“We are most concerned about Russia, the PRC, Iran, and North Korea.

In addition, a growing number of commercial firms are flooding the market with high-quality cyber intrusion tools, expanding the pool of FIE actors that can threaten our networks and people.

We must build and better leverage partnerships, capabilities, and authorities across the federal, state, and local levels to implement innovative solutions that impose greater cost and risk to FIE cyber activities,” i

Politics & Security

New US Counterintelligence Strategy Takes the Fight to Foreign Spies

With its new counterintelligence strategy, Washington aims to proactively disrupt foreign espionage and disinformation efforts before they can be implemented.

Published

2 weeks ago

August 17, 2024

John Carroll

The White House in Washington, DC. (©Kyodo)

On August 2, the National Counterintelligence and Security Center (NCSC) of the United States released a short, but highly significant report. Entitled "National Counterintelligence Strategy 2024," it represents a new approach to countering the growing threat from foreign intelligence entities.
The NCSC is part of the Office of the Director of National Intelligence (ODNI). In a statement timed to the release of the report, NCSC Director Michael Casey said that the strategy is designed to drive action, integration, and resources across the counterintelligence community. The aim is to safeguard US strategic advantages and outmaneuver foreign intelligence agencies and increasingly complex threats.

Tackling 'Gray Zone' Threats

The 24-page report sounds the alarm that spies from Russia, China, North Korea, and other foreign state and non-state groups are seeking to "cause grave harm to the United States, its people, and institutions."
It also makes clear that "the People's Republic of China (PRC) and Russia represent the most significant intelligence threats." Furthermore, Russia, China, Iran, and North Korea are increasingly coordinating their efforts to weaken the West.
The report explains: "Our leading adversaries view themselves as already engaged in an intense, multifaceted competition with the United States. As such, their intelligence services frequently conduct more aggressive operations that fall in the 'gray zone,' a space between war and peace that encompasses intelligence activities that push the boundaries of accepted norms, such as covert influence, political subversion, and operations in cyberspace."

Russia's President Vladimir Putin shakes hands with North Korea's leader Kim Jong Un at a signing ceremony following bilateral talks in Pyongyang, North Korea on June 19, 2024. (©Sputnik/Kristina Kormilitsyna/Kremlin via Reuters)

Political Interference

One way they do this is by interfering in elections. Foreign Policy magazine recently reported that both Russia and Iran have stepped up their disinformation efforts to impact the 2024 US presidential contest. In Russia's case, it advances its two-fold goal of assisting its preferred candidate and disrupting US society to the maximum degree possible.
And China has a long history of meddling in elections in democracies. In February, the ODNI issued a public threat assessment declaring that "Beijing is expanding its global covert influence posture to better support the [Chinese Communist Party's] goals.
What makes the challenge even more difficult is the growth of easily available sophisticated technologies. The report warns, "Adversaries are using cutting-edge technology — such as advanced cyber tools, biometric devices, unmanned systems, high-resolution imagery, enhanced technical surveillance equipment, commercial spyware, and Artificial Intelligence (AI) — to further their espionage, counterespionage, and influence missions."

Proactive Preventative Measures

The 2024 counterintelligence strategy represents a decided shift in emphasis. In the past, US counterintelligence efforts were primarily defensive in nature. However, for the first time, the strategy calls for a proactive "strategic counterintelligence program" to disrupt or compromise foreign espionage and disinformation efforts before they can be implemented.
The strategy has three key pillars.
First, outmaneuver and constrain foreign intelligence entities. This is done by detecting, understanding, and anticipating foreign intelligence threats and combatting foreign intelligence cyber activities.
Second, preserve US strategic advantages by protecting individuals against foreign intelligence targeting and collection. This will safeguard critical technology and US economic security, and reduce risks to key US supply chains.
Third, invest in the future to build counterintelligence capabilities, resilience, and partnerships.

NCSC debuts updated National Counterintelligence Strategy to bolster US security against evolving threats
August 05, 2024

The National Counterintelligence and Security Center (NCSC) released last week the updated National Counterintelligence Strategy.

The document revises the counterintelligence priorities to address both current and expected threats.

It also communicates these priorities to a wide audience, including the counterintelligence community, federal, state, and local partners, Congress, industry, academia, foreign allies, and the general public.

It also outlines a framework for planning, resourcing, and evaluation, aligning CI community efforts with U.S. National Security and other strategies to advance key CI mission areas.

The strategy provides a framework for strategic planning, resourcing, and evaluation. It also aligns CI community efforts with the U.S. National Security Strategy and other national strategies to drive progress in key CI mission areas.

Three key pillars that govern the strategy include

outmaneuvering and constraining FIEs (foreign intelligence entities);
protecting U.S. strategic advantages; and
investing in the future.

These pillars are supported by nine goals that provide strategic direction to the CI community to detect, understand, and anticipate foreign intelligence threats; counter, degrade, and deter foreign intelligence activities and capabilities; and combat foreign intelligence cyber activities.

Pillar Two aims to protect individuals against foreign intelligence targeting and collection; protect democracy from foreign malign influence; protect critical technology and U.S. economic security; protect the nation’s critical infrastructure and reduce risks to key U.S. supply chains.

Pillar Three focuses on investing in the future and building counterintelligence capabilities, partnerships, and resilience.

“Today’s strategy is designed to drive integration, action, and resources across the counterintelligence (CI) community to outmaneuver and constrain foreign intelligence entities (FIEs), protect America’s strategic advantages, and invest in the future to meet tomorrow’s threats,” Michael Casey, NCSC director said in a statement.

“Developed with our partners across the U.S. government, the strategy provides a comprehensive vision and direction for the CI community to address increasingly complex foreign intelligence threats.”

Signed by President Joe Biden, the National Counterintelligence Strategy has been developed in cooperation with partners across the U.S. government and intelligence community.

It lays the foundation for a strategic counterintelligence program to prioritize and integrate counterintelligence activities to disrupt or compromise the ability of foreign intelligence entities to harm the national security interests of the U.S., either domestically or abroad.

The scope, complexity, and urgency of the foreign intelligence threats facing the U.S. necessitate engaging partners and audiences across the whole of society to share information, identify and mitigate vulnerabilities, strengthen defenses and build resilience, and work together to combat these threats and overcome challenges to protect people, institutions, and strategic advantages.

“Adversaries are using cutting-edge technology—such as advanced cyber tools, biometric devices, unmanned systems, high-resolution imagery, enhanced technical surveillance equipment, commercial spyware, and Artificial Intelligence (AI)—to further their espionage, counterespionage, and influence missions,” the document outlined.

“Such technology is easy to use, less expensive, and more available commercially, bringing it within reach of even relatively unsophisticated FIEs. The exponential pace of technological change complicates efforts to develop and maintain adequate defenses. Insider threats are also a vulnerability.”

In some cases, insiders use their authorized access, wittingly or unwittingly, to harm the security of the U.S.
In other cases, FIEs actively target, solicit, and coerce individuals to obtain information, compromise critical infrastructure, or steal the nation’s secrets.

When it comes to combat foreign intelligence cyber activities, the National Counterintelligence Strategy document identified building partnerships and leveraging CI and other appropriate authorities and capabilities to conduct proactive, integrated operations to identify, disrupt, degrade, neutralize, and manipulate FIE ability and willingness to use the cyber domain to threaten U.S. interests.

Cyber threats from nation-states and their surrogates remain acute.

FIEs use the cyber domain to undertake their full range of activities, from collection of sensitive information to disruption and destruction of networks to malign foreign influence and monitoring of dissidents.
They use technical—and often commercially available—tools to compromise computer networks and mobile and connected devices.

Although an increasing number of countries and non-state actors have these capabilities, the National Counterintelligence Strategy said

“We are most concerned about Russia, the PRC, Iran, and North Korea.

In addition, a growing number of commercial firms are flooding the market with high-quality cyber intrusion tools, expanding the pool of FIE actors that can threaten our networks and people.

To accomplish this goal, the U.S. government will foster strong partnerships across federal, state, and local government, the private sector, academia, and with foreign partners to share information, increase transparency, and build trust to gain insight into FIE cyber activities and identify opportunities for CI solutions.
It will also engage federal partners and improve collaboration and coordination across disciplines to increase understanding of CI authorities and capabilities, develop tools and infrastructure that are shareable and interoperable to the extent practicable, and work with partners and allies to conduct integrated, scalable, prioritized, proactive CI activities to counter FIE cyber operations, introduce uncertainty, and increase costs to FIEs.

Looking ahead, the document assessed intelligence landscape will remain dynamic and dangerous.

“Our current adversaries will grow more proficient and new threat actors will enter the scene, bolstered by technological advances and enhanced collaboration. Global interconnectedness will continue to leave our networks and strategic supply chains vulnerable to FIEs. The U.S. CI community must work together to prioritize and integrate their efforts to counter FIE activities and disrupt and degrade their ability to harm the national security interests of the United States.”

Last week, the ODNI (Office of the Director of National Intelligence) and NCSC identified that

Cyber supply chain challenges are intensifying with profound implications for U.S. national security and economic resilience.
It also recognized that collaboration with corporate security stakeholders and disciplines is essential to counter these challenges and reduce foreign adversarial exposure and to the business operations of vital supply chains.