He described cyber threats as the “new frontier” of counterintelligence.

Counterintelligence (CI) is a dynamic and ever-changing field, art, and science. In recent times, significant societal and technological changes have forced the CI field and its component agencies to adopt new methods to meet new and emerging trends and threats. The goal of CI is to protect “America’s secrets from espionage by hostile, and sometimes, even friendly foreign powers” by way of “uncover[ing] and thwart[ing] foreign intelligence operations directed against the United States [U.S.].” Historically, this method of uncovering and thwarting foreign intelligence entities (FIEs) has involved the running of double agents, planting moles within enemy organizations, enticing defectors, gathering information from foreign sources or intelligence services, and establishing robust vetting and security processes for intelligence agency recruits. While these methods still represent important and relevant CI strategies, emerging global threats demand a fundamental transformation of U.S. counterintelligence operations, most notably a deeper integration of CI operations across military branches, law enforcement agencies, intelligence agencies, and other public and private sector entities.

There have been concerted efforts in the past to coordinate CI operations and to integrate different counterintelligence agencies and personnel into a single unified body. These efforts have focused on merging CI activities conducted by the Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), Armed Forces, and other agencies to present a more unified front against foreign intelligence and terror threats.

In a 2010 counterintelligence report, Paul Redmond, a former CIA Chief of Counterintelligence, identified terrorist and cyberspace threats as particular challenge areas for U.S. CI operations. He described cyber threats as the “new frontier” of counterintelligence. Adversaries’ exploitation of social media poses one of the most significant cyberspace challenges for the United States, especially because the most damaging and divisive misinformation campaigns are often assisted and expanded by social media platforms.

For example, Russia used social media networks as propaganda tools to fuel unrest during the 2014 Ukrainian revolution and to incite the 2015 Jade Helm exercise hysteria in Bastrop County, Texas. Russia deployed even more extensive cyber operations during the 2016 U.S. Presidential election, the 2017 French presidential election, and the 2017 German federal elections. It’s apparent that social media can influence foreign powers and assist in a nation’s own domestic and foreign policy goals. In an opinion piece for The Hill, Darren Tromblay, a former U.S. intelligence analyst, notes that U.S. CI legislation intended to limit foreign manipulation of U.S. opinion via cyber campaigns and deception strategies, such as the “Foreign Agents Registration Act of 1938,” is inadequate.

Despite recent efforts by the National Counterintelligence and Security Center (NCSC) to defend against foreign interference in U.S. democratic systems, the United States remains vulnerable to foreign powers’ disinformation campaigns. Mark Stout writes that the intelligence community (IC) can combat foreign threats by making “a renewed commitment to cybersecurity.” Christopher Costa and Joshua Geltzer, both veterans of the National Security Council, add that the IC must work “very much in the open, identifying disinformation spread by foreign adversaries and swiftly debunking it before it can “go viral” and entrench itself in American minds.”

While the U.S. has made some headway by joining forces with the private sector to address such threats, integration among its public sector entities lags: the United States remains unable to fully integrate its intelligence services. The overlap between terrorist activities, transnational criminal organizations and the use of social media as recruitment and propaganda tools, represents just one reason to more closely integrate law enforcement and counterintelligence missions.

One of the best examples of the integration of CI operations was the establishment of the NCSC, initially called the Office of the National Counterintelligence Executive (ONCIX or NCIX), in December of 2000. Its design intended “to have a U.S. CI system that is predictive and provides integration and oversight of CI issues across the national security agencies.” The need for a more centralized counterintelligence authority became increasingly important after the September 11, 2001 terrorist attacks. The NCSC’s goal is to “[l]ead and support the U.S. Government’s counterintelligence (CI) and security activities critical to protecting [the] nation; [to] provide CI outreach to U.S. private sector entities at risk of foreign intelligence penetration; and [to] issue public warnings regarding intelligence threats to the [United States].” It also assists the coordination of IC members’ counterintelligence missions.

Don’t be parochial and train your people.

When invited to address NCIX students in Washington, D.C., James Olson, the former Chief of Counterintelligence for the CIA, said, “[the] NCIX realized immediately that it needed to establish community-wide counterintelligence training programs.” He further noted, “It was an unforgettable feeling to walk into the classroom on the first day and to look out at the students’ name cards with their organizational affiliations: CIA, FBI, Defense Intelligence Agency (DIA), National Security Agency (NSA), National Reconnaissance Office, Department of Energy, U.S. Army, U.S. Navy, U.S. Air Force, U.S. Marine Corps, Drug Enforcement Agency, and several others… Here we had two important commandments of counterintelligence rolled into one: ‘Don’t be parochial and train your people.’”

Olson saw the NCIX/NCSC as a step in the right direction. However, he noted, “[the NCSC] has suffered from changing national security priorities, cuts in funding, and smaller staffing. Its training agenda is still good but not sufficient for the size of the CI community or [for] the massive assaults we are experiencing from China, Russia, Cuba, and others.”

Michelle Van Cleave, the first National Counterintelligence Executive and a senior fellow at George Washington University, criticized the NCSC in its current form, which has incorporated security into CI missions. She wrote, “Security and counterintelligence are complementary missions, to be sure… However, the imperative in creating the NCIX was to have a single head of U.S. counterintelligence with a singular mission…purpose, and funding… Combining counterintelligence and security is part of a flawed historical model for the CI enterprise… Security has an unbounded appetite for dollars and attention. It is the here and now versus the longer, strategic needs of CI. And the here and now always gets priority.” Olson shares many of Van Cleave’s concerns about the NCSC and its reinvigorated focus on security, rather than on CI, observing that such an inclusion of security within the NCSC’s purview may become problematic.

While it is possible that including security could divert the NCSC away from a CI focus, combined training helps form beneficial relationships among different agencies’ members. Fortunately, the NCSC has allowed for more training and cooperation between IC members, thus allowing personnel from these agencies to communicate in ways that were unfathomable prior to 9/11. Having the FBI and CIA cooperate on a counterterrorism or CI investigations was previously often difficult, due to the animosities that existed between these agencies (built upon decades of turf wars and bad blood). Yet, because of the NCSC, CI and other intelligence officers have formed beneficial relationships that may improve collaboration during investigations or intelligence-gathering missions in the future.

Other examples of successful cooperation among agencies include the creation of Fusion Centers and the FBI Joint Terrorism Task Force (JTTF) concept. The JTTF is designed to let local agencies work with federal authorities to combat both domestic and international terrorism. By sharing information regarding trends, cases, or persons of interest, U.S. IC agencies’ cooperative efforts have thwarted terrorists and their organizations’ funding. Fusion Centers in every U.S. state now serve as central clearinghouses for terrorist-related information. Both these and JTTFs have dramatically increased information-sharing and cooperation between law enforcement agencies and the IC.

Despite progress, there is still the challenge of getting policymakers to realize that CI is both a defensive and offensive tool, and to prioritize spending to create organizations for CI professionals to work together. Integration, however, will not fix every problem. And in some cases, it could add risks. Creating joint task forces and fusion centers poses a risk that persons without proper clearances may leak sensitive information. However, installing countermeasures to prevent the unauthorized removal of classified or sensitive materials from joint facilities would allow agencies to integrate their operations more seamlessly while avoiding leaks and other compromises. Counterintelligence in the 21st century faces many trials, but they are not insurmountable. Combating threats such as disinformation in social media will require more coordinated efforts on the part of individual agencies and organizational bodies governing them, such as the Office of the Director of National Intelligence (ODNI) and the NCSC. This can be accomplished by further integrating CI units across agencies, and with private-sector technology companies — especially those that deal with emerging challenges such as social media’s role in disinformation and terrorist threats.

Alan Cunningham is currently a student at Norwich University pursuing a Master of Arts degree in International Relations with a specialization in National Security. He previously gained a B.A. and a B.S. from the University of Texas at Austin. He can be reached at @CadetCunningham on Twitter or on LinkedIn. The views expressed in this article are those of the author and do not necessarily reflect those of the U.S. Army War College, the U.S. Army, or the Department of Defense.

Photo Credit: Image by Comfreak from Pixabay Photo courtesy of the Russian Presidential Press and Information Office

Print Friendly, PDF & Email

Join the Conversation

2 Comments

  1. Great points in the article. I would say that from the DoD fishbowl, the train your people gets convoluted becasue CI SAs are consistently explain to the Commander, who probably got a class on CI for a two hours in his/her advanced course. The risk adverse nature of the ‘non-MI and non-CI’ units leave junior agents in the S2 looking up clearances. The Army specifically needs to regionalize the CI workforce and restructure in a CID region snapshot, controlled by CI trained Commanders and Warrants. JUST MY .02 cents….- Crusty Retiree

  2. Counter Intelligence in a modern Western democracy is akin to bailing out a sinking boat while the other passengers are pouring water into the hull. The “Bad Guys” have an insurmountable advantage that can’t be countered or adjusted for. Freedom has many advantages and some disadvantages. As long as we have people sitting at computers we’ll have problems with cyber security. As long as we’re a society that cultivates differences we’ll have people among us who gladly give our secrets away. As long as we’re a society that values money above or at least equal to all else we’ll have people who will sell secrets. So, as nice as it would be to think we’ll ever have a successful Counter Intelligence effort, reality tells us otherwise. The best we will ever be able to do is occasionally catch a “bad actor”.

Leave a comment

Your email address will not be published. Required fields are marked *