The views expressed by contributors are their own and not the view of The Hill

Counterintelligence needs reboot for 21st century

The American private sector is in the crosshairs of foreign governments and non-state criminal actors. To disrupt these actors and protect industry, U.S. counterintelligence (CI) efforts require reform if they are going to keep up with the 21st-century threat environment.

Conceptually, the U.S. government approaches CI in a limited, outdated way. The opportunities for damage — created by a restrictive definition of CI — are exacerbated by the U.S. government’s implementation of counterintelligence efforts that have historically been inconsistent and redundant.

{mosads}Dual emphases on consolidation and coordination in CI are essential to protecting the United States’ strategic interests.

 

CI efforts suffer from an overly-limited definition of mission. Although CI has historically been viewed through the lens of stopping foreign spying by formal intelligence services, such as the Soviet KGB or the Chinese Ministry of State Security, this does not sufficiently articulate the threat.

CI is nothing less than stopping an adversary from gaining an informational advantage — and those adversaries can come in the form of traditional state actors or non-state criminal entities.

The Economic Espionage Act of 1996 acknowledged a broader interpretation of CI but, as the activities of the Office of Director of National Intelligence’s National Counterintelligence and Security Center have indicated, the United States is still largely addressing the threat as one from foreign governments.

Recent breaches and exploitations of the private sector illustrate the breadth of counterintelligence-related threats. The Equifax and Yahoo compromises illustrate that criminals can siphon off data and undercut Americans’ personal security. 

Russia’s use of U.S. social media platforms to implement an influence campaign provided an unfortunate reminder that foreign actors can also leverage the American private sector-run technology to manipulate opinion, an issue that the Foreign Agents Registration Act of 1938 was meant to curb.

Finally, the unremitting assault by Chinese operatives on U.S. intellectual property enhances foreign knowledge and degrades America’s informational advantage. CI efforts should, therefore, be premised not on specific actors but, rather, on how illicit or coercive actions — whether of a foreign or domestic origin — undermine U.S. elements of national power through the compromise of information.

Unfortunately, the U.S. government efforts remain ill-aligned to implement effective counterintelligence against the current and shifting legion of threats.

The FBI has reinvented its efforts to engage the private sector on CI issues at least four different times, establishing a track record that suggests that its latest effort, the Office of Private Sector (OoPS) will fare little better.

Furthermore, similar programs exist across multiple U.S. government agencies, including the Department of Defense, the Department of Commerce and the Department of Homeland Security. Significant elements of these programs are reactive in nature — responding only after things have gone wrong.

This posture fails to account for the reality that private industry, because of its innovative edge, is directly in bad actors’ crosshairs and is increasingly positioned to see indicators of threats before the government is aware of them.

Consequently, industry has the potential to bring as much value to the government as the government, with its investigative resources, can provide to industry. 

A new approach to CI must acknowledge the shifting dynamics of government-private sector relations. In contrast to the Cold War paradigm, which provided the underlying assumptions for the existing programs, the federal government is no longer a sponsor of new intellectual property.

Instead, it’s an adopter and adapter, through components such as In-Q-Tel and the Defense Innovation Unit Experimental, of work done by companies that are not beholden to U.S. government sponsorship. Harm to the private sector has significant implications for U.S. elements of national power, which remain reliant on the private sector’s work.

However, there is a wariness, for a variety of reasons, including corporate reputation, in private industry about cooperating with the U.S. government. Consequently, the federal government can no longer simply expect engagement. Rather, it must find a way to incentivize private sector involvement.

These intertwined issues can be addressed through rethinking the U.S. CI enterprise. As proposed by the Information Technology and Innovation Foundation, the center of this enterprise should be a hub for public-private sector collaboration, similar to the National Endowment for Democracy’s fusion of governmental and non-governmental efforts.

Resources previously allocated to multiple government agencies for CI outreach functions should be shifted to support creation of this new honest broker. By working with this agnostic entity, rather than immediately with an investigative agency, private-sector actors would avoid the costly stigmatization attendant to the perception that something has gone wrong.

Furthermore, this partnership would provide an opportunity for the private sector to keep the government apprised of indicators that suggest new or permuted threats. This would not only help the U.S. government to craft responses more quickly, but it would also allow the private sector to demonstrate good corporate citizenship in helping to combat criminal activity.

Establishment of a hub for CI would not take individual agencies out of the CI business but, instead, facilitate their efforts by allowing them to more incisively focus their resources.

This new enterprise would translate national security agencies’ concerns into publicly releasable explanations tailored to individual industry sectors’ unique circumstances. This would help them to head off threats before those threats resulted in consequences that required the commitment of limited investigative resources only after damage had already occurred.

Furthermore, a CI hub would be positioned to discreetly steer private sector entities, which did discover they had a problem, to the relevant investigative agency, making it easier for the private sector to confidentially request assistance. 

Rationalization of interagency CI efforts is overdue. There is currently a window of opportunity to accomplish this, which Director of National Intelligence Dan Coats opened when he indicated that he was looking for ways to streamline the IC. 

Rethinking the underlying assumptions of CI efforts and acknowledging the changed public-private sector dynamic would open the door to establishing an enterprise that would not only save the government money but actually do more with less.

Darren E. Tromblay has served in the U.S. intelligence community as an intelligence analyst for more than a decade. He holds an MA from the Elliott School of International Affairs at George Washington University and an MS from the National Defense Intelligence College. The views expressed in this article are solely those of the author and do not represent those of any U.S. government agency.