The National Counterintelligence and Security Center (NCSC) is charged with leading and supporting the counterintelligence (CI) and security activities of the U.S. government, the U.S. Intelligence Community, and U.S. private sector entities that are at risk of intelligence collection, penetration, or attack by foreign adversaries and malicious insiders. The capabilities and activities described in this Guide are exemplars of program components delineated as requirements in numerous strategies, policies, and guidelines.
CI focuses on negating, mitigating, or degrading the foreign intelligence and security services (FISS) and international terrorist organizations (ITO) collection threat that targets Army interests through the conduct of investigations, operations, collection, analysis, production, and technical services and support.
The National Counterintelligence Strategy of the United States of America 2016 (Strategy) was developed in accordance with the Counterintelligence Enhancement Act of 2002 (Pub.L. No. 107-306, 116 Stat. 2383 (as amended) codified at 50 U.S.C. sec. 3383(d)(2)). The Strategy sets forth how the United States (U.S.) Government will identify, detect, exploit, disrupt, and neutralize foreign intelligence entity (FIE) threats. It provides guidance for the counterintelligence (CI) programs and activities of the U.S. Government intended to mitigate such threats.
(U//FOUO) FBI Counterintelligence Note: Huawei Chinese Government-Subsidized Telecommunications Company
Huawei is a threat to intellectual property and business communications due to its opaque relationship with the Chinese Government. Huawei has legal obligations to work on behalf of the Chinese state, probably through the Chinese Communist Party (CCP) committee residing within Huawei. This relationship likely influences the company’s decision-making through threats of corruption investigations.
Supervisors and coworkers are willing to report on behaviors that have a clear connection to security, such as transmitting classified documents to unauthorized personnel, but they are unwilling to report on colleagues’ personal problems, such as alcohol abuse. Because it was difficult to discern which reporting requirements were clearly related to security, there was very little reporting. PERSEREC, in collaboration with counterintelligence professionals, developed a clear, succinct list of “Coworker Reporting Essentials” (CORE) behaviors that could pose a possible threat to national security and thus should be reported if observed. The draft CORE was reviewed and edited by counterintelligence professionals at the Counterintelligence Field Activity (CIFA), and was coordinated by the DoD Investigative Working Group (IWG).
United States cleared industry is a prime target of many foreign intelligence collectors and foreign government economic competitors. Cleared employees working on America’s most sensitive programs are of special interest to other nations. The number of reported collection attempts rises every year, indicating an increased risk for industry. While any geographic region can target sensitive or classified U.S. technology, DSS has consistently found that the majority of suspicious contacts reported by cleared industry originate from East Asia and the Pacific regions. Every region has active collectors. Cleared contractors should remain vigilant regardless of the collector’s assumed country of origin.
This Glossary is designed to be a reference for counterintelligence (CI) professionals within the Department of Defense (DoD); however other CI professionals may find it of use. It provides a comprehensive compilation of unclassified terms that may be encountered when dealing with the dynamic discipline of counterintelligence and related activities. Where some words may several meanings within the counterintelligence or intelligence context, a variety of definitions are included.
To prevent foreign entities from achieving their goals, a Counterintelligence Program (CIP) proactively searches for and uses information from multiple sources. An effective CIP draws information from security programs and other internal systems, as well as from the U.S. Intelligence Community (USIC). Once this information is assembled, an effective CIP develops a coherent picture and crafts a strategy to prevent the foreign entity from successfully achieving its goals and minimizes the damage already done. An effective CIP conducts active analysis of available information, requires annual CI education for all employees, and provides a system for immediate referral of behavior with CI implications.
(U//FOUO) DoD Instruction: Counterintelligence (CI) Activities Supporting Research, Development, and Acquisition
The CI mission in RDA informs the DoD Components and supporting CDCs of foreign collection threats and detects FIE targeting of defense-related technology. The CI support enables RDA program personnel to implement countermeasures and enables CI to develop activities that negate, counter, penetrate, or exploit an FIE.
Defense CI activities shall be undertaken as part of an integrated DoD and national effort to detect, identify, assess, exploit, penetrate, degrade, and counter or neutralize intelligence collection efforts, other intelligence activities, sabotage, espionage, sedition, subversion, assassination, and terrorist activities directed against the Department of Defense, its personnel, information, materiel, facilities, and activities, or against U.S. national security.
(U//FOUO) Defense Security Service Cybersecurity Operations Division Counterintelligence Presentation
A Defense Security Service presentation from December 2012 outlining information and statistics on defense industrial base cyber incidents and intrusions.
(U//FOUO) U.S. Marine Corps Human Intelligence Exploitation Team (HET) Operations in Iraq Lessons Learned Report
HET is viewed as a highly valuable and effective intelligence generating asset which, in conjunction with other intelligence sources, provides a significant amount of actionable intelligence during operations in Iraq. “The HET teams produced more reporting … than any other intel asset we have out there.” “HETs have been the pointy tip of the spear in this counterinsurgency fight. Two-thirds of MNF-W operations are directly driven by HET operations.” Key observations from this collection include the following.