The Trump administration’s counterintelligence strategy, released Monday, aims for stronger collaboration between the intelligence community and the private sector on detecting and stopping foreign intelligence threats to U.S. entities.
The plan, which President Donald Trump approved in early January, emphasizes a longstanding government argument that the private sector must do more to prevent foreign espionage. As state-sponsored hackers target more U.S. companies, corporate America should prioritize preparations to stifle similar attacks in the future, the director of the National Counterintelligence and Security Center, Bill Evanina, told reporters at a briefing Monday.
“A hostile nation state attack on a private U.S. company … is a counterintelligence attack on our nation,” he said. The NCSC is part of the Office of the Director of National Intelligence.
Earlier on Monday the Department of Justice announced charges against four members of the Chinese People’s Liberation Army for allegedly hacking into Equifax to steal information about roughly 147 million Americans. Prosecutors also alleged the four PLA members also had stolen trade secrets from the credit reporting agency.
The plan broadly addresses how the NCSC and private sector can better protect against disinformation, hacking against critical infrastructure and key U.S. supply chains, as well as operations that may impact the U.S. economy.
How companies fit into the plan
While recommendations in the sweeping NCSC strategy include a broad range of ideas, including enhanced information sharing and developing capabilities to track foreign cyber-operations, Evanina told reporters he has one broad measure of success: that Americans and CEOs interpret the Equifax hack and similar attacks to be examples of counterintelligence operations carried out by hackers working on Beijing’s behalf.
Evanina said his top two concerns with Chinese hacking efforts is that they result in either the collection of troves of data to enhance or drive the country’s artificial intelligence capabilities, or the collection of information on Americans to better hone future espionage operations.
In response, Evanina said he would like to see corporations gather their general counsel, chief security officer, chief technology officer, and head of human resources with law enforcement on a quarterly basis to discuss potential threats. Companies also should prepare crisis strategies and conduct tabletop exercises to test for insider threats and supply chain attacks once a year, he said.
The new strategy stems, in part, from an understanding that threats against the U.S. and the private sector are rapidly changing. They’re expanding in part because nation-states and criminals alike have gained access to some of the most sophisticated computer exploits in the world following classified leaks from the U.S. intelligence community in recent years, according to the strategy document.
“The global availability of technologies with intelligence applications … and the unauthorized disclosures of U.S. cyber tools have enabled a wider range of actors to obtain sophisticated intelligence capabilities previously possessed only by well-financed intelligence services,” the strategy says.
The language is an implicit recognition of problems caused by the disclosure of secret U.S. hacking tools made public by groups like the Shadow Brokers and, according to the Justice Department, a former CIA developer.
To counteract foreign intelligence operations, the strategy suggests adopting better hiring of “cyber counterintelligence and technical security experts,” developing new capabilities to counter foreign cyber-operations in the U.S., and “new analytic tools to improve threat warning” on threats to critical infrastructure.
ODNI also wants to gain more insight into adversaries’ propaganda campaigns that could “undermine confidence in our democratic institutions and processes,” such as the disinformation operations Russia leveraged in the buildup to the 2016 presidential election. The stakes are high right now, as Russia is currently engaged in “information warfare” related to the 2020 presidential elections, FBI Director Chris Wray told the House Judiciary Committee last week.
The government also must improve its counterintelligence efforts in terms of understanding how possible Chinese and Russian adversaries are operating out of Cuba, Evanina added. The U.S. intelligence community has a plethora of analysts who understand Chinese and Russian intents and capabilities, for example, but the U.S. needs to “merge” that expertise and “put it into context” in Cuba, Evanina said.
This new counterintelligence plan also aligns with some initiatives the U.S. intelligence community has undertaken in the last year, such as the National Security Agency’s creation of a cybersecurity directorate to better share tips on nation-state threats with the private sector so they can gain a better awareness of the threats against them.