope here is going to be the manipulation or deletion of data, which will of course compromise its integrity,” Clapper said in September.
“As a military commander, I'm used to the idea that I can walk into a darkened space with a lot of sensors coming together and look at a visual image that uses color, geography and symbology, and quickly assimilate what's going on and make very quick tactical decisions,” Commander of Cyber Command and the Director of the National Security Agency Adm. Michael Rogers wondered aloud at a defense policy forum in November. “But what happens if what I'm looking at does not reflect reality … [and] leads me to make decisions that exacerbate the problem I'm trying to deal with [or] make it worse?,” noting that data manipulation is one of if not his top concern.
The National Counterintelligence Strategy also took aim at insider threats, which the IC views as a growing concern with the leaks of classified information by several disgruntled individuals among their ranks. Such insider threats jeopardize national security, the report noted, while “unauthorized public disclosures by trusted insiders have damaged international relationships, compromised intelligence sources, and prompted our adversaries to change their behavior, making it more difficult to understand their intentions.”
One of the most important components of combating these insider threats is early detection as well as a knowledgeable, trusted workforce.