Thursday, March 29, 2007

A New Strategy for Counterintelligence?

It hasn't received a lot of attention (at least, not yet), but President Bush has approved a new counter-intelligence (CI) strategy for the United States. The Director of National Intelligence public affairs office issued a press release on Tuesday that outlined the new strategy, and its key objectives. They include:

  • Secure the Nation Against Foreign Espionage and Electronic Penetration
  • Protect the Integrity of the US Intelligence System
  • Support National Policy and Decisions
  • Protect US Economic Advantage, Trade Secrets and Know How
  • Support US Armed Forces
  • Manage the Counterintelligence Community to Achieve Efficient Coordination
  • Improve Training and Education of the Counterintelligence Community
  • Expand National Awareness of Counterintelligence Risk in the Private as well as Public Sector

Some of the stated goals are hardly surprising; securing the nation against foreign espionage, protecting the integrity of our intelligence system, supporting the armed forces, and improving counter-intelligence coordination are standard functions--tasks that CI organizations have always performed.

What is interesting about the new strategy--or at least, the bare details made public so far--is the apparent emphasis on economic counter-intelligence, and increased cooperation with the private sector. And, that shouldn't come as a real surprise, since economic and technical espionage represents one of the greatest security challenges facing this nation. Former FBI Director Louis Freeh once described economic espionage as "the greatest threat to national security" since the Cold War. According to one estimate, the theft or unauthorized transfer of trade secrets and proprietary data costs U.S. businesses about $250 billion a year, or roughly half the total cost of the Iraq War to date.

The economic intelligence crisis has been well-documented in Steven Fink's Sticky Fingers, which details the problem in corporate America. But obviously, the problem extends well-beyond the pilfering of trade secrets by a business competitor, or a employee who tries to peddle his company's most sensitive information for profit. Increasingly, the theft of such data is part of a state-directed effort that targets critical technologies, or entire business sectors. The People Republic of China has been conducting such operations on a massive scale for years. And, as Washington Times reporter Bill Gertz notes in his book Enemies: How America's Foes Steal Our Vital Secrets--and How We Let It Happen," Beijing has been quite successful in those efforts, allowing it to save billions of dollars--and years of research time--by simply acquiring (and copying) advanced U.S. technology.

But the Gertz book is also an exploration of critical counter-intelligence failures that allowed our enemies to steal key secrets. He recounts the career of Ana Montes, the Cuban "mole" who worked as a senior intelligence analyst at the Defense Intelligence Agency for two decades. Not only did Ms. Montes pass extremely sensitive information to her bosses in Havana, she also influenced U.S. government policies affecting Castro's government. When a DIA counter-intelligence official became suspicious of her activities, he was initially ridiculed by his superiors and the FBI.

The bureau--which runs domestic counter-intelligence efforts--receives special scrutiny from Gertz, and decidedly so. Over the last decade, the agency has been embarrassed by a number of bungles and blunders, including one case where a Chinese operative seduced two FBI agents, and persuaded both to pass sensitive information. In another example, the bureau spent years harassing a CIA operative, convinced that he was a Russian spy because he lived near a particular park. When the mole was finally caught, it turned out to be FBI agent Robert Hanssen, who passed sensitive counter-intelligence information to Moscow for years. Hanssen also lived near the park, but escaped detection for years.

Which brings us back to the nation's "new" counter-intelligence strategy. Is it viable? My first reaction is that the emphasis on economic intelligence is long overdue. Our adversaries have been stealing us blind--literally--for years, and the new strategy represents a needed effort to combat that threat. I'm also encouraged by its outreach to the private sector. For obvious reasons, many espionage rings target commercial firms, particularly in the high-tech and information sectors. To protect vital secrets, private firms need to be more aware of this threat, and provide information on suspected penetration attempts to the counter-intelligence community. That will provide a bigger picture that may identify spy rings earlier, and prevent the compromise of critical information. In that regard, the new strategy is a step in the right direction.

But the plan has some serious problems. For starters, we're still stuck with a counter-intelligence system that divides responsibilities between the CIA (for overseas operations) and the FBI, which handles the domestic end. Historically, this "partnership" has never worked very well, one reason that the strategy document calls for improved coordination, training and education. But that raises another question: do we have the luxury of time (and resources) to fix this broken system, or would we be better off in creating a new agency, combining resources from both the CIA and FBI (more on that in a moment). Failing to address this fundamental, organizational issue is the major flaw of the new strategy.

Additionally, I'd like to know more about how the CI plan will deal with terrorist-related spy efforts. As Mr. Gertz reported in his book, the U.S. has been targeted by at least 35 terrorist organizations through espionage, and some of those groups have proven adept at penetrating supposedly "secure" organizations to gain information, or carry out attacks. Clearly, it's difficult to assess a strategy on the basis of a one-page press release, but it would be interesting to know how the plan assesses that threat, and how it addresses it.

Supporters of the new strategy might argue that The National Counterterrorism Center (launched in 2003) represents the right approach, bringing together personnel from intelligence and law enforcement agencies to share information and develop terrorism analysis. Unfortunately, the center remains hampered by competing lines of control; look at its organizational lines, and you'll see that the NCTC works for both the DNI and the FBI director. That reality provides a compelling case for creation of a single, domestic intelligence agency, combining collection, analytical and counter-intelligence functions. Sadly, that option seems unlikely, since it would mean diminished roles (and resources) for both the CIA and the bureau.

Finally, as with any "national strategy," the devil is always in the details. Getting the various players to cooperate and share vital information remains a Herculean task. The prescribed training program will be another massive undertaking, and building those ties to the private sector will take time, too. All represent important steps in the counter-intelligence struggle, but the strategy document seems to ignore the essential question: can this plan actually work, given the organizational flaws that exist in our current system? The Bush Administration clearly believes it can, but some of us remain unconvinced. Fixing counter-intelligence requires revolutionary, rather than evolutionary, thinking.

***

I may be reading between the lines, but the new CI strategy outline doesn't say much about the "other" players in counter-intelligence--the armed services. While the Army, Navy and Air Force have long maintained CI elements, their role has (traditionally) focused on investigating espionage cases involving military personnel, or "external" spy operations aimed at military targets. If I'm reading the outline correctly, it looks like the "new" strategy envisions a similar role for military CI elements--and that might be a mistake. Military counter-intelligence units have gained valuable experience against insurgent groups in Iraq and Afghanistan, and that expertise could be useful in tracking terrorist espionage threats closer to home--assuming that legal requirements could be satisfied.

No comments: