counterintelligence

Question 1: Construct an assessment of ONCIX strategy, prevention and detection concerning either insider threats, or, economic threats.
Preventing and detecting insider threats is one of the core aspects of the ONCIX strategy. As a new premier counterintelligence and security agency in the U.S. government, ONCIX needs a strong understanding of how to identify and deter insider threats. According to its strategy, “the most effective safeguard against insider threats is a knowledgeable, trusted workforce which is confident that their privacy and civil liberties are respected.”[footnoteRef:2] Making sure that its employees are trustworthy and invested is the first line of defense against insider threats. Gathering data from multiple sources is another line of defense in the ONCIX strategy to mitigate the risk of malicious insiders. The basis of the approach is to use a whole-person, whole-of-career concept that so as to analyze data and to identify anomalies that present themselves. Anomalies are reviewed to see if any foreign intelligence entity (FIE) nexuses are present. FIE activities are analyzed as well for the purpose of identifying patterns of behavior that correspond with an insider threat.[footnoteRef:3] [2: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 4. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf] [3: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf]
Automation is another key aspect of the strategy and ONCIX plans to use automated records checkers to help identify applicable counterintelligence information that would assist in identifying an insider threat.[footnoteRef:4] Risk management is also part of its strategy: insider threat methods are meant to include counterintelligence equities within a risk-based framework for detection purposes. [4: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf]
The culture of the office is also important as a line of defense: the strategy here is to promote insider threat awareness among employees so that workers are both conscious and vigilant of insider threat potential and remain alert to possibilities of risk at all times.[footnoteRef:5] To achieve that end, networking and system monitoring provides key technical support so that red flags or triggers do not go undetected by monitoring programs even if they do go undetected by workers. Data that is flagged is then cross-checked against a variety of other data sources to detect anomalies. Finally, the strategy uses an auditing function meant to prevent unauthorized retrieval of information and unauthorized activity by workers from occurring. The goal here is to maintain, ultimately, the most secure information infrastructure possible.[footnoteRef:6] [5: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf] [6: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf]
Overall, the strategy in place is one that is structured, functional and operational: the strategy focuses first and foremost on delivering an organizational culture that promotes and fosters awareness among workers in the office; this awareness is absolutely essential for identifying and deterring insider threats. It means that protocol are more likely to be followed, as everyone will know that everything they do is being watched and monitored and that any actions out of the ordinary will be flagged and compared to other anomalies to determine whether the actor is an FIE.
The organization supports this culture with technological programs that assist in the monitoring of individuals and their actions. This two-pronged approach uniting a workplace culture with a technical methodology of monitoring and evaluating employee actions to determine anomalies and potential insider threats is comprehensive and cohesive and will facilitate achievement of the objective of mitigating the risk of insider threats within counterintelligence.
The first line of defense is the most powerful, which is where the office is concentrating efforts as well, which is in the hiring of trustworthy agents to serve in the office. This means that every hire has to be thoroughly vetted and documented to make certain that there has been no risk of the agent having become an FIE at any point in his or her career. This requires a very robust human resources department in the office, one that is trained to vet incoming agents and employees and has extensive knowledge of the counterintelligence field, what factors to identify as potential triggers, and how to go about collecting a pool of potential hires. That pool of talent will be the most critical source for staffing the counterintelligence office; it must be of a very high quality of trustworthy characters, without which the office will not be able to function in any meaningful manner, regardless of the technological support systems used to monitor employee behaviors.
The successful operations in U.S. Counter-Intelligence will depend highly upon the work of employees in the ONCIX, and these workers will need to buy into the culture that the office has cultivated, which means submitting to the mindset of awareness and of monitoring for the sake and safety of the operation.
Question 2: Generate a plan which embeds effective counter-intelligence procedures to enhance security in one of the areas of recurring weakness: Inadequate Vetting; Employment Disgruntlement; Apathy / Reticence towards spendthrifts; Tolerance of alcoholics.
Effective counter-intelligence procedures include taking the offense and being proactive rather than reactive. Thus, the best way to enhance security in one of the areas of recurring weakness, such as tolerance of alcoholics, is to create an organizational culture that is prohibitive of alcoholism among workers and promotes sobriety and focus on all tasks at hand. Individuals who have a reputation for drinking heavily should be flagged and monitored and they should be placed in a program that will discourage their drinking and help them to maintain a life of sobriety. This would serve as an example to other members of the office that alcoholism will not be tolerated.
At the same time, one risk to this approach is that it could create morale problems among workers who are used to being able to drink and to live a life that is tolerant of alcoholism. Frustration could set in among workers if they sense that all the fun has gone out of the job and that they no longer have a release that can help them to blow off the tension that accumulates as a result of the nature of their work.
To address this obstacle, the office should provide workers with alternative means of blowing off tension and stress—means that are healthy and not detrimental to the work of the counter-intelligence office. Strategic counterintelligence must be tactical, after all, and this means that techniques must be employed that originate in foresight and rational expectation.[footnoteRef:7] If the culture of sobriety is to prevail, an alternative means of relieving tension must be provided and supported within the office. [7: Michelle van Cleave, “Strategic Counterintelligence: What Is It and What Should We Do About It ?” 2007. CIA Center for the Study of Intelligence. https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol51no2/strategic-counterintelligence.html]

This will help the office to maintain its integrity above all. It is essential that counter-intelligence act as the fundamental precursor to all intelligence activities because it is the main line of defense against those trying to disrupt the intelligence gathering process. If the intelligence community has no line of defense, its offensive strategy will be meaningless, just as in athletics when there is no defense a team will not win. The same is true in intelligence: the intelligence community must have a counter-intelligence team in place before it can expect to gain dividends from its intelligence gathering operations.[footnoteRef:8] [8: Prunckun, Hank. 2012. Counterintelligence Theory and Practice, Lanham: Rowman& Littlefield Publishers Inc. Read the following: Chapters 8 to 14, pages 131 to 217. Appendices A to D, pages 219 to 231. ]
Counter-intelligence has to own the field of operation, the street as it is called, the same way a defense must own the court and not allowed the opponent to penetrate into the paint. If counter-intelligence owns the field of operation, intelligence operators can maneuver more freely and without fear of being misled: counter-intelligence has to be able to read the opposition, know what the opposition is going to do before it does it, and adjust accordingly. Counter-intelligence is thus a fundamental aspect of intelligence work because it is concerned primarily with what opponents in the field are doing and how those players might impact one’s own intelligence operators. Sending intelligence operators into the field ahead of counter-intelligence or with no counter-intelligence support is no different from sending lambs to the slaughter or leading a blind man into an alley.
This is why having a plan in place to deter against issues like alcoholism is essential as well. If agents and workers are permitted to engage in heavy drinking and the culture tolerates it, it will diminish the effectiveness of the counter-intelligence program, which relies upon sobriety, utility, precision of powers, and intelligent observation and deduction. Teams that engage in heavy drinking are not going to be on guard and vigilant at all times. Thus, the culture has to be developed and set and must be prohibitive with a zero tolerance policy in place.
Leaders within the culture must set the tone and example, because they will be the ones giving the cues regarding what is acceptable behavior and what is not. If they demonstrate tolerance for alcoholism, the culture will never improve. In any change management situation, the culture change has to be assisted by stakeholders who are leaders in the group wherein the change is being implemented. Thus there must be alignment of vision and purpose between leaders in the organization and those developing the culture. The leaders will be responsible for implementing it, and if their implementation is out of alignment with the vision of prohibition the organization will continue to suffer from alcoholism, which will in turn negatively impact the work of counter-intelligence and intelligence in the field of operations. This is why selecting and grooming leaders who will promote the vision and aims of the organization is so vital as well.
Question 3: Construct a systematic plan that embeds CI measures to counter the missed/ignored suspicion indicators in either the Ames case, or, the Hanssen case.
In the Hanssen case, the FBI failed to investigate itself even though there was evidence that Hanssen was breaking into the computers of other agents to access confidential files.[footnoteRef:9] From a counter-intelligence perspective, the use of polygraphs should have been mandatory and this would have allowed the agency to collect data about the intentions of Hanssen and compare them with other data sets to find anomalies. In counter-intelligence, monitoring, collecting and assessing data is of prime importance and the FBI was simply not doing this on a regular or routine basis. [9: David Johnston and James Risen, “U.S.had evidence of espionage,” New York Times, 2001. https://www.nytimes.com/2001/02/23/us/us-had-evidence-of-espionage-but-fbi-failed-to-inspect-itself.html]
However, a systematic plan that embeds counter-intelligence measures to counter the missed/ignored suspicion indicators in the Hanssen case must start with culture. The culture of the organization has to be developed in such a way that routine self-examination and reporting is viewed as absolutely mandatory and essential. If every agent is routinely subject to polygraph for the sake of collecting data in order to identify anomalies, the Hanssen case could have been prevented.[footnoteRef:10] Likewise, if the culture is focused on security and identifying internal threats, individuals like Hanssen will be flagged and addressed as soon as anomalies in their behavior begin to appear. [10: David Johnston and James Risen, “U.S.had evidence of espionage,” New York Times, 2001. https://www.nytimes.com/2001/02/23/us/us-had-evidence-of-espionage-but-fbi-failed-to-inspect-itself.html]
Tracking and monitoring behavior is thus essential and should begin with the monitoring of all computer activity using software technology, machine learning, and AI; monitoring building activity with cameras, security codes for ingress and egress, and having all building activity monitored by the same software with code developed to identify patterns and anomalies and to flag individuals who demonstrate anomalies so that closer inspection of the person’s activities can be assessed by a panel of FIE experts. This panel should consist of senior trusted members in the organization, who have top ranking scores in trustworthiness.
Scores should be given to agents and workers every year based on the number of anomalies detected, number of suspicious activities, and number of credibility issues that arise over the course of the person’s tenure. Scoring agents and workers will also allow the monitoring of FIE threats to be more authentically and efficiently conducted. Staffing a panel of senior members to oversee threat assessment is important, as they will determine ultimately what threats to investigate.
That panel should be obliged to follow a standard operating protocol that includes the launching of mandatory investigations based on anomalies identified by the machine learning software monitoring building activity, computer activity, agent and workforce activity, and any internal reporting.
A whistleblower hotline should also be established that allows internal reporting to be made anonymously. Anyone using it must be able to verify reports with authentic documentation, however. Reports that cannot be verified should not be accepted as authentic, as it can become a way for FIE counter-intelligence within the organization to abuse the system and create misdirection. Authentication must be a top priority in assessing the validity of internal reporting.
This protocol and tactical remedy will help to address the risk of penetration by hostile FIE and allow the organization to proceed in an efficient manner towards the optimization of the counter-intelligence system and the protection against that system from internal threats like Hanssen.
The culture of the organization should also be monitored using organizational behavior analytics and models, assessments and reviews, and the development of silos within the organization. Silos should be eliminated whenever they appear, as they create and foster sub-cultures within a culture and can impair communication across the board, harming the interior morale of teams, and hampering processes.
An audit committee should be paneled to assess the culture routinely and to identify any issues within the organization that require a redevelopment of the cultural framework. The values and ideals of the organization should be promoted along with the vision and mission of the organization so that agents and staff are aware of what the end goal of the organization always is and why they must refrain from risky types of behavior, such as drinking or substance abuse.
In this manner, the organization will be best situated to deter penetration and hostile takeover. The case of Hanssen could have been prevented had some of these protocols been developed and implemented at the time. Yet, because polygraphs were not conducted and reports not taken seriously, the case of Hanssen was allowed to continue under the noses of those in command. Hanssen should have been regularly and routinely obliged to undergo a polygraph testing because of the initial indicator that was made through documented evidence of his abuse of computer technology at the offices. By seeking to obtain information that was not meant for him, he showed a willingness to break the honor of the organization, and that is a sign of an FIE in the making. His further actions could easily have been prevented had the organization simply taken the steps to address the threat instead of accepting that the actor’s reputation spoke for him more clearly than the reporting of individuals in the office who had evidence of his transgressions.
Question 4: Generate a plan for reversing the Russian counter-intelligence outcome of having engineered the abolition of the four main U.S. instruments for detecting, investigating and prosecuting subversion.
Surveillance, publicity, and liaison are essential instruments in counter-intelligence to help detect, investigate and prosecute subversion.[footnoteRef:11] Screening, monitoring, and scrutiny are needed to detect subversive activities.[footnoteRef:12] Observation of known subversive outlets must also be conducted so as to know who is participating in these outlets and what activities they are engaging in. [11: Richelson, Jeffrey. 2007. “The Pentagon’s Counterspies: The Counterintelligence Field Activity (CIFA).” (September 17). National Security Archive. Accessed January 19, 2017. http://nsarchive.gwu.edu/NSAEBB/NSAEBB230/.] [12: Counter intelligence for National Security, CIA, 1993. https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol2no4/html/v02i4a10p_0001.htm]
Publicity is also important because it gets the message out to loyal citizens. Just as the Amber Alert system helps to warn the community about kidnappers who are wanted and thus both helps those kidnappers to be found more quickly and deters the practice of kidnapping because perpetrators know they will be caught, the use of publicity to raise awareness about subversive activities is especially useful. It allows the public to be enlisted in the fight against subversion and the public in turn gets to know the counter-intelligence agencies that they can rely upon to help fight against infiltration and subversion. Collaboration between the public and the agency is absolutely essential in this fight.
Defection and immunity offerings are also helpful in eliciting the support of the public so that members of the public with potentially important information about subversion may be willing to come forward. However, without the proper amount of prudence and the right approach to handling defection situations, it can easily become a problem for the intelligence community. Every case must be properly and thoroughly vetted so as to identify FIE.
This is where the problem of national and legal policies impacts counter-intelligence. The dispute over open borders and allowing illegal immigrants to take refuge in sanctuary cities is a major way to harbor FIE within the nation’s borders. Fighting against this kind of corruption is difficult because state legislators are often at odds with federal legislators who are even at odds with themselves. The Trump Administration, for example, has been fighting to get the U.S.-Mexico border the kind of defense needed to reduce illegal penetration, but lawmakers on both sides of the political aisle at both the federal and state levels have pushed back. For political purposes, the safety and security of the nation is jeopardized.
Thus, the effectiveness of national and legal policies that impact upon counterintelligence threats is significant and more needs to be done to take precautions with regard to refugees, immigration, vetting, and monitoring those who come into the country.
Liaison is one way to help bring that better monitoring system about. The Israeli system of monitoring its airports and preventing attackers from approaching is an ideal format that can help deter terrorism, but it is also a uniquely modified approach that only works with respect to securing a region. The same idea and concept has to be applied, however, with respect to counter-intelligence. A vigilance and all-seeing eye through the use of cameras, machine learning, and tracking systems has to be developed. Without so many people using digitally connected technology today, it should not be difficult to know who is where and what they are doing.
The problem of privacy rights holds up any real and substantive approach to detecting subversion, unfortunately. Privacy rights of users of digital technology can be respected at the same time the safety of the nation has to come first. Monitoring all digital activity should be the responsibility of counter-intelligence, and legislators at the federal level need to be made aware of that. Lobbying should be conducted to raise awareness on this issue, and lawmakers who understand the threat should be supported by the intelligence community, whereas those who do not support such initiatives should not receive in turn the support of the community. Lawmakers have to be given the facts of the case so that they see what is at risk and why security must trump over privacy concerns today.[footnoteRef:13] Only then will a proper implementation of policies and protocols be permitted at the counter-intelligence level. [13: Richelson, Jeffrey. 2007. “The Pentagon’s Counterspies: The Counterintelligence Field Activity (CIFA).” (September 17). National Security Archive. Accessed January 19, 2017. http://nsarchive.gwu.edu/NSAEBB/NSAEBB230/.]
Cooperation between private and public agencies is the heart and soul of liaison, and liaison, like lobbying and collaborating among entities, can provide optimal solutions to getting the right policies and laws in place that will allow counter-intelligence to use the data that is available in the digital world to better detect subversion and create a safer public domain for the nation’s citizens. Not having access to the digital world and the data that is constantly being transferred therein will only have negative repercussions going forward and currently acts as a barrier for the counter-intelligence community. Without proper license and support from Congress to monitor activity online, among mobile phone users, and in social media, the problems of subversive penetration will persist.
Bibliography
Counter intelligence for National Security, CIA, 1993. https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol2no4/html/v02i4a10p_0001.htm
Johnston, David and James Risen, “U.S.had evidence of espionage,” New York Times, 2001. https://www.nytimes.com/2001/02/23/us/us-had-evidence-of-espionage-but-fbi-failed-to-inspect-itself.html
National Counterintelligence Strategy of the United States of America 2016 (Strategy). https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf
Prunckun, Hank. 2012. Counterintelligence Theory and Practice, Lanham: Rowman&Littlefield Publishers Inc. Read the following: Chapters 8 to 14, pages 131 to 217. Appendices A to D, pages 219 to 231.
Richelson, Jeffrey. 2007. “The Pentagon’s Counterspies: The Counterintelligence Field Activity (CIFA).” (September 17). National Security Archive. Accessed January 19, 2017. http://nsarchive.gwu.edu/NSAEBB/NSAEBB230/.
Van Cleave, Michelle. “Strategic Counterintelligence: What Is It and What Should We Do About It ?” 2007. CIA Center for the Study of Intelligence. https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol51no2/strategic-counterintelligence.html