New Counterintelligence Strategy: Focus on Cyber


The Office of the Director of National Intelligence's new strategy aims to detect, mitigate and prevent cyberattacks.

A new national counterintelligence strategy aims to learn from the recent Office of Personnel Management hack, attributed to state-backed Chinese actors, which compromised the personal information of 22 million current, past and future federal employees and contractors. 

The 2016 strategy, published this week, broadly outlines a plan for detecting, mitigating and preventing such threats, both from "foreign intelligence entities" and from malicious employees. 

“As the recent cyberintrusion against the Office of Personnel Management illustrated, even federal agencies that hold sensitive but not classified data are at increased risk of being targeted by foreign adversaries," said a statement signed by President Barack Obama at the top of the DNI document. 

"The expanding and interconnected nature of espionage threats" needs a unified government response to "safeguard our most valuable security and economic information," the statement stated. 

The strategy sketches out general steps for that safeguarding process, including "deepening our understanding of foreign intelligence entities' plans, intentions, capabilities, tradecraft and operations targeting U.S. national interest and sensitive information and assets," and ensuring the secure information transfer between the public and private sectors. 

“Our national security hinges on our ability to break down the wall separating [counterintelligence] from other core functions," the strategy said, and moving beyond a system in which "protecting sensitive information and assets are the realm solely of [counterintelligence] and security professionals."

And protecting the personally identifiable information of citizens -- including the records compromised in the OPM hack -- has become increasingly difficult as information is transferred much more quickly than ever before, according to DNI.

In the strategy, DNI also emphasized the importance of detecting insider threats, especially by picking up on anomalous employee behavior. For instance, among other steps, agencies are to "analyze [foreign intelligence entity] activities to discern patterns of behavior potentially indicative of an insider threat."

The 2016 strategy isn't all new, and echoes themes from previous years. In 2009, the National Counterintelligence Strategy also called for the integration of counterintelligence with cybersecurity operations. 

"The intelligence community must integrate counterintelligence into all aspects of computer network operations, workforce development, education, and awareness programs," it said. "We must identify, monitor, exploit and defeat hostile cyber activities through both offensive and defensive measures."