Manmeet Singh Arora , RESEARCH CO-ORDINATOR ,GCTC
Operational Meaning of Counterintelligence
(CI) is the information gathered and actions taken to identify and protect against an adversary’s knowledge collection activities or attempts to cause harm through sabotage or other actions. The goal of CI is to ensure information cannot be modified or destroyed by a malicious actor and that only authorized people can access an organization’s information. Its activities can be categorized as being either collective, defensive or offensive. Collective CI efforts focus on learning who the adversary is, how they collect information, what attack vectors they are targeting and what tools they are using. Defensive CI efforts focus on securing information and preventing an adversary from stealing or destroying it. Offensive CI activities focus on turning an attack into an opportunity to gain an advantage by using disinformation. Counterintelligence is the study of the organization and behaviour of the intelligence services of foreign states and entities, and the application of the resulting knowledge. “Defection is probably as old as Moses, but defectors have often done so not to seek, but to deliver”.
Defector in Counter Intelligence
Defector cases are characterized by their “strategic” dimension in the nature of the intelligence they provide and by their “tactical” dimension in personal handling challenges they present to the host service handling the defector. The extent to which a defection is “successful” has depended on the success of the defection act itself, the capabilities of the defector as a reporter of fact, the importance of those facts, the reliability of the reporter, and the capabilities of the host intelligence service to exploit, validate, and resettle the defector.
Deployment of Manpower as Tactical Advantage
The world of counter-intelligence is one in which truth, lies and deception converge in perhaps the most sophisticated manner. As a result of this reality, intelligence organisations are forced to take extensive measures to ensure that the right people are employed and that in the event of a breach, damage is limited. In attempting to weave their way through this intricate maze in a most effective manner, a balance must be struck between security and operational effectiveness. Counter-intelligence can be defined as intelligence gathered about an adversary’s intelligence activities and capabilities to unmask and inhibit adversarial intelligence operations and capabilities. This can involve various types of action to prevent or neutralise hostile intelligence successes against national interests
Competing of Various definitions of Counter Intelligence
The term “counterintelligence” means information gathered, and activities conducted to protect against espionage, other intelligence activities, sabotage, or assassinations conducted by or on behalf of foreign governments or elements thereof, foreign organizations, or foreign persons or international terrorist activities.
Counterintelligence means information gathered and activities conducted to protect against espionage, other intelligence activities, sabotage or assassinations conducted for or on behalf of foreign powers, organizations or persons, or international terrorist activities, but not including personnel, physical, document or communications security pro-grams.
Executive Order in US Counterintelligence is the business of identifying and dealing with foreign intelligence threats to the United States. Its core concern is the intelligence services of foreign states and similar organizations of non-state actors, such as trans-national terrorist groups.
Counterintelligence has both a defensive mission—protecting the nation’s secrets and assets against foreign intelligence penetration—and an offensive mission—finding out what foreign intelligence organizations are planning to better defeat their aims.–Office of the National Counterintelligence Executive and CI can be defined as the identification and neutralization of the threat posed by foreign intelligence services, and the manipulation of those services for the manipulator’s benefit.–Roy God son Counterintelligence is the broad subset of intelligence focused on the intelligence efforts of a competitor.
The core of the mission is about understanding and exploiting a competitor’s reliance on intelligence.an activity conducted by special state agencies against foreign intelligence services and organizations and individuals being used by them. –KGB, as an example
Ground rules and Applicability of Counter intelligence
Analyses of other countries’ intelligence services can be applied in many ways. On the policy side, CI analyses can help fill gaps in analysts’ understanding of the political processes in other countries. For intelligence operations in general, the study of different culture of intelligence services and is critically important for CI operations as well as for counterespionage investigations. Unfortunately, while a large amount of this information is available, the consumers of counterintelligence information do not understand its utility and view it in such narrow sense that they fail to take full advantage of the situation.
Request for Information (RFI)/Solicitation: Direct or indirect attempts to collect protected information by directly indirectly asking, requesting, or eliciting protected information, technology, or persons >> Common Methods of Contact for RFI/ Solicitation: • Conferences, conventions, or tradeshows – contacts initiated during an event• Email, mail, telephone, web form• Foreign visits – Activities or contact occurring before
Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise a cleared employee• Contact between cleared employees and known or suspected intelligence officers from any foreign country• Any contact that suggests the employee concerned may be the target of an attempted exploitation by a foreign intelligence entity• Attempts to entice cleared employees into compromising situations that could lead to blackmail, coercion or extortion• Attempts by foreign customers to gain access to hardware and information that exceeds the limitations of the export licenses on file• Attempts to place cleared personnel under obligation through special treatment, favors, gifts, or money.
Mishandling of Classified Information• Removing or sending classified material out of secured areas without proper authorization• Unauthorized copying, printing, faxing, emailing, or transmitting classified material• Transmitting or transporting classified information by unsecured or unauthorized means• Unauthorized storage of classified material, including storage at home• Reading or discussing classified information in an unauthorized area or over a non-secure communication device• Improperly removing or changing classification markings• Attempting to expand access to classified information by volunteering for assignments or duties beyond the normal scope of responsibilities.
Unauthorized email traffic to foreign destinations• Password cracking, key logging, encryption, steganography, privilege escalation, and account masquerading• Use of DoD account credentials by unauthorized parties• Unexplained storage of encrypted data• Network spillage incidents or information compromise• Unauthorized transmissions of classified or controlled unclassified information• Data exfiltrated to unauthorized domains affecting classified information, systems or cleared individuals• Actual or attempted unauthorized access into U.S. automated information systems• Tampering with or introducing unauthorized elements into information systems• Unexplained user accounts, administrator
Foreign Influence• Undisclosed visits to foreign diplomatic facilities• Trips to foreign countries inconsistent with an individual’s financial ability • Foreign entities targeting employees traveling overseas via airport screening or hotel room incursions• Unreported close and continuing contact with a foreign national, including intimate contacts, shared living quarters, or marriage -Suspicious Contacts• Requests for information that make an individual suspicious, including questionable contacts or interaction-Suspicious Financial Activity• Unexplained expensive purchases not reasonably supported by the individual’s income• Sudden unexplained reversal of a negative financial situation or repayment of large debts including Recording Devices• Unauthorized possession of cameras or recording or communication devices in classified areas• Discovery of suspected surveillance devices in classified area . Timely and accurate reporting from cleared industry is the primary tool and identifies and mitigate collection efforts targeting information and technology resident in cleared industry. Immediately reporting suspicious activities, behaviours, and contacts to your facility security officer.
The Functions of Counter-Intelligence Protecting secrets
The first responsibility of counter-intelligence is to protect information. Two aspects relating to this function are: First, physical security, which involves keeping classified information away from those who are not authorised to have access to it, and secondly, making sure that the people who are made aware of restricted information protect that information. The most obvious physical security measures involve the keeping of foreign intelligence officers and their agents away from classified information by denying them access or proximity, and preventing unauthorised personnel from walking off with such information.142.2. Vetting – The First Line of Defence The protection of acquired knowledge is a vital function of any intelligence organisation, yet no amount of extensive security and stringent assessment checks will guarantee that an employee will observe the rules. It would also be logical to assume that if a person has access to any piece of information then it can in all likelihood be compromised. In holding the responsibility of protecting their knowledge, intelligence organisations are faced with two dilemmas in their selection of employees. Firstly, the instruments of psychological and behavioural measurement hold accuracy rates that are below 100%, allowing individuals who may pose a security threat to be cleared for employment. Secondly, attempting to create a profiling system that identifies future betrayers would be an imperfect process leading to the allocation of resources towards the wrongfully suspected rather than those well trained in evading detection. Given the complexity and importance of this problem it seems somewhat surprising that so little scientifically grounded paradigms exist for the detection and prevention of such espionage methods. (Joint Economic Committee)
Insiders: Any person with authorized access to any government or contract resource to include personnel, facilities, information, equipment, networks or systems. This can include employees, former employees, consultants, and anyone with access.Insider Threat: The threat that an insider will use his or her access, wittingly or unwittingly, to do harm to the security of the United States. This threat includes damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or the loss or degradation of government, company, contract
Insiders have arguably caused more damage to the security of the United States than foreign intelligence officers, and with today’s technological engaging in classified conversations without a need to know• Attempting to enter areas not granted access to• Working hours inconsistent with job assignment or unusual insistence on working in private• Accessing information not needed for job.
Behavioral Indicators*• Depression• Stress in personal life• Exploitable behaviour traits:- Use of alcohol or drugs- Gambling• Financial trouble• Prior disciplinary issues*These behaviours may also be indicative of potential workplace violence. Examples of Reportable Behaviours:-Information Collection• Keeping classified material and accessing classified information without authorization• Obtaining access to sensitive information inconsistent with present duty requirements• Questionable downloads• Unauthorized use of removable media- Information Transmittal• Using an unclassified medium to transmit classified materials• Discussing classified materials on a non-secure telephone or in nonsecure emails or text messages.
The psychological aspects of Counter intelligence
essentially makes the assumption that those who are actively compromising information or liable to betray secrets, are likely to differ in a measurable, reliable, and distinct way from those people who are not likely4. Moreover, there exists the assumption that an underlying characteristic, not yet identified, is related to the likelihood of an actor to engage in betrayal. If this characteristic can be identified and measured reliably, those who score below a scientifically established threshold can be denied access to the most critical and sensitive positions of an intelligence organisation5. Until such a system comes to fruition though, intelligence failures in this field will be a likely occurrence. The most common occurrences of betrayal have been linked to money, ideology, coercion and ego, all of which are extremely problematic to measure scientifically6. Other psychological factors in bringing out betrayal can be disaffection, vindictiveness and whimsy, all of which are again impossible to accurately measure with today’s scientific and psychological capabilities. The complex nature of such traits also reduces the likelihood of scientific means ever being developed to fully screen out personnel that may in future betray secrets.
Information Warfare as the means for Counter Intelligence
Information warfare (IW)is an evolving field of growing interest for Défense planners and policymakers. The source of both the interest and the imprecision in this field is the so-called information revolution—led by the ongoing rapid evolution of cyberspace, microcomputers, associated information technologies. The U.S. defense establishment, like U.S. society is moving rapidly to take advantage of the new opportunities presented by these changes. At the same time, current and potential U.S. adversaries (and allies) are also looking to exploit the evolving global information infrastructure and associated technologies for military purposes.
The exercises highlighted seven defining features of strategic information warfare:
- Low cost: Unlike traditional weapon technologies, development of information-based techniques does not require sizable financial resources or state sponsorship. Information systems expertise and access to important networks may be the only prerequisites.
- No traditional boundaries: Traditional distinctions—public versus private interests, warlike versus criminal behavior—and geographic boundaries, such as those between nations as historically defined, are complicated by the growing interaction within the information infrastructure.
- Cognitive evaluation: New information-based techniques may substantially increase the power of deception and of image-manipulation activities, dramatically complicating government efforts to build political support for security-related initiatives.
- Intelligence challenge: Poorly understood strategic IW vulnerabilities and targets diminish the effectiveness of classical intelligence collection and analysis methods. A new field of analysis focused on strategic IW may have to be developed.
- Strategic Warning and attack assessment problems: There is currently no adequate tactical warning system for distinguishing between strategic IW attacks and other kinds of cyberspace activities, including espionage or accidents.
- Coalitions: Reliance on coalitions is likely to increase the vulnerabilities of the security postures of all the partners to strategic IW attacks, giving opponents a disproportionate strategic advantage.
Evolution of Information Warfare
Information warfare (IW) has evolved from cyber space and (ICT) in pursuit of a competitive advantage over an opponent. Information warfare is the manipulation of information trusted by a target without the target’s awareness so that the target will make decisions against their interest but in the interest of the one conducting information warfare and involves Computer networks creating new avenues for those with malicious intent and vulnerable to actual destruction by physical attacks, such as bombs or arson, these networks are targets of threats of mass disruption. Economy can cripple by strategic information warfare in the form of computer intrusions,
scrambling software programs, undetected insiders within computer firewalls, or cyberterrorists
Information warfare defines a new battlefield
Within the realm of cyberspace, there are two primary weapons: network-centric warfare and which denotes the above Acronym integrated into Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance. Furthermore, cyberspace attacks initiated by one nation against another nation have an underlying goal of gaining information domain and includes disrupting or denying the victimized party’s ability to gather and distribute information and is utilized to hinder networks or websites until they lose their primary functionality. As implied, cyberattacks do not just affect the military party being attacked, but rather the whole population of the victimized nation. Since more aspects of daily life are being integrated into networks in cyberspace, civilian populations can potentially be negatively affected during wartime. For example,
Economic disruption in which nation chose to attack another nation’s servers in a specific area to disrupt communications, and could potentially lead to economic disruptions as well.
ICTs have also been implemented into the latest military affairs by deploying new, more autonomous robots that is unmanned drones into the battlefield to carry out duties such as patrolling borders and attacking ground targets.
In Indian context it can be said that the use of Counter Intelligence is a mixed issue of success and failure as may Intelligence organisation in India have failed to capitalise the tool of Counter intelligence in there day to day operations as it can be said that the doctrine and the Tradecraft of Counter Intelligence has many paths to be covered and revolutionize the use of ICT and Artificial Intelligence in creating a new paradigm in which new legislations and Technology will create an environment for foreign collaboration and legal back up for Operations to operate in a foreign country ipso facto implying a requirement to break the local laws and issue such instructions within the ambit of law.
Direct, Science. Counter Intelligence Insider Risks.
Joint Economic Committee, United States Congress. New challenges and New Strategies.
M.Sprenger, J. 2016. Organization of Operations. 2016.