[Back]

[Index]

[Next]

Operations Security
INTELLIGENCE THREAT HANDBOOK


Section 7

THE CHANGING THREAT AND OPSEC PROGRAMS

Introduction

This section examines the threat trends that are likely to affect OPSEC program managers and adversely impact their ability to protect critical information. The number of nations and groups that can obtain intelligence on U.S. activities is expanding as intelligence collection equipment and advanced information systems become more common, and the technologies they are based; on become available throughout the world.[1] OPSEC managers must take into account the wide variety of intelligence collection threats and the exponential growth in the availability of information. These trends are likely to continue and must be factored into the development of any OPSEC program.

Changing Nature of the Intelligence Collection Threat

Traditionally, the subjects of information gathering by U.S. adversaries have been: indications of U.S. military operations, foreign policy information, U.S. Intelligence Community weaknesses, the theft of military or dual use technologies, and obtaining an understanding of U.S. national security and military capabilities have. As a collateral activity, some of these nations, in particular the former Soviet Union and China, have collected information for the benefit of their national technology programs and industries. Open source collection has been used by our adversaries for acquiring information on new technologies and industrial processes. Foreign intelligence organizations have routinely gathered information on technological innovations through technical, scientific, and engineering publications, or through attendance at conferences focused on targeted technologies. Foreign intelligence services also collected information from government publications, newspapers, magazines, and research reports concerning military doctrine, foreign and economic policy development, and other issues of interest.[2]

The current intelligence collection threat is very different than it has been in the past. A number of factors have influenced this change:

Information Has Value. More nations and groups have come to see information as a critical component for making timely decisions and have come to see information as having value independent of material attributes. As a result, more people are interested in collecting information, analyzing that information, and disseminating a product for use by decision makers.[3]

Information is More Readily Available. The availability of information has grown exponentially because of the growth of specialized information sources, the advent of on-line data bases, and development of sophisticated search tools that can be used to extract information from many data sources in minimal periods of time.

Availability of Collection Assets. Collection technologies such as imagery platforms and SIGINT collection equipment are commercially available throughout the world. Russia is particularly aggressive in its international sales of SIGINT and electronic warfare equipment. Many of the nations that are buying the Russian equipment are openly hostile to the United States, and may be providing either the equipment or information derived from it to terrorist organizations. The introduction of commercial imagery systems that will be able to produce one meter resolution imagery has made it largely unnecessary for the majority of U.S. adversaries to have their own collection capability. All they will need is the ability to analyze images that they can purchase froth a commercial enterprise.[4]

Worldwide Media Access. The ability of the media, in particular CNN, to obtain and broadcast information worldwide in near real time benefits all countries and organizations in their collection efforts.[5]

Interconnected Communications Systems. Unprotected, interconnected communications systems designed for the instantaneous transmission of data provide computer intruders with a wealth of proprietary and government information. Intruders may be members of foreign intelligence organizations, criminals, hackers, reporters, or members of issue-focused groups who wish to embarrass a particular organization.[6]

Adversary and competitor intelligence collectors focus on a much wider range of collection targets than they did in the past, and many of their targets may not consider themselves to be at risk. For example, until recently, most U.S. companies did not consider economic intelligence collection to be a serious threat to their profitability. Only in the last several years have industry and government begun to work together to protect industry from intelligence collection activities. In the changing threat environment, it is important to identify and protect that critical information in response to the assessed intelligence collection threat. OPSEC provides a method to determine the level of risk associated with a given threat and the cost-effectiveness of proposed security countermeasures. Accurate, timely threat assessments are of key importance in developing cost-effective OPSEC countermeasures. The next portion of this section examines the threat assessment requirements for the expanding intelligence collection threat.

Assessing the Intelligence Collection Threat

Because of the changing nature of the intelligence collection threat, OPSEC program managers must consider a far broader range of collection threats than they have in the past. The examples of threats discussed in this handbook represent the capabilities of our adversaries to gain information concerning sensitive programs in the United States. In developing an OPSEC program, the OPSEC program manager must consider the capabilities of foreign intelligence services, the amount of information that may be available through open source analysis, the vulnerability of his facility to intrusive arms control inspections, and the likelihood that the organization's computer and communications systems have been accessed by intruders. The growth in the amount of information in publicly available databases has increased the need to determine if indicators are present in the public domain that could result in the compromise of critical information. For many organizations, this analysis is important in the development of their OPSEC program.[7]

Obtaining Threat Assessment Information and OPSEC Planning Assistance

Threat information can bee obtained through a number of sources within the United States Government, such as the Federal Bureau of Investigation (FBI), the Defense Intelligence Agency (DIA), the Defense Investigative Service (DIS), the Department of Defense Security Institute (DODSI), the Department of Energy (DOE), the Department of State (DOS), and the National Counterintelligence Center (NACIC). These agencies are responsible for protecting U.S. government and commercial activities, and executing counterintelligence programs, security education, or threat analysis. Each of these agencies is discussed below.

Federal Bureau of Investigation (FBI)

The [BI has primary responsibility for counterintelligence investigations within the United States and can provide a variety of support services and classified analytical products to Government agencies. An integral part of the FBI's counterintelligence efforts is the Development of Espionage, Counterintelligence and Counterterrorism Awareness program (DECA). DECA is the [BI's medium for providing foreign intelligence threat information--especially information concerning economic espionage to the private sector. DECA coordinators are located in the FBI's 56 field offices and can provide both classified and unclassified threat briefings and analyses tailored to the needs of the requesting business.

Defense Intelligence Agency (DIA)

The DIA is a combat support agency and the senior military component in the U.S. Intelligence Community. It provides intelligence in support of joint military operations in peacetime, crisis, contingency, and combat; service weapons systems acquisition; and defense policy making. The DIA prepares CI risk assessments for the DoD and conducts a variety of assessments and studies on the foreign intelligence collection threat. The DIA also assesses the threat to our military capabilities posed by illegal transfers of high technology to U.S. adversaries.

Defense Investigative Service (DIS)

DIS is responsible for safeguarding classified information received, produced, stored, and disseminated by U.S. Government contractors. DIS shares information with industry about specific targeting techniques used by foreign intelligence organizations. The focus of the DIS program is the protection of Government classified. information. DIS provides information about the targeting of specific technologies or specific contractors based on its analysis of information from databases such as the Foreign Ownership, Control, or Influence (FOCI) database and various elements of the Foreign Disclosure and Technical Information System. Foreign threat information is also developed through personal security interviews by DIS Special Agents, by Industrial Security representatives during inspections and facility visits conducted under the auspices of the National Industrial Security Program (NISP), and through liaison with other government agencies. Reports developed by DIS are disseminated throughout the DoD, to the U.S. Intelligence Community, and to cleared defense contractors during industrial security visits. Specific threat data can be obtained directly from any DIS Industrial Security representative.

Department of Defense Security Institute (DODSI)

DODSI develops and presents courses on DoD security countermeasure programs. DODSI conducts instructional courses on industrial, personnel, and information security. Discussion of intelligence collection threats are an inherent part of training provided by DODSI. DODSI also publishes unclassified security awareness publications. The best known of these publications is the Security Awareness Bulletin, which is distributed to 25,000 customers in government and industry. Articles often highlight foreign economic and industrial intelligence efforts, and methods to protect against such activities.

Department of Energy (DOE) Counterintelligence Division

The DOE Counterintelligence Division is responsible for analyzing foreign intelligence collection threats, providing awareness training, and disseminating threat assessments to government and contractor activities. The CI Division publishes classified and unclassified threat assessments, and distributes bulletins and newsletters concerning foreign intelligence threats to DOE activities and facilities. This data can be provided to U.S. Government agencies and corporations that have entered into cooperative research and development agreements (CRADA) with DOE. The DOE also conducts the Defensive Information to Counter Espionage (DICE) program to disseminate threat information to a variety of audiences. DICE provides current threat information through training programs and the presentation of threat briefings at selected classified conferences.

Department of State (DOS) Bureau of Diplomatic Security

The Bureau of Diplomatic Security (DS) is responsible for protecting the Secretary of State and other senior leaders in the department, ensuring the security of overseas diplomatic facility and department activities within the United States, conducting counterterrorism and antiterrorism activities in support of the Department's role as lead agency for foreign terrorist incidents; and investigating violations of U.S. passport laws. In support of its mission, DS conducts threat assessments, and provides U.S. Government and private entities overseas with threat assessment support through its Regional Security Officers. DOS's Overseas Advisory Council (OSAC) is a joint DS and industry venture that cooperates on overseas security problems of mutual concern. An area of growing concern for OSAC is the intelligence collection threat faced by U.S. businesses overseas. OSAC gathers and disseminates threat information to member businesses. To exchange threat information as expeditiously as possible, the OSAC Electronic Bulletin Board (EBB) has been implemented. The EBB provides a means for businesses to exchange information among themselves and with the Department. It also provides a means for the Bureau of Diplomatic Security's Office of Intelligence and Threat Analysis to disseminate threat information.

National Counterintelligence Center (NACIC)

The NACIC was established in accordance with Presidential Decision Directive 24, U.S. Counterintelligence Effectiveness, issued in May 1994. The NACIC coordinates the U.S. Government's efforts to identify and counter foreign intelligence threats to U.S. national and economic security. The NACIC conducts analyses of emerging collection threats and identifies and broadly disseminates information on HUMINT and technical collection methods. As appropriate, the NACIC provides analytical products to private firms based on classification and dissemination caveats.

Obtaining Assistance from the Interagency OPSEC Support Staff

The Interagency OPSEC Support Staff (IOSS) was established in January 1989 to carry-out national-level, interagency OPSEC training for executives, program and project managers, and OPSEC specialists; to act as a consultant to the Executive departments and agencies in connection with establishment of OPSEC programs and conduct of OPSEC surveys; to conduct OPSEC related analyses; and to provide an OPSEC technical staff to the National Security Council. The IOSS can provide government agencies and their contractors with support in the following areas:

OPSEC Training and Educational Courses

Assistance in the Development of OPSEC Programs

OPSEC Survey Support

Development of Publications and Training Materials

Requests for OPSEC program assistance should be sent to:

Director

Interagency OPSEC Support Staff

6411 Ivy Lane, Suite 400

Greenbelt MD 20770-1405

(301) 982-0323 /(800) 688-6115

Sources

1- Testimony of Robert M. Gates, Director of Central Intelligence, contained in U.S. House of Representatives, The Threat of Foreign Economic Espionage to U.S. Corporations, Hearings before the Subcommittee on Economic and Commercial Law, Committee on the Judiciary, April 29 and May 7, 1992, Washington, DC: USGPO, 1992, pp. 53 and 54.

2 - Testimony of William S. Sessions, Director of the Federal Bureau of Investigation, The Threat of Foreign Economic Espionage to U.S. Corporations, Hearings before the Subcommittee on Economic and Commercial Law, Committee on the Judiciary, April 29 and May 7, 1992, Washington, DC: USGPO, 1992, pp. 41-49; and Peter Schweizer, Friendly Spies: How America's Allies are Using Economic Espionage to Steal Our Secrets, New York: The Atlantic Monthly Press, 1993, pp. 3-9.

3 Joint Security Commission, Redefining Security: A Report to the Secretary of Defense and the Director of Central Intelligence, Washington, DC: Joint Security Commission, February 28, 1994, pp. 101-103.

4 - United States Army Training and Doctrine Command, Concept for Information Operations, TRADOC Pam 525-XX (DRAFT), Fort Monroe, VA: TRADOC, y.2-5.

5 - ibid, p. 3-8.

6 - Office of the Manager, National Communications System, The Electronic Intrusion Threat to National Security/Emergency Preparedness (NS/EP) Telecommunications, Arlington, VA: OMNCS, pp. 1-2 and 210 to 2-14.

7 - Statement of Louis J. Freeh, Director of the Federal Bureau of Investigation, Hearings before the Senate Judiciary Committee, Authorization of FY 1996 Appropriations for the Federal Bureau of Investigation, February 25, 1995, p. 18.