HSEC 360 Exam 2
3 types of counterintelligence
1. Collection: gaining information about an opponent's intelligence collection capabilities that may be aimed at one's own country 2. Defensive: thwarting efforts by hostile intelligence services to penetrate one's service 3 .Offensive: having identified an opponent's efforts against one's own system, trying to manipulate these attacks either by turning the opponent's agents into double agents or by feeding them false information that they report home
Components of Successful D&D
1. The campaign benefits from strategic coherence. The deceiver nation must have an overall plan in mind for the achievement of its objectives; it must determine in advance how the target should behave and how deception will contribute to that outcome. The deceiver also must predict how the target will react in the wake of both successful and unsuccessful deception. Additionally, the deceiver must integrate its actions with (a) efforts to deny an opponent accurate information and (b) deceptive cover stories. 2. deception is enhanced when the strategic culture of the adversary is understood. To be successful, the deceiver must recognize the target's perceptual context to know what (false) pictures of the world will appear plausible. History, culture, bureaucratic preferences, and the general economic and political milieu all influence the target's perceptions 3. Deception requires information channels to reach the adversary. Supplying the target with corrupt information in creative ways can also increase its credibility in the eyes of the target. Deception planners thus require the authority and imagination to exploit traditional channels and develop new ones on an ad hoc basis. 4. A successful D&D campaign benefits from feedback mechanisms to collect data about the target's behavior. Discovering the way the target has interpreted received data is especially important. A deception campaign is a dynamic enterprise: cover stories, communication channels, and specific initiatives require fine-tuning to take advantage of unforeseen opportunities or problems.
COA
*A military deception course of action (COA): the plan developed during the estimate process in sufficient detail to permit decision-making. At a minimum, a deception course of action will identify the deception objective, the deception target, the desired perception, the deception story, and tentative deception means
Fukuyama
*After the Soviet collapse in 1989, Francis Fukuyama's End of History prediction failed to materialize. Countless internal conflicts have prevailed, usually for longer periods than interstate wars. This has in turn led to a higher priority on counterintelligence.
Since 9/11
*Also known as COIN (Counter Insurgency), these measures have expanded over the past years to fighting cyber espionage, which causes serious damage to organizations and states.
Minimizing Threats
*Although the threat of D&D cannot be eliminated, there are ways to minimize its adverse impact: 1. Develop a program to increase awareness in U.S. government circles of the use and methods of D&D efforts; 2. Increase public and media awareness of D&D; 3. Increase awareness of the trade-offs entailed in revealing current U.S. collection and analytic methods; 4. Train intelligence collectors, analysts, and managers; and 5. Synthesize available knowledge and prepare for the future.
National Security Letters
*An investigative technique that has been used in espionage cases, authorized since 1978 as an exception to the law protecting personal financial data *NSLs are a type of administrative subpoena, not requiring a judicial order, most often used by the FBI and also the CIA requiring the recipients to turn over records and data pertaining to individuals under gag order. (example, Apple and the phones of the San Bernardino shooters)
Five Eyes
*Aside from NATO, the Five Eyes intelligence network between the USA, the UK, Canada, Australia and New Zealand is the world's most enduring multilateral arrangement of its type. *While the Five Eyes network does not constitute a formal security alliance in the classic sense of the term, it does emulate significant features of how alliances operate in practice, including active burden-sharing and intra-alliance bargaining.
Strategic Intelligence vs. Counterintelligence
*Avner Barnea argues that counterintelligence is a much less researched subfield of the intelligence discipline. *One reason for this scholarly neglect is the perception of counterintelligence as highly sensitive due to its preoccupation with internal affairs, considered too confidential for open discussion. *Another reason is the apparent lack of understanding of the real contribution of counterintelligence to national security.
External Indicators and Counterespionage
*Besides internal measures taken to prevent or to identify problems, counterintelligence agents look for external indicators of problems *They may be more obvious: -such as the sudden loss of a spy network overseas, -a change in military exercise patterns that correspond to satellite tracks, -or a penetration of the other service's apparatus that reveals the possibility of one's own having been penetrated as well *Or subtle: -The odd botched operation -Failed espionage meeting or negotiation in which the other side seems to be anticipating one's bottom line
Big and Little CI
*Big CI : Strategy (The why; reasons--was this tied to some specific need or tasking or simply opportunistic? What is the nature of the penetration and the goals of the nation running it?) *Little CI: Tactics (The how - how it happened, how long has it been going on, who on the other side is responsible for tasking and running the op, what info has been compromised, and issues of tradecraft) *Damage Assessment: A procedure to determine what intelligence has been compromised *Graymail: (as opposed to blackmail) threatening to reveal classified information in open court as a means of avoiding prosecution
It is important to note...
*By U.S. policy, PSYOP and public affairs officers do not deny nor deceive : *"PSYOP techniques are used to plan and execute truth projection activities intended to inform foreign groups and populations persuasively. Public affairs (PA) provide objective reporting, without intent to propagandize. As open sources to foreign countries and the United States, PA channels can be used to disseminate international information. *To maintain the credibility of military PA, steps must be taken to protect against slanting or manipulating such PA channels [emphasis in original]."
Is it a Threat?
*By the term "deception operation" the author intends to encompass actions designed to provide misleading information to a target, to include "true lies" and "partial truths," and even truths imparted deceptively, as a means to skew the recipient's data to encourage/discourage a conclusion favorable/unfavorable to the deceiver.
Problems in Counterintelligence
*Clandestinity: secretive/undercover *Trust and suspicion (internal, with other agencies, with allies)
Counterdeception
*Counterdeception includes: the intelligence activities to identify denial and deception operations as well as the operational activities undertaken to negate, neutralize, diminish the effects of, or gain advantage from foreign denial and deception operations. *(Here, notice, we depart from the DoD definition, which limits the termto operational aspects only: -"Counterdeception includes efforts to negate, neutralize, diminish the effects of, or gain advantage from a foreign deception operation. Counterdeception does not include the intelligence function of identifying foreign deception operations.")
Counterintelligence
*Counterintelligence (CI): Efforts taken to protect one's own intelligence operations from penetration and disruption by hostile nations or their intelligence services *Executive Order 12333 (1981, revised 2008) defines it as "information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect" against espionage and other activities carried out by foreign states or non-state actors. *It is more than a security issue; both analytical and operational, it is not a separate step in the intelligence process but should pervade all aspects of intelligence.
A Neglected Element of Intelligence
*Counterintelligence: organized activity of an intelligence service designed to block an enemy's sources of information, to deceive the enemy, to prevent sabotage, and to gather political and military information (Webster) *Overall, however, CI has been largely characterized as a ''neglected element'' of the intelligence discipline *Denigrated as less intellectual than analysis, less thrilling than foreign intelligence collection, contrary to the notion of democratic norms, it is usually considered, at best, a necessary evil to support operational security *Non State Actors make unlikely candidates as spies to infiltrate the U.S. federal government. *Dissimilar from their state-level counterparts, they are significantly less capable of mustering the enormous financial, technical, and training resources necessary to infiltrate the national security architecture of foreign powers
Practitioners of Denial and Deception
*Deceivers can be divided into four categories: 1. Democracies: employ D&D mostly in wartime; Americans are often unaware of the successful D&D campaigns of other democracies, especially in peacetime. 2.Authoritarian regimes: authoritarian and especially totalitarian regimes use denial and deception as a regular instrument of governance 3. Regimes in transition (changing from authoritarian to democratic or vice versa): Some regimes are in transition from an authoritarian to democratic form of government. Some seek to reverse the process, while others may seek to increase their foreign capabilities to alter the international status quo. When increasing their military capabilities some powers are attracted to denial and deception as a means of protecting developing weapons and military infrastructures from outside interference or treaty commitments 4. Nonstate actors (criminal organizations, terrorist groups, separatist organizations): The way nonstate actors employ D&D poses a rising threat to U.S. interests and those of other democracies. Transnational businesses, criminal syndicates, revolutionary organizations, terrorists, and religious groups pursuing illicit objectives, all must seek cover to operate effectively. For criminals, rebels, and terrorists, denial becomes their raison d'être.
Domains
*Deception operations are also carried out in one of three fundamental realms, or domains of human knowledge based upon the semiotic distinction between physical and cognitive objects, and the symbols by which we relate them. -The physical domain encompasses the material world of mass, energy, and the laws of physics that regulate them. Deception activities in this domain manipulate the physical signatures of objects and events. -The abstract symbolic domain of information is conveyed by symbolic transmission between humans using the symbols of words, numbers, and graphics that encode and represent objects perceived in the physical and conceived in the cognitive domain. Deception activities in this domain target computers, communication systems, cryptosystems, and other symbolic channels. -The cognitive domain is the realm of human thought—the ultimate target of deception, the realm where uncertainties, ambiguities, and well-placed deceptions can cause misperception and ultimately misjudgment. This is the target of direct human-to-human influence as well as deceptions communicated through the physical and symbolic domains to decision-makers.
Perspectives and Applications of Deception
*Deception operations are generally categorized by three the levels of warfare at which they target their effects: strategic, operational, and tactical. -Strategic deception is aimed at the highest levels of government or the military chain of command. The intended targets are those who formulate strategy, policy, and military plans and operations at national and theater levels. -Operational deception is con-ducted at the level of war at which campaigns and major operations are planned, conducted, and sustained to accomplish strategic objectives within theaters or other operational areas. It targets the decision-making of those who plan and conduct major operations. -Tactical deception operations intend to create effects at the engagement and battle level. Tactical operations include a wide range of methods, for example, physical decoy placements, optical signature suppression, electronic jamming, signal encryption, document forgery, computer attack, and deceptive propaganda.
Denial and Deception
*Denial and deception (D&D): a term often used to describe a combination of information operations that a nation undertakes to achieve its objectives. *Denial: refers to the attempt to block information that could be used by an opponent to learn some truth. *Deception: by contrast, refers to a nation's effort to cause an adversary to believe something that is not true.
Basic Terminology
*Denial: includes those measures designed to hinder or deny the enemy the knowledge of an object, by hiding or disrupting the means of observation of the object *Deception: includes those measures designed to mislead the enemy by manipulation, distortion, or falsification of evidence to induce him to react in a manner prejudicial to his interests. The goal of deception is to make an enemy more vulnerable to the effects of weapons, maneuver, and operations of friendly forces. *Denial and deception (D&D): include the integration of both processes to mis-lead an enemy's intelligence capability. The basis of denial is dissimulation, the concealing of the truth and the basis of deception is simulation, the presentation of that which is false. The acronym C3D2 is synonymous with D&D; it refers to cover, concealment, camouflage, denial, and deception. *Deception means: are those methods, resources, and techniques that can be usedto convey information to the deception target. The U.S. DoD categorizes means as: 1. Physical means: Activities and resources used to convey or deny selected information to a foreign power. (Examples are military operations, including exercises, reconnaissance, training activities, and movement of forces; the use of dummy equipment and devices; tactics; bases, logistic actions, stockpiles, and repair activity; and test and evaluation activities.) 2. Technical means: Military material resources and their associated operating techniques used to convey or deny selected information to a foreign power through the deliberate radiation, reradiation, alteration, absorption, or reflection of energy; the emission or suppression of chemical or biological odors; and the emission or suppression of nuclear particles. 3. Administrative means: Resources, methods, and techniques to convey or deny oral, pictorial, documentary, or other physical evidence to a foreign power. *The deception target: the adversary decision-maker with the authority to make the decision that will achieve the deception objective—the desired result of the deception operation. *Channels of deception: the information paths by which deception means are conveyed to their targets.
OPSEC
*Even the simplest deception employs a stratagem that includes an: operational security (OPSEC) plan to protect the deception itself. *OPSEC (operational security) is an analytical process that classifies information assets and determines the controls required to protect these assets.
Policy Makers
*First, policymakers are likely to trust their own sources as intelligence-policy relations deteriorate. This is not necessarily a bad thing if their sources are knowledgeable and forthright, but it can be a very bad thing if their sources are motivated by rigid ideological beliefs. *Second, engaging in soft politicization means that intelligence officials are deliberately withholding details that might challenge policy beliefs. Near-term strategic decisions are more vulnerable to cognitive biases and wishful thinking under these conditions. *Finally, in the worst-case scenario soft politicization will encourage strategic inertia, especially if it sets off the negative feedback loop described above. *Policymakers who increasingly rely on a narrow circle of confidants (or worse, sycophants) and who indulge in wishful thinking are likely to be incapable of changing course even in the face of mounting evidence that their strategy is misguided.
Economic Espionage
*Foreign economic theft that is proprietary but not classified by foreign entities. *The Justice Department states that all cases affecting national security, even tangentially, would be coordinated with Justice's national security staff, rather than being treated exclusively as white-collar crime
Exploitable Risks
*In attempting to further human intelligence, recruitment also burdens the IC with at least two significant CI risks exploitable by non-state actors: 1. foreign intelligence partners may find lower security thresholds tolerable, and feel no need to exercise high CI standards or operational integrity 2. Many of these new or reestablished liaisons may not necessarily be penetrated by violent NSAs, yet parochial interests within the services themselves may collude with groups hostile to the U.S.
New Terrorism
*In conceptualizing the components of the so-called "new terrorism" —religiously-motivated, increased lethality, and the potential use of WMDs—far from an objective and impartial analysis of this supposed phenomenon, such proponents have helped to actively construct the new "fanatical," "irrational," and "nihilistic" enemy confronting the hegemonic West.
Deception
*In his books on The Art of War, Niccolo Machiavelli recommended: "No enterprise is more likely to succeed than one concealed from the enemy until it is ripe for execution.... When you are aware that the enemy is aquainted with your designs, you must change them. After you have consulted with many about what you ought to do, confer with very few concerning what you are actually resolved to do."
The Same Reason Why They Are Vulnerable
*In order to understand the culture better, people from the culture are recruited with language skills and knowledge *The majority of foreign intelligence services that seek to collect against American targets ''practice ethnic recruiting, that is, seek to recruit persons of the same ethnic background as the foreign intelligence officer.'' *These vulnerable individuals ''may more often become motivated to do so [commit espionage] due to feelings of obligation or loyalty to foreign country or foreign friends and relatives.''
The Changing Role of Deception in National Security
*Information Superiority: enabling decision superiority *Strategic Information Operations: *Three influences on the importance of deception: 1. Formal integration and synchronization of deception into offensive operation 2. Defensive IO similarly integrates countermeasures to adversary deception 3. The computer network operations (CNO) component of IO has introduced new forms of deception and counterdeception to the domain of computer-to-computer conflict *Global Proliferation: The proliferation of weaponizable technologies and weapons of mass destruction(WMD) has prompted nations and terrorist groups alike to employ extensive deception measures to hide their activities from surveillance. *Asymmetry and Individual Power: Asymmetric war forms have risen to challenge military superiority by adversaries unable to compete symmetrically.
Internal Safeguards
*Internal safeguards are a series of internal processes and checks, the main purposes of which are to weed out applicants who may be unsuitable and to identify current employees whose loyalty or activities are questionable *Polygraph: (sometimes mistakenly referred to as a lie detector) a machine that monitors physical responses (such as pulse or breathing rate) to a series of questions, of which a change in physical responses may indicate falsehoods or deceptions. *Different types of tests may include lifestyle poly (personal behavior) and the counterintelligence poly (foreign contacts, handling of classified information) *Compartmented system (the use of classification and restricting access to information. *Need to Know (Restricting access only to key personnel) *Responsibility to Provide (DNI Mike McConnell 2007-2009, a change of emphasis to Need to Know where officers and agencies would be evaluated by the degree to which they actively seek to share intelligence within the community) *Reciprocity (the willingness or unwillingness of agencies to accept the validity of clearances granted by other agencies; speaks to different standards within the community) *Sleeper agents (agents sent to another nation to assume normal lives who then become active agents at some time later)
Leaks
*Leaks: the unauthorized release of classified information *Insider Threat Program: Activity to deter, detect, and and mitigate leaks within an organization *Whistleblower: a person who informs on a person or organization engaged in a perceived or actual illicit activity *Over-Classification: Often an attempt to mitigate the transfer of information *Classified National Security Information (CNSI, 2017): ODNI published uniform guidelines for classification and markings to include a risk-management strategy for classification decisions to avoid over-classification and making declassification and downgrading an integral part of the strategy.
Military Deception Operations
*Military deception operations, then, are conducted to mislead an enemy, and include activities such as the: -Ruse that involves the deliberate exposure of false information; -Demonstration that presents a show of force on a front where a decision is not sought; -Display that presents a static portrayal of an activity, force, or equipment often involving the use of decoys; -Feint in which an offensive action is conducted involving contact with the adversary conducted for the purpose of deceiving the adversary as to the location and/or time of the actual main offensive action.
What Can Be Done to Mitigate this?
*Offensive Counterintelligence: Deception, or attempting to turn enemy agents into double agents or giving them false or misleading information once they have been identified in hopes that these agents will report the information back to their home nation. *Tailored Counterintelligence: Training at Home: specifying its CI training platforms for those most likely to be targeted in the national security infrastructure. These classified training programs could cover such topics as recent developments in Islamist intelligence activities, Chinese recruitment tactics, or annual Israeli targeting requirements *Counterintelligence Training with Liaison Partners: Maintaining the favorable balance between sharing intelligence on threats of mutual interest with other governments, while simultaneously protecting U.S. assets. The U.S. can buttress these alliances through training foreign services on how to practice better CI in their own organizations. *Track All Access to Classified Material: A tracking mechanism for classified material that limits the scope of access.
Intelligence Failure
*One scholar defined intelligence failure as 'organizational surprise resulting from incorrect information, a lack of information, or disregard disability's hypotheses' *The CIA defined it as 'a systemic organizational surprise resulting from incorrect, missing or impaired hypotheses' *Others see intelligence failure as one of the stages of the 'intelligence cycle' *"What is common to all these definitions of intelligence failure is their overriding preoccupation with international conflicts, interstate wars and surprise attacks"
Intelligence That May Be Gathered from Penetration
*Possible intelligence alliances (Soviet KGB and Polish emigres in the US for "wet affairs" (assassinations) (AKA "wet works") *Double agents: agents who have been turned once, discovered, and then turned again by their own side
Psychological Operations (PSYOP)
*Psychological Operations (PSYOP): PSYOP are the planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals. *The purpose of psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the originator's objectives. *Note that military deception targets military forces, and PSYOP targets foreign audiences—both civil and military.
Self Fulfilling Prophecy
*Stephen Marrin notes that the so-called intelligence cycle, a linear model in which objective intelligence estimates are delivered in advance of policy decisions, is at odds with the messier business of policymaking. *This means that attempts to preserve the autonomy of intelligence in order to prevent politicization are essentially attempts to uphold a fiction. *Moreover, policymakers have particular insights that intelligence officials should not ignore. The intelligence community should avoid the habit of assuming that their estimates will suffer if they are informed by policy considerations; some effort to invest policy beliefs into estimates might actually yield a more accurate and useful product. *However, this would require intelligence leaders to accept the discomfiting notion that they should modify their estimates in response to policy feedback, even if this increases the risk of politicization.
Available Assets
*Two variables, in particular, interact to raise the chances of this threat from belligerent Islamic extremist groups: the increased need for intelligence officers with specific cultural and language credentials, and the practice of ''ethnic recruiting.''
Propaganda
*White propaganda targets a general population while openly acknowledging the source of the information; *Black propaganda targets a general population while attempting to remain covert, hiding the true source (e.g., clandestine radio and Internet broadcast, independent organizations, and agents of influence). *Coordinated white and black propaganda efforts, for example, were strategically coordinated by the Soviet Union throughout the Cold War as "active measures" of disinformation (Dezinformatsia)
Richard Betts
It is difficult to navigate the thin line between constructive criticism and improper meddling, Betts concludes, but is an unavoidable task for intelligence officials who must respond to legitimate policy concerns while simultaneously protecting the integrity of analysts. *'Outright pandering clearly crosses the line', Betts argues. 'But what about a decision simply not to poke a policymaker in the eye, to avoid confrontation, to get a better hearing for a negative view by softening its presentation when a no-compromise argument would be certain to provoke anger and rejection?'
Catching Aldrich Ames: Sandy Grimes and Jeanne Vertefeuille
Know these women: Sandy Grimes and Jeanne Vertefeuille
Maskirovka and Dezinformatsiya
Maskirovka: Russian Deception Dezinformatsiya: Disinformation
Why spy? MICE
Money Ideology Compromise (Or coercion, example: blackmail) Ego, you know more than a new director and try and show them
How is D&D Practiced?
Who's target is Diplomats, academics, and business travelers offer convincing conduits for the information they discover by "accident" during the regular course of their professional activities.
Double Agents
agents who have been turned once, discovered, and then turned again by their own side
Asset Validation
confirming the bona fides of human intelligence, or HUMINT, sources
counterespionage
countering penetrations of one's service
Disinformation
putting out false information to support penetrations
Operational Tradecraft
refers to the techniques, methods and technologies used in modern espionage (spying) and generally, as part of the activity of Intelligence assessment. This includes general topics or techniques (dead drops, for example), or the specific techniques of a nation or organization (the particular form of encryption (encoding) used by the National Security Agency, for example).