robertmsharpe.weebly.comrobertmsharpe.weebly.com/uploads/5/9/7/2/...paper.docx · Web...
Transcript of robertmsharpe.weebly.comrobertmsharpe.weebly.com/uploads/5/9/7/2/...paper.docx · Web...
CYBER THREATS: A COUNTERINTELLIGENCE ISSUE AND FORCE FOR REFORM
Robert Sharpe
INTL498: Senior Seminar in Intelligence Studies
American Military University
29 March, 2015
1
CYBER THREATS: A COUNTERINTELLIGENCE ISSUE AND FORCE FOR REFORM
Espionage has evolved; it has gone digital. While the methods used historically to
facilitate espionage are still successful and pose a serious threat, espionage from cyber sources
poses a greater threat to a wider range of targets. Classified information is not taken a few
documents at a time, it is stolen in terabytes and years of data or research can be stolen in
seconds. Classified or sensitive information being stored digitally means vaults and physical
security measures do not present the barriers to access that they once did. Modern acts of
espionage, due to the nature of the medium that facilitates them, are often considered Cyber
threats and are therefore treated as cyber security measures. These threats should be
considered acts of espionage and a counterintelligence responsibility. All detection,
investigation, security measures and response to cyber threats should be led by
counterintelligence. Without centralized leadership and coordinated, cohesive efforts measures
will be localized, reactive, incident based and ineffective in protecting the increasing amount of
what is considered sensitive information.
The 2010 National Security Strategy states, “Cybersecurity threats represent one of the
most serious national security, public safety, and economic challenges we face as a nation.”1 To
understand how to meet this challenge requires an understanding of the threat as well as an
understanding of the tools available in order to apply them effectively and efficiently. Cyber
threats require a malicious actor gaining access to or control of a network or computer and
exploiting the data stored in it. Cyber security, the measures used to defend against cyber
threats, has become an umbrella term used to describe a wide range of actions intended to
1 U.S. President Barack Obama, National Security Strategy. National Security Archive, 2010 p. 27
2
defend against malicious acts delivered over computer networks. Defense against such acts
should be considered a counterintelligence issue, as the task of counterintelligence is to ensure
the security of information and prevent foreign intelligence collection. To view cyber threats as
a criminal, security or policy issue fails to recognize the nature of the sponsor, the target, the
intent and the potential damage; it is of little benefit to national security.
Figure 1: Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. P. 18
The United States relies on its cyber infrastructure for everything from communications, to the management of critical infrastructure, to the command and control of our military. This dependence on technology, along with the rapid rate of technological innovation, creates numerous vulnerabilities that our adversaries seek to exploit.2
Definitions
2 National Counterintelligence and Security Center, Cyber Security, 2014. http://www.ncix.gov/issues/cyber/index.php
3
In order to understand the hypothesis that cyber threats should be considered a
counterintelligence responsibility the definitions of related phenomenon need to be addressed.
This work is based on a few major definitions that guide the preceding argument. Many
definitions of espionage apply more to the historical incidents of spying than to the challenges
faced in today’s threat environment. Former CIA Case Officer Brain P. Fairchild’s statement
illustrates this point, “In espionage, two factors are constant. Intelligence officers recruit foreign
nationals who can provide classified information on their governments’ plans and intentions,
and the counterintelligence services of those countries try to thwart these operations.”3 This
explanation of espionage does not account for cyber espionage and therefore does not address
the challenge as faced today. The definition of espionage must recognize the intent and not
limit what is defined as espionage by focusing on the methods employed.
Figure 2: FireEye. 2014. M-Trends p. 3
There is not a need for the recruitment of foreign nationals is cyber espionage; as stated
there are not safes, vaults, restricted areas or other devices of physical security in cyber space;
foreign intelligence services have direct access to their target without the need for the man in
3 Brian P. Fairchild, Human Intelligence, Operational Security and the CIA’s Directorate of Operations. Statement before the Joint Economic Committee, U.S. Congress 20 May 1988
4
the middle. Espionage, as relating to this work, will be based upon Kermit Roosevelt’s
statement from the War Report of The OSS, “The object of secret intelligence activity
[espionage] is to obtain by secret means information which cannot otherwise be secured and
which is not elsewhere available.”4 Simply stated espionage is theft of sensitive information. It
is not limited to military or government secrets, but targets research in the academic and
corporate world and an increasing range of what could be considered information beneficial to
adversaries. Security measures used to prevent or make information more difficult to obtain
come from an understanding how information is stolen and who and what information is
targeted: counterintelligence. Senate report 94-755 defines counterintelligence as, “Activities
conducted to destroy the effectiveness of foreign intelligence operations and to protect
information against espionage, individuals against subversion, and installations against
sabotage.”5 This theme and its appropriateness to cyber threats is advanced in the definition
provided by the Church Committee.
Counterintelligence (CI) is a special form of intelligence activity, separate and distinct from other disciplines. Its purpose is to discover hostile foreign intelligence operations and destroy their effectiveness. This objective involves the protection of the United State Government against infiltration by foreign agents, as well as the control and manipulation of adversary intelligence operations. An effort is made to both discern and deceive [sic] the plans and intentions of enemy intelligence services.6
While the Church committee’s definition of counterintelligence, being drafted before
the threat of cyber espionage, lacks somewhat the definition does task counterintelligence to
discover, destroy, control and manipulate the infiltration of foreign agents and intelligence
4 Kermit Roosevelt, War Report of the OSS (1976)5 Senate Report 94-755, Church Committee Report, Book 1, Glossary, 26 April 1976 p. 6206 Ibid p.163
5
services. These intelligence services fully utilize cyber capabilities to perform what was
previously a Human intelligence (HUMINT) activity.
Cyber, as defined by the Cyber security Act of 2009 is, “Any process, program, or
protocol relating to the use of the Internet or an intranet, automatic data processing or
transmission, or telecommunication via the Internet or an intranet; and 2) any matter relating
to, or involving the use of, computers or computer networks.”7
The use of cyber is widespread, the volume of traffic is high, the equipment is easily
accessible and it is a publically available resource. It can be found in individual households, the
workplace, academic institutions, the military and the government. While cyber does occur
over a dedicated medium and a limited range of devices, it is not an INT of itself. It is a
challenge, one that has been divided among existing IC members.
Figure 3: Rosenbach, Eric and Peritz, Aki J. Confrontation or Collaboration? Congress and the Intelligence Community 76
When viewed in the context of Roosevelt’s definition of espionage the following
definition of a cyber-attack shows that the intent of these attacks should be labeled as
espionage, as they are targeting sensitive information. The Committee on National Security
7 Senate Bill S.733, Cybersecurity Act of 2009
6
Systems defines a cyber-attack as “an attack, via cyberspace, targeting an enterprise’s use of
cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a
computing environment/infrastructure; or destroying the integrity of the data or stealing
controlled information.”8 The definition of the function of counterintelligence as provided in
Senate Report 94-755 specifies counterintelligence duties are protecting information from
espionage and installations from sabotage. It is an easy conclusion to expand this to protecting
information systems from espionage and sabotage. Computer security as defined in JP 14-02 is,
“the protection resulting from all measures to deny unauthorized access and exploitation of
friendly computer systems.”9 If access and exploitation are the recurring themes in the threats
delivered through computers or through cyber means counterintelligence should be the
responsible entity for cyber security, as counterintelligence is responsible for preventing
sabotage and securing information from exploitation.
It is not that counterintelligence does not have a presence in cyberspace, it is the
position of the presence that is of issue. Counterintelligence activities are applied to
counterintelligence investigations using cyber applications. Like with other INTs or
organizations the task, tactics, techniques and procedures of counterintelligence have been
adapted to the medium.
The use of cyber means as the primary tradecraft methodology to engage in targeting and collecting cyber based FIE [Foreign Intelligence Entity] activities. CI Collection in cyberspace may include the use of authorized non-attributable Internet connections, development and use of national cyber personas, use of authorized obfuscation techniques, as well as appropriate digital tradecraft and cover.10
8 Committee on National Security Systems, National Information Assurance Glossary, CNSS Instruction No. 4009, 26 April 2010, P. 229 Joint Publication 1-02, Department of Defense Dictionary of Military And Associated Terms, 12 April 2001 p.111
7
It is impossible to conduct effective intelligence functions without cyber due to the
reliance on computers. The issue is that cyber, being only a function of counterintelligence and
only applying to investigations, fails to move an IC function into a position of responsibility for
overall security. The DoD description of, “cyber means as the primary tradecraft
methodology”11 for counterintelligence reveals that counterintelligence is already primarily a
cyber-activity with a developed understanding of the cyber threats posed by hostile foreign
actors. The methods described as tradecraft are similar to the methods used by hostile actors
to conduct espionage, this knowledge should be applied directly to cyber security. The Army
counterintelligence manual states, “The first priority for all CI investigative situations is to
assess for possible exploitation.” (Army FM 2-22.2) Investigating for exploitation should be a
persistent function of cyber and it is already a function of counterintelligence,
counterintelligence should have authority at the federal level to oversee all aspects of cyber
security.
The use of cyber by Foreign entities to achieve the stated advantages is espionage; separating
cyber intelligence or security or the function by any other name is separating it from
counterintelligence (as the 2014 National Intelligence Strategy has) and creates a structural
issue that impedes what should be a singular process. As the threats overlap and combine due
to the medium they occur over so has the response. This results in duplication of efforts,
separation of public and private efforts and a lack of centralization. There is no need to argue
10 Office of the Counterintelligence Defense and HUMINT Center, Defense Intelligence Agency, Terms & Defintions of Interest for DoD Counterintelligence Professionals, 2 May 2011. http://www.ncix.gov/publications/ci_references/docs/CI_Glossary.pdf11 Ibid
8
the merits of interagency communication and cooperation if one agency has authority over the
issue in its entirety.
The 2014 National Intelligence Strategy’s four mission objectives include cyber
intelligence “provide intelligence on cyber threats” as distinct from the counterintelligence
mission “thwart efforts of foreign intelligence entities.”12 This is questionable.
Malicious Acts, Malicious Actors
Figure 4: Norse, Live Attacks, March 28, 2015. map.ipviking.com
State and non-state actors use digital technologies to achieve economic and military advantage, foment instability, increase control over content in cyberspace, and achieve other strategic goals—often faster than our ability to understand the security implications and mitigate potential risks.13
Cyber threats encompass a large range of entities. The traditional state enemies have
adapted cyber activities to accomplish intelligence collection, but cyber has also opened up
espionage to a wider range of actors. Like China, many states, organizations and individuals
12 Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. P. 613 Ibid p. 8
9
who did not have the resources to target American interests have found cyber as a safe way to
take action against the United States.
The risk of exposure is low because cyber operations can be carried out remotely and with a high degree of anonymity. In addition, cyber operations are comparatively inexpensive, and can be conducted rapidly. For all of these reasons, state and non-state actors are increasingly turning to the cyber domain to augment and bolster their respective intelligence activities against the United States in an effort to gain advantage.14
Investigation has shown that many incidents of cyber-attack, cyber espionage and cyber-
crime are performed by state supported cyber units; this in itself is an argument for
counterintelligence as national head of cyber related matters. These are actions by foreign
entities targeting American enterprises on American soil, but without a physical presence. The
nature of the threat contrasted with preventive measures shows a gap, exploited by hostile
actors, in American response. Without centralized oversight this systemic problem becomes a
series a small battles. Individual entities defending dispersed networks cannot make the
connections that lead to the identification of responsible parties and the distinct methods they
employ. Their authority and responsibility ends at their respective networks. Mandiant states,
“Across numerous industries, we’ve increasingly observed the Chinese government conduct
expansive intrusion campaigns to obtain information to support state-owned enterprises.”15
What Mandiant is describing would be automatically accepted as espionage and a
counterintelligence responsibility if not for the cyber aspect.
China’s cyber unit 61398 provides an example of the threat posed by foreign intelligence
collection. They are considered as the number one threat in the advanced persistent threat 14 National Counterintelligence and Security Center, Cybersecurity, http://www.ncix.gov/issues/cyber/index.php15 Mandiant, M-Trends, Beyond the Breach, 2014. P. 15 https://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf
10
(APT) classification; a classification of groups known to have successful breached hundreds of
computers networks across the globe. 16 This unit is illustrative of the evolution of traditional
espionage and the opportunities proved to foreign intelligence services by cyber means. In May
2014 the Department of Justice indicted five Chinese military hackers, members of unit 61398,
for charges of espionage directed at U.S. corporations. Federal charges of espionage directed
against a foreign military unit for actions against U.S. corporations shows an evolution of
foreign intelligence targeting and its success is evident of needed change. The indictment did
not include defense contractors, but was focused on commercial technologies.
In some cases, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. For example…an Oregon producer of solar panel technology was rapidly losing its market share to Chinese competitors that were systematically pricing exports well below production costs; at or about the same time, members of the conspiracy stole cost and pricing information from the Oregon producer.17
Mandiants investigation of 61398 comes in part from its investigation of the hacking of
defense contractor Qinetiq. During the investigation they discovered that this unit was
responsible for a range of cyber espionage incidents. Part of the difficulty in identifying the unit,
their attack signatures and what actions could be attributed to them was that independent
cyber security companies who encountered their cyber actions did not have a proper outlet to
share the information. Instead Unit 61398’s actions had been given nicknames by the entity
that discovered them; 61398 actions were also attributed to groups called comment crew,
comment group, byzantine candor, and ugly gorilla among other nick names. A centralized
16 “We refer to this group as “APT1” and it is one of more than 20 APT groups with origins inChina. APT1 is a single organization of operators that has conducted a cyber-espionage campaign against a broad range of victims since at least 2006.” Mandiant, APT1, 2014 p.217 United States District Court Western District of Pennsylvania, United States of America v. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zheng, Gu Chunhui. Criminal Number 14-188 May 1, 2014. http://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf
11
counterintelligence organization that operated as clearing house between public and private
security sectors could prevent such instances of espionage from having the reach and affect
unit 61398 has proven is possible through cyber means. While counterintelligence cannot
replace policy in holding these individuals and their sponsors responsible it can provide a profile
of attack methods, points of origin, and information that can enhance security across US cyber
networks.
As espionage has evolved with the capabilities provide through cyber means it has made
more targets available, “This translates into data theft that goes far beyond the core intellectual
property of a company, to include information about how these businesses work and how
executives and key figures make decisions.” 18 Malicious actors, such as unit 61398, have
blurred the lines, they have changed the targets and tactics as well as the definition of
espionage; the function of counterintelligence needs to reform to meet this threat. This is not a
trend, but the new status quo. The 2014 National Intelligence Strategy states, “Technological
advances also create the potential for increased systemic fragility as foreign governments and
non-state actors attempt to leverage new and evolving technologies to press their interests.”19
18 Mandiant, M-Trends, Beyond the Breach, 2014. P.1519 James R. Clapper. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. http://www.dni.gov/files/documents/2014_NIS_Publication.pdf
12
Figure 5: Mandiant, APT1 p. 23
The Future
The future is uncertain, but according to the 2014 National Intelligence Strategy the
danger posed by cyber threats will only increase.
A wider spectrum of instruments of war—especially precision-strike capabilities, cyber instruments, and bioterror weaponry—will become accessible. Individuals and small
13
groups will have the capability to perpetrate large-scale violence and disruption—a capability formerly the monopoly of states.20
The preceding statement begs the question of how could this occur. It could be argued
that cyber espionage has allowed the acquisition without the investment of advanced warfare
technologies by states that would not be permitted access to such end products. The theft of
technologies from a wide range of industries allows for their reproduction and offering in the
global marketplace. As stated cyber espionage is cheap, much cheaper than research and
development. Accepting that cyber espionage is often state sponsored and intended to support
commercial industries as well as match military power, the sustained position of the United
States as a global leader could be directly challenged.
Global Trends 2030 states, “…by 2030, Asia will have surpassed North America and
Europe combined in terms of global power, based upon GDP, population size, military spending,
and technological investment.”21 If the actions listed in the indictment of unit 61398 serve as an
indicator, espionage will have played a significant role in this rise to power. To separate cyber
threats into subcategories and disperse responsibilities does not suit the nature of the threat.
Cyber events, of any sort are a counterintelligence issue. They require the penetration of secure
networks and the theft and exploitation of sensitive data. Even actual acts of cyber warfare
have their origins and ends in espionage if they are considered sabotage and not physical
attack.
20 National Intelligence Council, Global Trends 2030, Alternative Worlds. P. 5 http://www.dni.gov/files/documents/GlobalTrends_2030.pdf21 Ibid p. 15
14
Figure 6: Mandiant, APT1. p.22
The United States is the largest target for hostile cyber actions. Yet its response is
scattered and uncoordinated. If the increase in both number of events of cyber espionage and
damage caused is an indicator of future potential the United States must prepare an effective
offense and defense. The National Intelligence Council states, “So far the cyberweapons
wielded by criminals and malicious individuals are unsophisticated in comparison to state actors
but this is likely to improve as criminal organizations become more adept and potentially sell
their services to those state and nonstate actors with even more dangerous intentions.22
Counterintelligence in the United States
Although counterintelligence requires investigation, collection and analysis of
information it is not an INT; it is a function. As a function it has existed as a department within
an organization and focused on protecting that entity exclusively. The threat landscape has
changed. Enemies are able to target multiple entities simultaneously. Defense from these 22 Ibid p. 67
15
malicious actors should not be at the level of protecting a single entity, but should be a
cohesive effort with the goal of preventing actions from occurring.
Figure 7: Mandiant, M-Trends p. 3
Counterintelligence, like the intelligence community as a whole, has undergone
significant changes. The Counterintelligence and Security Act of 1994 worked to “amend the
National Security Act of 1947 to improve the counterintelligence and security posture of the
United States intelligence community and to enhance the authority of the Federal Bureau of
Investigation in counterintelligence matters…”23 This measure is illustrative in that, although
enacted before the spread of the cyber espionage threat, it was focused largely on insider
threat from intelligence community employees and was intended to give the FBI more
resources in investigation of such. Protecting classified information from foreign espionage is
not best served today by focusing, as this order does, on insider threats and a federal law
enforcement agency’s ability to investigate them. In 2001 counterintelligence was again the 23 S.1948. the Counterintelligence and Security Act of 1994. July 1, 1994 103rd Congress. https://www.congress.gov/bill/103rd-congress/senate-bill/1948/text
16
focus with the establishment of the Office of the National Counterintelligence Board of
Directors under the Presidential Decision Directive U.S. Counterintelligence Effectiveness,
Counterintelligence for the 21rst Century (PDD CI-21) issued by President Clinton. The directive
“outlines specific steps that will enable the U.S. counterintelligence (CI) community to better
fulfill its mission of identifying, understanding, prioritizing and counteracting the intelligence
threats faced by the United States.” 24 This was followed with the Counterintelligence
Enhancement Act of 2002, which also established a National Counterintelligence Executive and
an Office of the National Counterintelligence Executive. The Intelligence Reform and Terrorism
Prevention Act of 2004 (IRPTA) established, or moved, the Office of the National
Counterintelligence Executive and the executive to the newly established Office of the Director
of National Intelligence. 25 While the location of the office had changed, the duties were those
established in the Counterintelligence Enhancement Act of 2002.26 The only other mention of
counterintelligence in the law (IRPTA) is relating to FBI budgeting for the activity, as
counterintelligence is considered one of the four principle missions of the Bureau.27
In November 2010 the Special Security Center (SSC) and Center for Security Evaluation
were established by the Director of National Intelligence under the leadership of the National
Counterintelligence Executive. In November of 2014 the Director of National Intelligence
24 U.S. President Bill Clinton, U.S. Counterintelligence Effectiveness, Counterintelligence for the 21rst Century, PDD CI-21. January 5, 200125 Public Law 108-458, Intelligence Reform and Terrorism Prevention Act of 2004. Sec 103(c)(6). 108th Congress,26 Ibid Sec 103F(b)27 The four principle missions of the FBI: Intelligence, counterterrorism and Counterintelligence, Criminal enterprise/Federal Crimes and Criminal justice services. Ibid Sec 2001(f)
17
announced the establishment of the National Counterintelligence and Security Center (NCSC) in
the Office of the Director of National Intelligence.28
The organizational construct of the NCSC aligns with the other designations within ODNI (i.e. NCTC and NCPC) and supports our efforts to ensure that counterintelligence and security are addressed as interdependent and mutually supportive disciplines. These disciplines have shared objectives and responsibilities associated with the protection of intelligence information, sources and methods.29
Previous changes to counterintelligence were the results of what was considered
counterintelligence failures; the espionage committed by Ames and Hanssen, the finding of the
COX commission and the events of 9/11. These recent changes indicates that there is still a
problem with counterintelligence. Restructuring of the intelligence community as a whole, such
as what occurred with IRPTA did not result in significant changes with IC members (minus the
CIA and FBI). The CIA still is HUMINT, the NSA is SIGINT, the NGA is GEOINT, the DIA has
MASINT, but counterintelligence has been kept a function that receives structural and location
changes with every major IC failure. This could be, in part, due to the definition it is given. In a
publication to inform Congress about the structure, capabilities and responsibilities of members
of the IC this example is found, “Example of counterintelligence concerns: Foreign agents
approaching U.S. businessmen and scientists to learn about U.S. technology advances with
military applications.” 30 This statement would be applicable to Cold War espionage, but not to
the espionage performed today.
In February of 2015 the establishment of the Cyber Threat Intelligence Integration
Center was announced “In order to stem the wave of cyber threats targeting the U.S. 28 James R. Clapper, Announcement, Office of the Director of National Intelligence. http://www.ncix.gov/about/docs/Announcement.pdf29 Ibid30 Eric Rosenbach and Aki J. Peritz, Confrontation or Collaboration? Congress and the IntelligenceCommunity (Cambridge, Mass: The Belfer Center, Harvard University, June 2009). P. 13
18
government and private industry each day, the administration is announcing a new intelligence
integration center to get the entire nation working together to combat cyber-attacks.”31 This
center and its focus on cyber threats shows that a solution has not been found to the
challenges posed by cyber threats yet. Will another center or office or department really make
a significant change?
Figure 8: Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. P. 18
Conclusion
Espionage has evolved to adapt the tools and methods made available through cyber
means; the United States response to this evolution has been the establishment of offices and
departments focused on what is considered cyber threats. There is a gap in the US response to
such events that is being continuously exploited by malicious actors. It is a gap that should be
filled by counterintelligence. Those in counterintelligence understand this, “Counterintelligence
31 Aaron Boyd, New Cyber Center to Coordinate Threat Intelligence, Federal Times, February 10, 2015. http://www.federaltimes.com/story/government/cybersecurity/2015/02/10/new-cyber-center-threat-intelligence/23179005/
19
can play a critical role in reversing the benefits that cyber operations afford our adversaries.”32
The definitions of cyber threats, cyber-attacks, cyber warfare, and other modern phenomenon
focus on the method of delivery or infrastructure that facilitates these threats; while cyber is a
common element among these topics, they are themselves just an extension of longstanding
intelligence challenges. Definitions such as offered in Joint Publication 1-02, “Computer Security
(COMUSEC). The protection resulting from all measures to deny unauthorized access and
exploitation of friendly computer systems”33 have the intent of a counterintelligence tasking,
protection from unauthorized access and exploitation. Response to cyber threats have been
hampered by the word cyber; if removed it would be understood that cyber threats are simply
threats, cyber espionage is just espionage and cyber warfare is warfare. Definitions should not
hamper response. To solve this growing issue the word cyber needs to be removed from terms
related to intelligence issues; it seems that this reference to what is essentially a
communications medium adds confusion and obscures that acts that are occurring over it.
[Foreign] intelligence is, in essence, the gathering and analysis of secret information about other nations. Its opposite twin, security, is the protection of one’s own secrets. Counterintelligence seeks to protect both of the elements from foreign intelligence activities.34
By removing the word cyber and viewing events from the perspective of intent and actor, what
is currently labeled as being cyber phenomenon can be seen as it really is foreign intelligence
gathering and sabotage efforts.
32 National Counterintelligence and Security Center, Cyber Security, Office of the Director of National Intelligence, http://www.ncix.gov/issues/cyber/index.php33 Joint Publication 1-02, Department of Defense Dictionary of Military And Associated Terms, 12 April 200134 The institute of World Politics, American Counterintelligence and Security for the 21st Century, Class Description
20
Figure 9: Office of the Counterintelligence Defense and HUMINT Center, Defense Intelligence Agency, Terms & Definitions of Interest for DoD Counterintelligence Professionals, 2 May 2011.
BIBLIOGRAPHY
S.1948. The Counterintelligence and Security Act of 1994. July 1, 1994. 103rd Congress. https://www.congress.gov/bill/103rd-congress/senate-bill/1948/text
Public Law 108-458, Intelligence Reform and Terrorism Prevention Act of 2004, 108th Congress
Boyd, Aaron, New Cyber Center to Coordinate Threat Intelligence. Federal Times. 10 February 2015, http://www.federaltimes.com/story/government/cybersecurity/2015/02/10/new-cyber-center-threat-intelligence/23179005/
Clapper, James R., Announcement, Office of the Director of National Intelligence. http://www.ncix.gov/about/docs/Announcement.pdf
21
Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. http://www.dni.gov/files/documents/2014_NIS_Publication.pdf
Committee on National Security Systems, National Information Assurance Glossary, CNSS Instruction No. 4009, 26 April 2010, P. 22 http://www.ncix.gov/publications/policy/docs/CNSSI_4009.pdf
Fairchild, Brian P. Human Intelligence, Operational Security and the CIA’s Directorate of Operations. Statement before the Joint Economic Committee, U.S. Congress 20 May 1988
Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms, 12 April 2001 http://jitc.fhu.disa.mil/jitc_dri/pdfs/jp1_02.pdf
Mandiant, APT1, Exposing One of China’s Cyber Espionage Units, Intelligence Center Report, http://intelreport.mandiant.com/
Mandiant, M-Trends, Beyond the Breach, 2014. https://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf
National Counterintelligence and Security Center. Cyber Security. 2014 http://www.ncix.gov/issues/cyber/index.php
National Intelligence Council, Global Trends 2030, Alternative Worlds. http://www.dni.gov/files/documents/GlobalTrends_2030.pdf
Norse, Live Attacks, March 28, 2015. map.ipviking.com
Office of the Counterintelligence Defense and HUMINT Center, Defense Intelligence Agency, Terms & Definitions of Interest for DoD Counterintelligence Professionals, 2 May 2011. http://www.ncix.gov/publications/ci_references/docs/CI_Glossary.pdf
Roosevelt, Kermit, War Report of the OSS (1976)
Rosenbach, Eric and Peritz, Aki J. Confrontation or Collaboration? Congress and the Intelligence Community The Belfer Center, Harvard University, June 2009).
Senate Bill S.733, Cybersecurity Act of 2009
Senate Report 94-755, Church Committee Report, 26 April 1976
United States District Court Western District of Pennsylvania, United States of America v. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zheng, Gu Chunhui. Criminal Number 14-188 May 1, 2014. http://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf
22
U.S. President Barack Obama. National Security Strategy. 2010 National Security Strategy Archive. http://nssarchive.us/
U.S. President Bill Clinton, U.S. Counterintelligence Effectiveness, Counterintelligence for the 21rst Century, PDD CI-21. January 5, 2001
U.S. Army. Counterintelligence, FM 2-22.2, October 2009