Define Counterintelligence
Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations or persons, or their agents, or international terrorist organizations or activities.
Executive Order 12333
Provides the legal requirement to use lawful means to ensure U.S. receives the best intelligence available
DoDD 5240.06, Counterintelligence Awareness and Reporting (CIAR)
Regulation mandating the reporting of suspicious activities or potential espionage indicators
DoDD 5205.16, Insider Threat Program
Regulation mandating the establishment of an insider threat program
What are the Steps of CI Risk Management?
Step 1: Identify Assets
Step 2: Identify Threats
Step 3: Identify Vulnerabilities
Step 4: Assess Risk
Step 5: Develop and Apply Countermeasures
Protect any information, technology, or system that, if compromised, would:
- Significantly damage national security
- Alter program direction
- Compromise the program or system capabilities
- Shorten the expected life of the system
- Require research, development, testing, and evaluation to counter the loss’s impact
Examples of unclassified information that requires protection
Proprietary
Personal
Critical Program Information
What is Militarily Critical Technology?
- Technology that would allow significant advances in the development, production, and use of military capabilities of potential adversaries
- DoD maintains a list of this technology
- Export is strictly controlled by the International Traffic in Arms Regulations (ITAR)
What is Dual Use Technology?
- Technology that has both military and commercial use
- May be used to develop weapons and weapons of mass destruction or other military equipment.
- Export is strictly controlled and enforced under the Export Administration Regulations
What is the greatest target of our adversaries?
Technology Assets
- Classified and Unclassified
Who enforces International Traffic in Arms Regulations (ITAR)?
The Department of State
- Dictates that information and material pertaining to Defense and military-related technologies may not be shared with foreign persons without authorization from the Department of State or special exemption
What is the purpose of International Traffic in Arms Regulations (ITAR)?
- Implements the provisions of the Arms Export Control Act (AECA)
- Controls export and import of defense-related articles and services on the U.S. Munitions List
Who enforces Export Administration Regulations (EAR)?
The Department of Commerce
What is the purpose of Export Administration Regulations (EAR)?
Restricts access to dual use items by countries or persons that might apply such items to uses against U.S. interests
List 5 Threat Types
Insider Threats
Foreign Intelligence Service Threats
Terrorist Organizations
Criminal Activities
Business Competitors
Name the 5 Categories of Information Collection Methodologies
- Human Intelligence - Uses people to gather information
- Signals Intelligence - Electronic signals, including phone calls and e-mails
- Imagery Intelligence - Satellite imagery, photographs, and other images to collect information
- Open Source Intelligence - Information that is legally and publically available, including information from the news media and Internet
- Measures and Signatures Intelligence - Technically derived intelligence that uses the unique characteristics of fixed and dynamic target sources
Name 3 Foreign Intelligence Collection Methods
- Unsolicited requests
- Joint ventures and research
- Cyber threats
- Visits to facilities
- Conferences, conventions, and trade shows
- Targeting insiders
What is the most frequently reported method of operation associated with foreign collection activity?
Unsolicited Requests
- Involve emailing, phoning, or mailing directly to individual U.S. individuals rather than to corporate marketing departments
Name 4 potential indicators of an unsolicited requestor
- Foreign address
- Never met recipient
- Identifies self as a student or consultant
- Identifies employer as a foreign government
- States that work is being done for a foreign government or program
- Asks about a technology related to a Defense program, project, or contract
- Asks questions about Defense-related programs using acronyms specific to the program
- Insinuates the third party he/she works for is “classified” or otherwise sensitive
- Admits he/she could not get the information elsewhere because it was classified or controlled
- Advises recipient to disregard the request if it causes a security problem
- Advises recipient not to worry about security concerns
- Assures recipient that export licenses are not required or not a problem
How should one protect against unsolicited requests?
- View unsolicited requests with suspicion, especially those received on the Internet
- Respond only to people who are known after verifying their identity and address
- If the requester cannot be verified, do not respond in any way and report the incident to security personnel
What might be considered suspicious or inappropriate conduct during visits by foreigners?
- Requests for information outside the scope of what was approved for discussion
- Hidden agendas associated with the stated purpose of the visit
- Visitors/students requesting information and becoming irate upon denial
- Individuals bringing cameras and/or video equipment into areas where no photographs are allowed
Examples on how to protect against unauthorized access by foreign visitors
Contractors may coordinate with DCSA prior to visit
- Prior to visit, brief hosts and escorts on approved procedures
- Walk visitor route and identify vulnerabilities
- Prior to the visit, notify all employees about the visit, restrictions on the visitors and the nature of the threat
- Debrief personnel in contact with visitors
- Ensure visitors do not bring recording devices, including cell phones, into the facility
- Develop a Technology Control Plan (TCP), that: - Stipulates how a company will control access to its exportcontrolled technology - Outlines the specific information authorized for release - May be required by the National Industrial Security Program Operating Manual (NISPOM) and the International Traffic in Arms Regulations (ITAR) under certain circumstances - Protects: o Classified and export-controlled information o Control access by foreign visitors o Control access by employees who are foreign persons
During a foreign visit, restrict the following:
Foreign visitors request for:
- Access to a local area network (LAN)
- Unrestricted facility access
- Company personnel information
- Mailing or faxing documents written in a foreign language to a foreign embassy or foreign country
Examples of countermeasues during foreign visits
- Review all documents being faxed or mailed - use a translator, when necessary
- Provide foreign representatives with stand-alone computers
- Share the minimum amount of information appropriate to the scope of the joint venture/research
- Educate employees extensively
- Handle and report elicitation
- Provide sustainment training
- Refuse to accept unnecessary foreign representatives into the facility
- Develop a TCP
