This paper examines four dimensions of U.S. counterintelligence (CI) strategy and practice. It assesses the ONCIX approach to detecting and preventing insider threats through workforce culture, automation, and risk-based monitoring frameworks. It then proposes a CI plan to address the recurring organizational weakness of alcohol tolerance among personnel. The paper applies these principles to the Robert Hanssen espionage case, constructing a systematic plan of polygraph testing, behavioral analytics, and whistleblower mechanisms to counter missed indicators. Finally, it outlines a strategy for reversing Russian-engineered erosion of U.S. subversion-detection instruments, emphasizing surveillance, liaison, public collaboration, and legislative engagement to restore effective counterintelligence capabilities.
Preventing and detecting insider threats is one of the core aspects of the ONCIX strategy. As a premier counterintelligence and security agency in the U.S. government, ONCIX requires a strong understanding of how to identify and deter insider threats. According to its strategy, "the most effective safeguard against insider threats is a knowledgeable, trusted workforce which is confident that their privacy and civil liberties are respected."1 Ensuring that employees are trustworthy and invested is the first line of defense against insider threats.
Gathering data from multiple sources constitutes another line of defense in the ONCIX strategy to mitigate the risk of malicious insiders. The basis of this approach is to apply a whole-person, whole-of-career concept in order to analyze data and identify behavioral anomalies. Those anomalies are then reviewed to determine whether any foreign intelligence entity (FIE) nexuses are present. FIE activities are analyzed as well for the purpose of identifying patterns of behavior that correspond with an insider threat.2
Automation is another key aspect of the strategy: ONCIX plans to use automated records checkers to help identify counterintelligence information relevant to detecting insider threats.3 Risk management is also embedded in the strategy; insider threat methods are designed to incorporate counterintelligence equities within a risk-based framework for detection purposes.
Organizational culture also serves as a critical line of defense. The strategy promotes insider threat awareness among employees so that workers are both conscious and vigilant of insider threat potential and remain alert to risks at all times.4 Network and system monitoring provide key technical support so that red flags or triggers do not go undetected by monitoring programs even when they go unnoticed by individual workers. Flagged data is then cross-checked against a variety of other data sources to detect anomalies. Finally, the strategy employs an auditing function designed to prevent unauthorized retrieval of information and unauthorized activity by workers, with the ultimate goal of maintaining the most secure information infrastructure possible.5
Overall, the strategy in place is structured, functional, and operational. It focuses first and foremost on cultivating an organizational culture that promotes awareness among workers β awareness that is absolutely essential for identifying and deterring insider threats. When everyone understands that their actions are monitored and that anything out of the ordinary will be flagged and assessed for FIE connections, protocol is far more likely to be followed.
The organization reinforces this culture with technological programs that assist in the monitoring of individuals and their actions. This two-pronged approach β uniting a workplace culture with a technical methodology of monitoring and evaluating employee actions to identify anomalies β is comprehensive and cohesive, and it will facilitate achievement of the objective of mitigating insider threat risk within counterintelligence.
The first and most powerful line of defense remains the hiring of trustworthy agents. Every hire must be thoroughly vetted and documented to ensure that there is no risk of the agent having established FIE connections at any point in his or her career. This requires a robust human resources function trained to vet incoming agents, knowledgeable about the counterintelligence field, capable of identifying potential triggers, and skilled at cultivating a high-quality talent pool. That pool will be the most critical source of staffing for the counterintelligence office; it must consist of trustworthy individuals, without whom the office cannot function in any meaningful manner, regardless of the technological support systems used to monitor employee behavior.
The successful operations of U.S. counterintelligence will depend highly upon the work of employees in ONCIX, and these workers will need to embrace the culture the office has cultivated β a culture of awareness, vigilance, and acceptance of monitoring for the sake of the operation's safety and integrity.
Effective counterintelligence procedures require taking the offense and being proactive rather than reactive. Accordingly, the best way to enhance security with respect to the recurring organizational weakness of alcohol tolerance is to create an organizational culture that is prohibitive of alcoholism and promotes sobriety and focus on all tasks at hand. Individuals who have a reputation for heavy drinking should be flagged, monitored, and enrolled in a program designed to discourage their drinking and help them maintain sobriety. Such action sends a clear message to other members of the office that alcoholism will not be tolerated.
At the same time, one risk to this approach is that it could create morale problems among workers accustomed to a culture that tolerates drinking. Frustration could set in if workers feel that a valued release from job-related tension has been removed without replacement. The high-stress nature of counterintelligence work means that personnel need legitimate outlets for decompression.
To address this obstacle, the office should provide workers with alternative means of managing tension and stress β means that are healthy and not detrimental to the work of the counterintelligence office. As Michelle Van Cleave notes, strategic counterintelligence must be tactical, which means that techniques must be employed that originate in foresight and rational expectation.6 If a culture of sobriety is to prevail, alternative means of relieving stress must be provided and actively supported within the office.
This will help the office maintain its integrity. It is essential that counterintelligence act as the fundamental precursor to all intelligence activities because it is the primary line of defense against those who seek to disrupt the intelligence-gathering process. If the intelligence community lacks a credible line of defense, its offensive strategy will be meaningless β just as in athletics, a team without a defense will not win. The intelligence community must have a counterintelligence team in place before it can expect to gain dividends from its intelligence-gathering operations.7
Counterintelligence must own the field of operation β what practitioners call "the street" β the same way a defense must control the court and prevent the opponent from penetrating into the paint. If counterintelligence owns the field of operation, intelligence operators can maneuver more freely and without fear of being misled. Counterintelligence must read the opposition, anticipate the opposition's moves before they occur, and adjust accordingly. Sending intelligence operators into the field without counterintelligence support is no different from sending lambs to the slaughter.
This is why having a plan to deter issues like alcoholism is essential. If agents and workers are permitted to engage in heavy drinking and the culture tolerates it, the effectiveness of the counterintelligence program will be diminished β a program that depends upon sobriety, precision, and intelligent observation and deduction. Teams engaged in heavy drinking will not be vigilant at all times. The culture must therefore be set with a zero-tolerance policy firmly in place.
Leaders within the organization must set the tone and example, as they are the ones who give cues about what behavior is acceptable. If they demonstrate tolerance for alcoholism, the culture will never improve. In any change-management situation, cultural transformation must be supported by key stakeholders who are leaders within the group. There must be alignment of vision and purpose between organizational leaders and those responsible for developing the culture. Leaders are responsible for implementing the cultural standards, and if their implementation is misaligned with the goal of prohibition, the organization will continue to suffer from the consequences of alcoholism β consequences that will, in turn, negatively impact counterintelligence and field operations. Selecting and grooming leaders who will promote the vision and aims of the organization is therefore vital.
"Remedying FBI failures exposed by Hanssen espionage case"
"Restoring surveillance, liaison, and subversion-detection tools"
Cooperation between private and public agencies is the heart and soul of liaison, and liaison β like lobbying and collaboration among entities β can provide optimal solutions for putting the right policies and laws in place. Such cooperation would allow counterintelligence to leverage the data available in the digital world to better detect subversion and create a safer public domain for the nation's citizens. Denying counterintelligence access to the digital world and the data constantly being transferred within it will only have negative repercussions going forward, and currently acts as a significant barrier for the counterintelligence community. Without proper legislative authority and support from Congress to monitor relevant online activity, mobile communications, and social media, the threat of subversive penetration will persist.
You’re 50% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.