Counterintelligence Question Answer

Question 1: Construct an assessment of ONCIX strategy, prevention and detection concerning either insider threats, or, economic threats.

Preventing and detecting insider threats is one of the core aspects of the ONCIX strategy. As a new premier counterintelligence and security agency in the U.S. government, ONCIX needs a strong understanding of how to identify and deter insider threats. According to its strategy, “the most effective safeguard against insider threats is a knowledgeable, trusted workforce which is confident that their privacy and civil liberties are respected.”[footnoteRef:2] Making sure that its employees are trustworthy and invested is the first line of defense against insider threats. Gathering data from multiple sources is another line of defense in the ONCIX strategy to mitigate the risk of malicious insiders. The basis of the approach is to use a whole-person, whole-of-career concept that so as to analyze data and to identify anomalies that present themselves. Anomalies are reviewed to see if any foreign intelligence entity (FIE) nexuses are present. FIE activities are analyzed as well for the purpose of identifying patterns of behavior that correspond with an insider threat.[footnoteRef:3] [2: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 4. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf] [3: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf]

Automation is another key aspect of the strategy and ONCIX plans to use automated records checkers to help identify applicable counterintelligence information that would assist in identifying an insider threat.[footnoteRef:4] Risk management is also part of its strategy: insider threat methods are meant to include counterintelligence equities within a risk-based framework for detection purposes. [4: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf]

The culture of the office is also important as a line of defense: the strategy here is to promote insider threat awareness among employees so that workers are both conscious and vigilant of insider threat potential and remain alert to possibilities of risk at all times.[footnoteRef:5] To achieve that end, networking and system monitoring provides key technical support so that red flags or triggers do not go undetected by monitoring programs even if they do go undetected by workers. Data that is flagged is then cross-checked against a variety of other data sources to detect anomalies. Finally, the strategy uses an auditing function meant to prevent unauthorized retrieval of information and unauthorized activity by workers from occurring. The goal here is to maintain, ultimately, the most secure information infrastructure possible.[footnoteRef:6] [5: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf] [6: National Counterintelligence Strategy of the United States of America 2016 (Strategy), 5. https://www.dni.gov/files/NCSC/documents/Regulations/National_CI_Strategy_2016.pdf]

Overall, the strategy in place is one that is structured, functional and operational: the strategy focuses first and foremost on delivering an organizational culture that promotes and fosters awareness among workers in the office; this awareness is absolutely essential for identifying and deterring insider threats. It means that protocol are more likely to be followed, as everyone will know that everything they do is being watched and monitored and that any actions out of the ordinary will be flagged and compared to other anomalies to determine whether the actor is an FIE.

The organization supports this culture with technological programs that assist in the monitoring of individuals and their actions. This two-pronged approach uniting a workplace culture with a technical methodology of monitoring and evaluating employee actions to determine anomalies and potential insider threats is comprehensive and cohesive and will facilitate achievement of the objective of mitigating the risk of insider threats within counterintelligence.

The first line of defense is the most powerful, which is where the office is concentrating efforts as well, which is in the hiring of trustworthy agents to serve in the office. This means that every hire has to be thoroughly vetted and documented to make certain that there has been no risk of the agent having become an FIE at any point in his or her career. This requires a very robust human resources department in the office, one that is trained to vet incoming agents and employees and has extensive knowledge of the counterintelligence field, what factors to identify as potential triggers, and how to go about collecting a pool of potential hires. That pool of talent will be the most critical source for staffing the counterintelligence office; it must be of a very high quality of trustworthy characters, without which the office will not be able to function in any meaningful manner, regardless of the technological support systems used to monitor employee behaviors.

The successful operations in U.S. Counter-Intelligence will depend highly upon the work of employees in the ONCIX, and these workers will need to buy into the culture that the office has cultivated, which means submitting to the mindset of awareness and of monitoring for the sake and safety of the operation.

Question 2: Generate a plan which embeds effective counter-intelligence procedures to enhance security in one of the areas of recurring weakness: Inadequate Vetting; Employment Disgruntlement; Apathy / Reticence towards spendthrifts; Tolerance of alcoholics.

Effective counter-intelligence procedures include taking the offense and being proactive rather than reactive. Thus, the best way to enhance security in one of the areas of recurring weakness, such as tolerance of alcoholics, is to create an organizational culture that is prohibitive of alcoholism among workers and promotes sobriety and focus on all tasks at hand. Individuals who have a reputation for drinking heavily should be flagged and monitored and they should be placed in a program that will discourage their drinking and help them to maintain a life of sobriety. This would serve as an example to other members of the office that alcoholism will not be tolerated.

At the same time, one risk to this approach is that it could create morale problems among workers who are used to being able to drink and to live a life that is tolerant of alcoholism. Frustration could set in…

Some parts of this document are missing

Click here to view full document

…refuge in sanctuary cities is a major way to harbor FIE within the nation’s borders. Fighting against this kind of corruption is difficult because state legislators are often at odds with federal legislators who are even at odds with themselves. The Trump Administration, for example, has been fighting to get the U.S.-Mexico border the kind of defense needed to reduce illegal penetration, but lawmakers on both sides of the political aisle at both the federal and state levels have pushed back. For political purposes, the safety and security of the nation is jeopardized.

Thus, the effectiveness of national and legal policies that impact upon counterintelligence threats is significant and more needs to be done to take precautions with regard to refugees, immigration, vetting, and monitoring those who come into the country.

Liaison is one way to help bring that better monitoring system about. The Israeli system of monitoring its airports and preventing attackers from approaching is an ideal format that can help deter terrorism, but it is also a uniquely modified approach that only works with respect to securing a region. The same idea and concept has to be applied, however, with respect to counter-intelligence. A vigilance and all-seeing eye through the use of cameras, machine learning, and tracking systems has to be developed. Without so many people using digitally connected technology today, it should not be difficult to know who is where and what they are doing.

The problem of privacy rights holds up any real and substantive approach to detecting subversion, unfortunately. Privacy rights of users of digital technology can be respected at the same time the safety of the nation has to come first. Monitoring all digital activity should be the responsibility of counter-intelligence, and legislators at the federal level need to be made aware of that. Lobbying should be conducted to raise awareness on this issue, and lawmakers who understand the threat should be supported by the intelligence community, whereas those who do not support such initiatives should not receive in turn the support of the community. Lawmakers have to be given the facts of the case so that they see what is at risk and why security must trump over privacy concerns today.[footnoteRef:13] Only then will a proper implementation of policies and protocols be permitted at the counter-intelligence level. [13: Richelson, Jeffrey. 2007. “The Pentagon’s Counterspies: The Counterintelligence Field Activity (CIFA).” (September 17). National Security Archive. Accessed January 19, 2017. http://nsarchive.gwu.edu/NSAEBB/NSAEBB230/.]

Cooperation between private and public agencies is the heart and soul of liaison, and liaison, like lobbying and collaborating among entities, can provide optimal solutions to getting the right policies and laws in place that will allow counter-intelligence to use the data that is available in the digital world to better detect subversion and create a safer public domain for the nation’s citizens. Not having access to the digital world and the data that is constantly being transferred therein will only have negative repercussions going forward and currently acts as a…