What Is Counterintelligence?

서울흥신소 Counterintelligence (CI) assesses an organization’s vulnerability to espionage and sabotage. It is a component of information security that supports the information triad of confidentiality, availability and integrity.

서울흥신소

CI missions include defensive analysis, investigation and offensive counterespionage. Currently offensive counterespionage involves the manipulation of foreign intelligence services (FIS) and terrorists through exploitation of their human assets.

Definition

While it is often a source of great confusion, counterintelligence (CI) is an essential function within the national security and intelligence spheres. CI is a critical complement to positive intelligence and is an absolute necessity in a world that increasingly depends on covert action to conduct sensitive government activities ranging from economic negotiations and foreign policy formulation to sabotage and terrorist attacks.

CI involves identifying and evaluating threats to DND personnel, CF members and DND or CF property and information that are posed by hostile intelligence services, organisations or individuals engaged in espionage, subversion, terrorism and other criminal activities. It also includes monitoring and assessing the vulnerability of DND or CF assets and information to foreign intelligence penetration, industrial espionage and export control violations.

CI aims to degrade the effectiveness of the adversary’s intelligence services and terrorist organisations by disrupting their ability to collect or analyze information. This can be achieved by manipulating the FIS or TIs in some way, or by denying them access to the information they seek. This is commonly referred to as offensive counterintelligence, or “counterespionage.”

Purpose서울흥신소

The main purpose of counterintelligence is to protect the intelligence agency’s information from hostile intelligence services. This information may be classified documents, operations that are vulnerable to sabotage or subversion, or sensitive information about foreign military and civilian personnel.

Moreover, the agency must protect itself against internal threats, such as treason or leaks. Such revealing activities may reveal vulnerabilities and compromise intelligence sources and methods. This type of threat can be quite devastating, as demonstrated by the cases of Aldrich Ames and Robert Hanssen.

A CI program can also help identify risks in trusted employees, such as financial stress, extreme political views or a tendency to seek approval. This way, problems can be corrected before they become espionage or blackmail opportunities.

The Air Force Global Strike Command Intelligence, Surveillance and Reconnaissance Directorate recently hosted a discussion with James Olson, former Chief of CIA Counterintelligence and Professor of Practice at The Bush School of Government and Public Service at Texas A&M University. He shared his “Ten Commandments of Counterintelligence.” These included: be offensive; honor your professionals; own the street; know your history; don’t ignore analysis; train your people; and never give up.

Methods

The counterintelligence (CI) profession rides the ebb and flow of history, leaving valuable lessons behind. CI practitioners can be found at every level of society – in the private sector and government agencies.

The CI process involves three overlapping phases: detection, investigation and analysis. Detection is the recognition of some actual or apparent subversive activity; investigation is determining more about this activity; and analysis is putting it all together into a form that can be used by intelligence analysts.

For example, if a CIA agent discovers that a terrorist group is planning an attack against the United States, the CIA may develop ways to prevent this from happening by discrediting the group or identifying individuals who should be targeted for recruitment and assassination. This is defensive CI.

CI personnel also may perform simulations, known as red team operations, to determine how vulnerable an installation, operation or program is to foreign intelligence penetration. OPSEC is essential for any sensitive environment, but it is particularly important for CI. For example, Ford Motor Company uses a CI technique to hide the appearance of prototype vehicles on public roads.

Techniques

Counterintelligence is an ever-growing field with a wide variety of strategies. At the very basic level, it requires situational awareness and attention to detail. Those skills can help a counterintelligence practitioner to notice when a co-worker has deviated from his normal baseline, an indication that he may be a witting double agent for the enemy.

CI also includes techniques to protect sensitive intelligence assets. These can include physical or cyber security systems that deny access to information and systems that are designed to detect the presence of an adversary. CI also includes techniques for active collection, surveillance, human intelligence and even sabotage operations.

While the threats to a nation’s intelligence agencies and national security are often attributed to foreign governments, they can also come from inside the agency, such as espionage, treason or internal subversion. In this case, CI is intended to disrupt and dissuade intelligence personnel from working for an adversary or becoming a witting double agent, such as the cases of Aldrich Ames and Robert Hanssen. For this reason, a CI program can include training and support to ensure that the mission remains successful.

Tools

A CI organization has several tools for deception. These include Hollywood special effects and a wide variety of physical techniques, including camouflage, booby trapping, and concealment. CI also uses computer technology, such as digital tools that blur homes on Google maps or that allow users to choose to block their homes from flyover video captures.

In addition, CI analysts utilize a specialized database to assess threats against friendly forces and their vulnerabilities. The MDCI analyst then prepares C-HUMINT, C-SIGINT, and C-IMINT products that become the analytical tools of a CI analysis and help commanders make informed decisions about OPSEC or deception plans. These products include rear operations intelligence profiles (IPBs), MDCI summaries, CI threat assessments, and CI situation overlays.

CI also supports other intelligence disciplines by identifying collection threats against friendly units and installations. The MDCI analyzer identifies these threats to the collection management element, which will task appropriate collection systems.