Counterintelligence Theory PDF

Chapter 3 Counterintelligence Theory I n the realm of financial investment, the concept of risk is used as a means of understanding yield. That is, if an investment has low risk, its return on investment is likely to be low as well. This prospect does not stop investors from longing to eliminate risk yet achieve high yields. If this metaphor is applied to intelligence work, one can see how operatives and analysts might yearn for a low-risk operation to, say, obtain information, yet still be able to yield high- grade intelligence. Unfortunately, real-world experience suggests that the factors of low risk and high yield are not destined to meet in either financial investment or secret intelligence. Nevertheless, risk can be mitigated, and in intelligence work, this falls to the role of counterintelligence—to keep safe methods and operations while engaging in the activities that will ultimately produce a focused intel- ligence product. To reduce the risks that are characteristic of intelligence work there needs to be a theoretical base on which the practice of counterintelligence can rest. Without a theoretical foundation an efficient and effective counterintelligence program is less likely to be achieved. It follows that, if this cannot be accom- plished, risk management is also not likely to be realized. So, this chapter puts forward a theory of counterintelligence.1 No intelligence service can for very long be any better than its coun- terintelligence component.—An anonymous source cited by the for- mer CIA Director, the late-Richard Helms2 Background Entities, whether they are individuals, corporations, the military, or even entire nations, have their safety and well-being enhanced by the protection afforded 37 38 Chapter 3 Counterintelligence Theory by counterintelligence. This is because counterintelligence supports the intel- ligence function in all its manifestations, and, in turn, intelligence supports the development of sound, rational policy.3 If espionage were a game, those who practice the craft of counterintelligence could be considered the game’s “goal keepers.” Without these practitioners the opposition would have carte blanche to raid the unprotected goal and score endless points. Without counterintelli- gence, the intelligence goal would be wide open to such raiders. Given this analogy, it is not difficult to see why the role of counterintelli- gence is commonly thought of as security. In fact, Johnson pointed this out well over twenty years ago when stating, “People like to confuse counterintelligence with security.”4 The role of counterintelligence likely has been misunderstood because there is little if any formally articulated theory of counterintelligence to guide practice.5 Practitioners are therefore left to formulate what they do and how they do it based on need and not on an understanding of its theoretical principles. Though there is nothing inherently wrong with a necessity-based experience approach, it does however make for a less efficient and, hence, less effective practice. What makes intelligence work different from the research and analytic functions found in industry and commerce (which includes collecting informa- tion) is, arguably, the fact that some aspect of the endeavor is secret.6 Secrecy is therefore a primary objective of counterintelligence. Johnson put it bluntly when he stated: “[counterintelligence] is aimed against intelligence, against active, hostile intelligence, against enemy spies.”7 There is some confusion between security and counterintelligence, so it is understandable that this confusion extends to the relationship between counterintelligence and other intelligence functions, such as counterespionage. Duvenage said: Counterintelligence is often sensationalized and misrepresented in the popular media—it is certainly distorted in fiction. Counterintelligence is portrayed as spies outgunning spies. This is, of course, not the case. [Counterintelligence sometimes] has the more mundane connotations of being principally about computer passwords, restrictions on the use of computing equipment, security guards, access control, guard dogs, and the like. This is also a skewed view.8 Duvenage’s argument is perhaps why counterintelligence practitioners may have gotten lost in their own wilderness of mirrors as James Angleton famously quoted the T. S. Eliot poem, “Gerontion.”9 The confusion between security and counterintelligence—and between counterintelligence and other intelligence functions, such as counterespionage—is understandable. Despite recognizing this confusion, James Angleton—once iconic head of CIA’s counterintelligence staff—never advanced a theory on which counter- intelligence could be based.10 Whether by design or because of the genuine absence of such a theory, when Angleton was questioned before the Select Com- mittee to Study Governmental Operations with respect to Intelligence Activities (i.e., the Church Committee), he let slip an opportunity to provide a matchless description. As a result, at best, we have been left with many cobbled-together Rationale for Developing a Theory 39 definitions that, over time, have appeared in various academic journals, profes- sional manuals, and military field manuals, as well as in media accounts about counterintelligence. Rationale for Developing a Theory Varouhakis argued that there was a theoretical vacuum in the literature relat- ing to intelligence. He pointed out that “the large theoretical structure of the field of intelligence does not extend into counterintelligence.”11 In pointing out this theoretical vacuum, he drew on the subject literature that underscored the fact that there were only two studies published in the last few decades that attempted to specifically address the issue of counterintelligence theory. This is important because without a theoretical foundation an efficient and effective counterintelligence service is less likely to be achieved. Such inefficiencies have long held counterintelligence to ridicule. Within the CIA, counterintelligence officers are sometimes held in disdain by operations officers. The CI-nicks are seen as information misers gloating over their stashed jewels but never doing anything with them.12 Four attempts to formulate a theory of counterintelligence are those by John Ehrman,13 Miron Varouhaskis,14 Loch K. Johnson,15 and Vincent H. Bridge- man.16 Ehrman’s treatment resulted in not so much a theory but an essay on the importance of developing a theory, and this was acknowledged by that author: “As a foundation for theoretical work it remains incomplete.”17 The Varouhaskis treatment was an attempt “to provide a framework by which counterintelligence officers will be able to ultimately understand, explain, and predict the intelligence-gathering behaviors of intelligence agencies domestically and abroad, as well as the employee behavior at those agencies”18—or, in other words, it was an examination of organizational behavior with counterintel- ligence as its focus. Johnson’s contribution was a section in a large theory he developed on strategic intelligence. This section put forward two theoretical propositions: (1) the affluence of the entity conducting intelligence work will affect its ability to protect its secrets; and (2) a feedback loop must be incorporated into coun- terintelligence operations to ensure that if there is a failure, the causes can be addressed.19 Bridgeman’s treatment however did try to structure a theory around what he described as three advantage areas or modes—denial, insight, and manipula- tion.20 Nevertheless, even this could be argued was less than a comprehensive theory. Having drawn attention to the limitations of these studies does not detract from their importance; on the contrary, these are studies of importance and their contribution to the literature needs to be acknowledged. In fact, the work of these scholars underscores the need to develop a theory: “I hope others will contribute to the development of counterintelligence theory and help further develop what this article attempts to begin.”21 40 Chapter 3 Counterintelligence Theory Good theory should have an explanatory power, parsimony, and the attribute of falsifiability.22 One could argue that there is already a considerable base of evidence within the subject literature that explains such aspects as why and how intelligence practitioners collect data, and how these data are used to support intelligence products, and so on. There is no doubt that there has evolved a rich stockpile of information on intelligence and intelligence analysis.23 Likewise, there is ample information on counterintelligence practice and the need for improvement.24 This is not in dispute. What observers like Ehrman pointed out, however, was the lack of a systemic presentation of these practices via a theory that explains why they are performed and how each principle relates to the other. Although there have been scholarly attempts that have achieved some levels of success in advancing work toward a theory, unfortunately these have not achieved what could be considered full success.25 Ehrman underscored this issue when he wrote: “Almost from the start, scholars have called for a theory of intelligence. None has been advanced. Although some authors entitle sections of their work ‘theories of intelligence,’ to my knowledge no one has proposed concepts that can be tested.”26,27 Although he wrote of intelligence in general, it applies equally to counterintelligence, and to the five types of counterintel- ligence discussed in chapter 2—national security, military, law enforcement, business, and private. There are likely to be tens of thousands of personnel practicing the craft of counterintelligence within the Five Eyes countries. It is reasonable to assume that these practitioners know what to do instinctively—through practice—because there is no theoretical basis reflected in the subject literature. The absence of an articulated theory, therefore, forms the rationale for this chapter in exploring the question: What is the theoretical base that underscores counterintelligence? Context There are many definitions of counterintelligence and Ehrman28 lists a number of these in his study. Without debating the finer points of these and no doubt other definitions, it is reasonable to view counterintelligence definitions as being context specific. For instance, the definitions cited by Ehrman appear to treat counterintelligence as if it only applies to foreign policy intelligence or national security issues. However, experience has shown that, when a nation deals with, for example, a non-state actor or a transnational criminal organization, there is little demarcation between what might constitute a national security issue and, say, a law enforcement problem. Perpetrators, or targets of interest, that fall into these types of categories as “threat-agents” traverse the “radar screens” of a number of functional agencies. William R. Johnson’s definition of counterintelligence as an activity that is “aimed against intelligence, against active, hostile intelligence, against enemy spies”29 is probably as close to the mark as one could get. However, if his Theory Construction 41 definition is truncated to an activity aimed at protecting an agency’s intelligence program against an opposition’s intelligence service, it might be closer to being what could be considered a universal definition. This is because the term agency could be used to mean any organization or even a nation-state. The term oppo- sition could be used to mean any person or group (including a nation-state) with hostile intent. Such a definition could then be applied equally to issues that affect national security, the military, law enforcement, or even corporate and private affairs. This wide approach to defining counterintelligence is the approach taken in this book. Theory Construction Although David C. Bell stated that “creating theory is an art,”30 it does require structured thinking. It is through structure that transparency and replicability of the methods used to conduct the research can be established. Transparency and replicability are at the core of the scientific method of inquiry,31 thus making it not only an art but a science. The research method that is widely used for developing theory is that of grounded theory.32 Grounded theory usually finds its home with qualitative researchers, as it is a method for theorizing by grounding the theory being developed in observation or, in other words, practice.33 Grounded theory method is simple, but it is an iterative process. The iterative process requires the identification of themes, followed using inductive logic to assign meaning to those themes.34 The process is equally applicable to primary or second- ary data. Because there was no shortage of secondary information that either explains or discusses the counterintelligence practice, secondary data were deemed an appropriate source in developing this theory. These data offered both depth and breadth of information, and a practical way to obtain the required information (i.e., through library research as opposed to the unrealistic approach of trying to arrange personal interviews or focus groups). Even more appealing was that these data included practitioners who wrote about their experiences, as well as academics who have studied the craft of counterintelligence. In brief, the subject literature ranged from accounts by private investigators and security operatives through to those at the highest levels of national security. The tactical issues covered in these texts ranged from the commonplace (e.g., losing a surveillance tail) to the most complex operational issues to face counterintelligence (e.g., running a double agent, or “walking back the cat” after a leak or penetration by a hostile intelligence service). Data were therefore collected from secondary sources that were in the public domain; these included scholarly journal articles and textbooks of various descriptions, but mainly pertaining to counterintelligence, intelligence, investigation, and security. Military field manuals and training texts that had been used by in-service practitioners were also reviewed, as were government reports and publications and memoirs of former intelligence operatives and agency chiefs. 42 Chapter 3 Counterintelligence Theory The research process began with the posing of the question: What con- stitutes the principles of counterintelligence, and then moved to collecting qualitative data from the sources just described. From these data items, key themes (or concepts) relating to counterintelligence principles were separated, like light passing through a prism. Then, connections between the themes were hypothesized, thus yielding a set of counterintelligence assumptions and propo- sitions—or, in other words, the construction of a theory of counterintelligence. The thematic counterintelligence concepts were collated and connected using the technique known as mind mapping.35 The themes were then organized into a logical structure, or model, that then formed the theory presented in the findings section below. In short, a simple stepwise process was used that was based on the original grounded theory method espoused by Barney Glaser and Anselm Strauss,36 which involved 1. observation—by collecting data through empirical means; 2. theme notation—through content analysis, then identifying and recording key themes; and 3. meaning formulation—based on inductive reasoning, assigning meaning to the observed themes. Theory of Counterintelligence From a theoretical perspective, counterintelligence rests on seven assumptions.37 These assumptions are based on the concepts of deterrence, detection, deception, and neutralization38 of the opposition’s efforts to collect information, regardless of why the opposition is collecting these data—whether for intelligence, subver- sion, sabotage, terrorism, weapons proliferation, or competitive advantage. Intelligence can include planning for any number of purposes—criminal, national security, military, business, and private. Subversion can include such acts as rebellion, treason, and insurrection. Sabotage is damage, disruption, and incapacitation of services and process of a variety of descriptions. Terror- ism can include the violent acts themselves and how politically or ideologically motivated groups express their violent messages. There may be others, but for illustrative purposes this list is sufficiently wide. Because this study is a “universal” theory of counterintelligence, the four concepts of deterrence, detection, deception, and neutralization have been used because they apply across various contexts; that is, military, national security, law enforcement, and business. These four concepts can be categorized as being passive defense and offen- sive defense; or stated another way, defensive counterintelligence and offensive counterintelligence. This categorization is shown in Figure 3.1. The two catego- ries are sometime referred to in the subject literature as denial and deception.39 Defensive counterintelligence (i.e., denial) comprises the concepts of deterrence and detection, and offensive counterintelligence (i.e., deception) encompasses the concepts of deception and neutralization. Offensive counterintelligence to some degree shares detection (hence the line between the two concepts in the diagram). Theory of Counterintelligence 43 FIGURE 3.1 Categorization of Counterintelligence Concepts. Source: Courtesy of the author. The theory contains seven propositions40 that contain statements of condi- tion. The propositions are deemed to be axiomatic.41 Proposition 1—Operational Surprise The purpose of counterintelligence is to support other intelligence functions, so these functions can achieve operational surprise.42 It does this by establishing and maintaining secrecy. Surprise may take many forms; in the military sense it might be an attack, or in a national security sense the ability to call the bluff of a foreign leader regarding a geopolitical issue. Law enforcement officers may translate surprise into a scenario where they are able to provide the community with safety by being able to execute search warrants against gangs for illegal firearms. Businesses may be able to use surprise in developing and launching a new range of services or products ahead of their competitors.43 Proposition 2—Data Collection The second proposition is that an opposition force will use various means to collect data on an agency’s operations. An opposition that does not intend to collect data on the agency, by this fact itself, does not warrant a counterintelli- gence program. This proposition also considers that the means employed by an opposition will include all available avenues to collect data—ethical and unethi- cal; legal and illegal.44 By grounding this axiom in this most dangerous possible attack vector, the theory therefore provides counterintelligence practitioners with the ability to formulate several possible solutions. By assuming the worst case, such strategies allow analysts to identify the resources they need to deal with a range of possibilities, from the most minor 44 Chapter 3 Counterintelligence Theory situation up to and including the catastrophic.45 If reasoning such as this did not form part of this proposition, the possibilities would be limited, thus pro- viding inadequate countermeasures for all risks. By incorporating a worst-case premise, it allows analysts to formulate a few contingency plans. Should the countermeasures be circumvented by the opposition, it also allows for analysts to estimate what resources will be needed to mitigate the effects of a successful attack and recover from that attack. Proposition 3—Targeting An opposition will direct its data collection efforts toward obtaining informa- tion that will lay bare an agency and how it operates (as well as the entities the agency serves to protect). That is, the target of a hostile information collection operation will focus on data that will expose an agency’s structure (legal and constitutional, as well as its chain of command and its personnel), its sphere of operations and influence (e.g., geographic, economic, and political/social), its current capabilities (in all regards), and its future intentions. Moreover, it will target the factors that limit the agency’s operations and its administrative, managerial, and functional vulnerabilities. The reason why these areas are targeted is that it allows an opposition to concentrate its efforts on vectors that will offer surprise, allows it to inflict the most damage (however defined), or allows it to leverage the most advan- tage to neutralize the agency’s operations, and to protect itself and its clients (if any). As the shield is a practical response to the spear, so counterintelli- gence is to intelligence.46 Proposition 4—Resources Counterintelligence cannot be performed without staff and recourses that allow them to carry out defensive operations. Physical security equipment is expen- sive and the better the equipment, the more it cost to purchase and maintain. The same is true of information security devices and communications equip- ment. The cost of conducting personnel vetting is expensive if it is to be done thoroughly by competent staff. Each of these aspects of defensive counterintel- ligence comes with a cost: “The more affluent the [organization], the less porous its counterintelligence defenses are apt to be.”47 Physical, personnel, information, and communications security are impor- tant parts of the funding issue. Well-crafted counterintelligence architectures are only as effective as the staff an agency can recruit and retain. And, this is often contingent on offering generous remuneration packages and supportive working environment. Theory of Counterintelligence 45 Proposition 5—Paradox of Fiction Defensive measures provide the essential framework to the central challenge of counterintelligence; that is, the battle of wits played out between an intel- ligence service and its opposition service. This contest requires an offensive approach that is termed counterespionage. These types of operations must be performed by agency staff who are able to perform illusions by exploiting the paradox of fiction. The paradox of fiction is condition everyone experiences when fictional performances, such as in literature and cinematic presentations take place. The paradox relies on altering a person’s perception so that they experience emotions that lead them to believe are real when they do not exist. It is an illusion or a distortion of the senses that the brain interprets as factual. The strategy comes from the literary theory known as the paradox of fiction. The theory states that for a story (fiction) to achieve believed, it must convince the reader that it is true. Although the reader knows the story is fiction, the writer can, to a large degree, convince (i.e., deceive) the reader into believing the story though the use of vari- ous literary tropes, techniques, and imagery. This is evident when a reader says, “the book was a page turner,” “I couldn’t put it down,” “the writing made my heart race,” and so on.48 Intelligence agencies leverage the paradox of fiction to project illusions in a form of real-live stage production by creating situations that the opposition will view real, and act on accordingly, but what they perceive as real is merely a deception. Take for instance the case of “The Man Who Never Was” that is discussed in detail in chapter 14. Illusions can be optical (e.g., camouflage), auditory (produce sounds that replicate some real occurrence—like the laugh track on television situation comedies), tactile (e.g., production of false docu- ments), temporal, taste, or combinations of various senses. Proposition 6—Operational Failures It is fair to say that risk is inherent to all enterprises, and this applies to counter- intelligence operations as well. Where there is risk, there is the change of failure. Although intelligence failures have been dramatized in the press and entertain- ment media, counterintelligence failures are no different to failures in any other type of endeavor—take the Financial Crises of 2007–2008 as just one example. When counterintelligence failures occur—and there will—these events should not paralyze an agency. Agencies need to respond to these events with renewed vigor to lean for the failure and review the adequacy of defensive mea- sures, but need to be mindful that any new, measures do not inhibit smooth operations. Balance needs to be maintained between defensive pasture and being able to operate operation well. Remedial measure should never impede intelligence staffers from carrying out their duties. Wherever, possible, any intelligence failure needs to be avenged by launch- ing an offensive operation(s). Strategic thinkers are of the view that a purely 46 Chapter 3 Counterintelligence Theory PHOTO 3.1 Intelligence Analysis. Source: Courtesy of the Federal Bureau of Investigation. defensive posture cannot provide adequate safeguards—if the stakes are high, then offensive operations must be undertaken. Proposition 7—Analysis Counterintelligence is more than a security function. It has at its core analysis. The craft of counterintelligence could not function efficiently or effectively with- out producing policy options and operational plans that are based on fact and reason. Reasoned argument is analysis. So, counterintelligence practice needs to be based on analytic output. This may in turn join with the research function of positive intelligence, and perhaps it should as a matter of course, as the two could work hand in glove to achieve the same overall objective. As for the practice aspects that counterintelligence analytics informs, these too are more than traditional security. Defensive measures constitute only half of the practice—deterrence and detection. These aspects of counterintelligence are more than simply “blunting the opposition’s ability to…,” as the saying goes. These defensive functions need to dovetail with the offensive side of the craft—to deceive and to neutralize, which is arguably at the heart of counterin- telligence. Deception and neutralization could be described as “the real contest.” Defensive Counterintelligence Deterrence: Deterrence is the ability to prevent an opposition from gaining access to information. Deterrence in this context can be the ability to both dis- courage an opposition from attempting to conduct a penetration operation and deny an opposition’s data collection operation once a penetration operation has been launched and is underway. Underlying deterrence are three premises that must be met or else it will fail. The first premise is that of unacceptable damage. An organization must be able to deliver some form of harm upon its opposition for that opponent to be deterred. Deterrence in the counterintelligence sense is different from that used in the context of, say, international foreign relations, where it is used to, for instance, contain the aggressive behavior of an opponent state through the threat of retaliation. In a counterintelligence context, deterrence is simply an Theory of Counterintelligence 47 agency’s ability to persuade its opposing force (OPFOR) that the costs or the risks of mounting an information collection operation outweigh the benefits (in a sense, this could be construed as a form of “retaliation”). The second premise is that the threat must be perceived by an opposition. If an agency wants an opposition to cease unethical or illegal data collection, then the opposition must realize that such a threat has in fact been made; it is of no value if the threat is not communicated. The third premise is that of credibility—the threat must be credible to suc- ceed. Credibility, in turn, comprises two elements, the first that the organization making the threat is capable of delivering the “unacceptable harm” and second that it has the will to do so. Deterrence forms the bulk of what comprises defensive counterintelligence, and it mainly takes the form of physical security, information security,49 per- sonnel security, and communications security. Security is the bedrock on which deterrence relies. Although security does not act as an absolute deterrent, it is the keystone. Detection: Detection is the act of noticing that an event has taken place and that the event is somehow associated with a breach or potential breach of con- fidential information. The following are five premises that underwrite detection: 1. Identifying an event of concern; 2. Identifying the persons who were involved in the event; 3. Identifying the organizational association of the person(s) of interest; 4. Identifying the current location of the person(s) of interest; and 5. Gathering the facts that indicate that the person(s) committed the event. An event of concern is used here as a generic term that could be anything that could be at the center of a hostile information collection operation. For instance, it could be the temporary removal of documents from an office for copying. It could be the passing of information from an employee to an opposition orga- nization. Or, it could be the unauthorized observation of classified information. The examples are endless but suffice to say that the event of concern is, in law enforcement terms, the “alleged breach.” Regarding counterintelligence, it is the event that has given cause for concern. To be able to identify such events, counterintelligence officers need to have in place systems that will bring these events to their attention. Systems might include the observations of a person in the office who has been trained to report issues of this nature; or they might be technical systems, like alarms or digital image recordings of people’s activities within the office. Regardless, without systems in place detection is diminished—the event may go unnoticed, which is after all what the hostile information collection operation is anticipating. If an event is detected, then the perpetrator needs to also be identified. With- out this, the ability of assessing the damage caused by the breach is lessened. For example, a counterintelligence officer could not conclude with confidence who was interested in the data, how it was to be used, and what ramification this “lost” information could result in for the agency. Counterintelligence 48 Chapter 3 Counterintelligence Theory officers could nonetheless estimate the damage and the intended purpose, but this would not be as valuable as knowing the identity of the person and the details surrounding the breach. Closely associated with detecting the person involved is identifying the per- son’s association with any organization (opposition or otherwise). It would be hard to envisage an individual acting solely on their own without any associa- tion with anyone else or with any other organization. Spies collect data and, in the normal course of their employ, pass it onto intelligence analysts in a head- quarters setting who then analyze and synthesize this information and produce intelligence reports. Even in the case of small operations in, say, the business community, where a competitor is seeking insight into a competitor’s service or product, the data is handed from the information collector to someone who will (formally or informally) process this information and use it for planning. Unless the case involves a private individual, who has unilaterally embarked on a personal mission to, for instance, “expose” some dealings of the agency (or its client), then it is hard to conceive of a situation where no one else is involved. But, even in a situation of such a “man-on-a-mission” case, they would pre- sumably hand over the information they collect to some legal authority or the news media as a way of exposing the disagreeable behavior at the core of their mental disquiet.50 Regardless, it is important that the person’s association with others is iden- tified for two reasons. It allows the counterintelligence officer to understand what needs to be done in terms of damage control, and it also helps detection and evidence gathering—given that motivation is key to many a successful counterintelligence investigation. Knowing whom one is looking for, by name and other identifying traits, increases the likelihood that the person will be located. Finally, the ability to gather facts that directly or indirectly indicate a per- son’s complicity in an event of concern concludes the principle of detection. With the facts of the events in hand, the counterintelligence officer has the full picture of the event—who, what, where, when, why, and how (the five Ws and H of information gathering). Generally termed criminalistics or forensics, this includes the use of science and scientifically based techniques to locate, collect, and preserve evidence of the event. However, unlike a pure criminal investigation, the end purpose of collecting evidence in a counterintelligence investigation may not be prosecution in a court of law, but instead to mount a counteroperation (see offensive counterintelligence below) to obscure, confuse, or deceive the opposition. So, with any event of concern, the ability to detect and identify the per- petrators would cause an opposition to be less inclined to attempt a hostile operation to target an agency’s information. If it does not, and the opposition is still inclined, it forces them to become far more sophisticated, which may place them beyond their technical capability, or it places them at such risk that the consequences outweigh the benefits. If the opposition does carry out a more sophisticated operation, then it makes the counterintelligence officer’s job harder, but, paradoxically, the counterintelligence officer can deduce the likely Theory of Counterintelligence 49 identity of the perpetrator, and by doing so contribute to the first principle of counterintelligence theory—deterrence. Offensive Counterintelligence Deception: Deception involves misleading an opposition’s decision makers about some aspect of the agency’s operations, capabilities, or intentions (or those of its client), or concealing who is perpetrating an operation. The end state is to have the opposition form a view that makes them act (or not act) so that these actions prove futile. Or, deception operations may be aimed at caus- ing confusion, thus delaying an opposition’s ability to react effectively, or pro- jecting a false understanding that sends the opposition down a path that wastes its time and resources, thus placing the agency in a far stronger position than before.51 Double agent operations are classic in regards to the latter,52 and so is the use of dummy agents, who form a part of campaigns to sow disinformation or to project false pictures of what is truly occurring. Legendary examples of counterintelligence deception are the various opera- tions carried out in the lead up to the Allied invasion of Nazi-occupied Europe during the Second World War. One was Operation Bodyguard. This operation was designed to convince German leadership and decision makers that the Allies’ invasion would be timed later than it was, and that the invasion would be at locations other than the true objective of Normandy. For instance, Allied forces understood the Nazis were collecting information on the preparations they were making for invasion with the view to determine the landing sites.53 With such intelligence, the Nazis could have mounted a formidable defense that repelled the attack, as they did in 1940 when British, French, and Belgian troops were forced to evacuate Europe from a beachhead at Dunkirk, France (i.e., Operation Dynamo).54 Other examples of deception are discussed in chapter 13 (Offensive Coun- terintelligence: Deception) and include decoys, camouflage, and pretexts and ruses. Neutralization: The blocking of an opposition’s intelligence collection opera- tion can be done though the method of neutralization. This principle is based on the concept of “defeat”—that is, collapse, failure, rout, or ruin. The ability of an opposition to be successful with its intelligence collection operation is predicated upon the premise that it will be successful. This suggests that hostile operations can be thwarted by either destruction or paralysis. It can also be achieved by causing a loss of interest or enthusiasm in carrying out the operation (or continuing to carry out an operation), or by inflicting a loss of confidence in an opposition that in turn will be unable to achieve its objective (in whole or part). Destruction in the military sense is easy to visualize—say, the destruction of forward observation posts, whether they are manned or electronic, or the killing of reconnaissance forces sent forward to reconnoiter. However, in other intelligence operations it might be the arrest of a spy cell or the transfer of a 50 Chapter 3 Counterintelligence Theory suspected spy to a remote office or location where they have no access to clas- sified data (e.g., where not all the elements of detection have been established). Although neutralization by paralysis is not as dramatic as destruction, it can be as effective. With paralysis an agency must be able to cause an opposi- tion to halt any actions that might lead it to gain access to classified or sensi- tive information (or further access if already underway). Unlike destruction, where “demolition” of the operation is the goal, paralysis is concerned only with inflicting a temporary disruption of, say, a key process or a temporary disruption to communications so that direction, leadership, coordination, or command is lost, thus dooming the operation to failure. The intent is to cause the abandonment of the operation and the dismantling of, perhaps, a spy ring, by the opposition to avoid detection. Paralysis can be actions that are initiated by an agency as a preemptive measure to flush out an opposition operative or as part of a counterintelligence investigation. It could be argued that destruction and paralysis are defensive counterintel- ligence strategies, whereas loss of interest and loss of confidence could be clas- sified as offensive. For instance, loss of interest is predicated on the notion that, if an agency can project the belief that the financial, political, or other costs of collecting the information are greater than the benefits of collecting the infor- mation by legal or ethical means, it will cause an opposition to lose interest in the operation. Another approach to causing a loss of interest is if the agency can project the belief that the value of the information is so low that it is not worth collecting, or by presenting a more tempting alternative, which might also form part of a deception strategy. Causing a loss of confidence is a more esoteric method. It involves an organization being able to inflict upon an opposition’s operative—an event or set of events that cause that operative (or his master controller) to become dysfunctional to the point that he is either detected or is paralyzed to the point that he is ineffective. Take, for example, two business competitors aggressively vying for the same market. If an agency can erode the opposition’s faith in their operative’s ability to succeed, defeat will occur. Methods for neutralization are numerous but the standout is the one made classic in the fictional spy genre of counterespionage. Counterespionage “calls for the engineering of complex strategies that deliberately put one’s agent(s) in contact with an adversary’s intelligence personnel. This is done so that an adversary can be fed with disinformation which should lead to confusion, thus disrupting the adversary and allowing the perpetrator to prosper.”55 Accord- ingly, “counterespionage is like putting a virus into the bloodstream of the enemy.”56 Conclusions If we return to the analogy of financial investment, one could argue that anyone promoting the notion of a low-risk, but high-yield investment is akin to the alchemist peddling the idea he can turn lead into gold. Extending the financial analogy to intelligence work, one would be hard pressed to argue that running Conclusions 51 an intelligence operation, or conducting a secret research project, could be per- formed without the need to mitigate risk. To provide utility to the support of sound counterintelligence practices, this study sought to formulate a theory of counterintelligence that was grounded in empirical observation. The study used secondary data from the subject litera- ture as the basis for its observations. What can be concluded from these findings? With regard to offensive coun- terintelligence, the theory highlights the active role it plays in misleading an opposition’s decision makers through deception and in destroying or paralyzing the opposition’s ability to continue with its intelligence operation. Neither of these functions can be effectively performed without considering the defensive functions interaction. Without such a theoretical understanding, a successful agency counterintelligence program would be hamstrung. Nevertheless, by viewing counterintelligence in the context of these two cat- egories—defense and offense—we see that defensive counterintelligence gathers together those activities that contribute to deterrence and detection, whereas offensive counterintelligence is comprised of those activities that contribute to deception and neutralization. But, having said that, detection may also be included as part of offensive counterintelligence. The reason detection can be included in both categories is because its role can be to provide a means that secures information and the facilities that holds these data, as well as “hunting” those who have breached those controls. In sum, this theory of counterintelligence is not one that could be described as conceptually dense; nonetheless it is one that clearly articulates the seven propositions that explain why counterintelligence practice is performed as it is or, arguably, as it should be. It also presents the four assumptions that lay the conditions on which these propositions rely. Therefore, an understanding of the relationship between theory and practice can be used not only to improve a counterintelligence program’s performance but to help avoid catastrophic security failures (e.g., penetrations). Theory can do this by providing scholars with the ability to formulate hypotheses that can be tested: for example, a purely defensive approach to protecting information is less effective than one that incorporates offensive measures. Because this is a universal theory of counterintelligence, it allows the context to be varied so it too can be tested: for instance, a purely defensive approach to protecting national security information is less effective than one that incorporates offensive measures, but, in a business context, incorporating an offensive role will be counterproductive. Using such hypotheses, scholars can then define variables and operationalize them. Take the first hypothesis above as an example: offensive measures could be operationalized into, say, double agents, agents provocateurs, “sleepers,” walk-ins, or any number of other mani- festations of the concept. Finally, having a basis to explain why and how counterintelligence practi- tioners carry out their craft in a testable form also gives rise to the possibility of exploring metrics that could be used to measure counterintelligence processes, outputs, and outcomes. 52 Chapter 3 Counterintelligence Theory “Intelligence is... not a form of clairvoyance used to predict the future, but an exact science based on sound quantitative and qualitative research methods. Intelligence enables analysts to present solutions or options to decision makers based on defensible conclusions.”57 The same is true for counterintelligence. With what is advanced here the profession may continue to refine the theoreti- cal base that underpins the craft. All being well, one would anticipate that, in the fullness of time, this and other yet to be articulated counterintelligence theories will spawn better policy options. These policy options will therefore be based on defensible conclusions that are grounded in empirical research. Review of Key Words and Phrases The key words and phrases associated with this chapter are listed below. Dem- onstrate your understanding of each by writing a short definition or explanation in one or two sentences. deception event of concern detection neutralization deterrence Study Questions 1. List the three underlying assump- 3. List the three premises that com- tions that support counterintel- prise the theory of deterrence. ligence theory. 4. List the five premises that under- 2. List the four categories that com- write the theory of detection. prise the theory of counterintel- ligence. Learning Activity Consider the concept of an event of concern. Using either your current workplace or a notional one, brainstorm at least five situations that could be considered as events of concern. List the event and next to it the reasoning for it being of con- cern. Rank them in terms of risk (i.e., likelihood and consequence) from highest at the top to lowest at the bottom. Select the highest ranking event and a system that will bring this type of event to the attention of a counterintelligence officer. If there is already such a system in place for this, evaluate it in terms of whether it could be improved from the point of view of effectiveness and/or efficiency. Notes 1 This chapter presents the results of a study conducted by the author that was originally pub- lished in American Intelligence Journal 29, no. 2 (2011): 6–15 and subsequently circulated in Notes 53 revised form as a chapter of the first edition of this book, Counterintelligence Theory and Prac- tice (Rowman & Littlefield, 2012). Stemming from this research, the author developed a paper based on these two publications for presentation at a classified forum of intelligence scholars at the University of Adelaide in 2014. The paper was subsequently cleared for publication as, “Extending the Theoretical Structure of Intelligence to Counterintelligence,” Salus Journal 2, no. 2 (2014): 31–49. This chapter is therefore a consolidation of the author’s thinking on a counterintelligence theory. 2 Richard Helms with Hood, A Look Over My Shoulder, 154. 3 Godson, Dirty Tricks or Trump Cards. 4 William R. Johnson, Thwarting Enemies at Home and Abroad: How to be a Counterintelli- gence Officer (Bethesda, MD: Stone Trail Press, 1987), 1; and William R. Johnson, Thwarting Enemies at Home and Abroad: How to be a Counterintelligence Officer (Washington, DC: Georgetown University Press, 2009), 1. 5 John Ehrman, “Toward a Theory of Counterintelligence: What Are We Talking About When We Talk About Counterintelligence?” Studies in Intelligence 53, no. 2 (2009): 18. 6 Patrick F. Walsh, Intelligence and Intelligence Analysis. 7 Johnson, Thwarting Enemies at Home and Abroad (1987), 2; and Johnson, Thwarting Enemies at Home and Abroad (2009), 2. 8 Petrus C. Duvenage, “Counterintelligence,” in Hank Prunckun (ed.), Intelligence and Private Investigation: Developing Sophisticated Methods for Conducting Inquiries (Springfield, IL: Charles C. Thomas, 2013), 130. 9 Michael Holzman, James Jesus Angleton, the CIA, and the Craft of Counterintelligence (Amherst: University of Massachusetts Press, 2008), 3. 10 Holzman, James Jesus Angleton, the CIA, and the Craft of Counterintelligence, 3. 11 Miron Varouhakis, “An Institutional-Level Theoretical Approach for Counterintelligence,” International Journal of Intelligence and Counterintelligence 24, no. 3 (2011): 495. 12 David Atlee Philips, The Night Watch (New York: Antheneum, 1977), 52. 13 Ehrman, “Toward a Theory of Counterintelligence.” 14 Varouhakis, “An Institutional-Level Theoretical Approach for Counterintelligence.” 15 Lock K. Johnston, “A Theory of Strategic Intelligence,” in Peter Gill, Stephen Marrin, and Mark Phythian (eds.), Intelligence Theory: Key Questions and Debates (London: Routledge, 2009), 49–50. 16 Vincent H. Bridgeman, “Defense Counterintelligence, Reconceptualization,” in Jennifer E. Sims and Burton Gerber (eds.), Vaults, Mirrors and Masks: Rediscovering U.S. Counterintel- ligence (Washington, DC: Georgetown University Press, 2009). 17 Ehrman, “Toward a Theory of Counterintelligence,” 18. 18 Varouhakis, “An Institutional-Level Theoretical Approach for Counterintelligence,” 498. 19 Lock K. Johnston, “A Theory of Strategic Intelligence,” 50. 20 Bridgeman, “Defense Counterintelligence, Reconceptualization,” 128. 21 Ehrman, “Toward a Theory of Counterintelligence,” 18. 22 Lock K. Johnston, “A Theory of Strategic Intelligence,” 33. 23 As examples, see: Robert M. Clark, Intelligence Analysis: A Target Centric Approach (Wash- ington, DC: CQ Press, 2007); Richards J. Heuer, Jr. and Randolph H. Pherson, Structured Analytic Techniques for Intelligence Analysis (Washington, DC: CQ Press, 2011); Mark M. Lowenthal, Intelligence: From Secrets to Policy, Fourth Edition (Washington, DC: CQ Press, 2009); Prunckun, Scientific Methods of Inquiry for Intelligence Analysis; Jerome Clauser, An Introduction to Intelligence Research and Analysis (Lanham, MD: Scarecrow Press, 2008); and Walsh, Intelligence and Intelligence Analysis. 24 Frederick L. Wettering, “Counterintelligence: The Broken Triad,” International Journal of Intelligence and Counterintelligence 13, no. 3 (2000). 25 See, for instance, Michelle K. Van Cleave, Counterintelligence and National Security (Wash- ington, DC: National Defense University Press, 2007). Nevertheless, this is a praiseworthy piece of research. 26 Ehrman, “Toward a Theory of Counterintelligence.” 27 See, for instance, the critical appraisal of some existing models of intelligence and whether these accommodate a clear understanding of counterintelligence, by Petrus “Beer” Duvenage 54 Chapter 3 Counterintelligence Theory and Michael Hough, “The Conceptual Structuring of the Intelligence and the Counterintel- ligence Processes: Enduring Holy Grails or Crumbling Axioms–Quo Vadis?” Strategic Review for Southern Africa 33, no. 1 (May 2011): 29–77. 28 David Kahn, “An Historical Theory of Intelligence,” Intelligence and National Security 16, no. 3 (2001): 79. 29 Johnson, Thwarting Enemies at Home and Abroad (1987), 2; and Johnson, Thwarting Enemies at Home and Abroad (2009), 2. 30 David C. Bell, Constructing Social Theory (Lanham, MD: Rowman & Littlefield, 2009), 61. 31 Hank Prunckun, Scientific Methods of Inquiry for Intelligence Analysis. 32 Anselm Strauss and Juliet Corbin, Basics of Qualitative Research: Grounded Theory Proce- dures and Techniques (Newbury Park, CA: Sage, 1990). 33 Earl Babbie, The Practice of Social Research, 9th ed. (Belmont, CA: Wadsworth, 2001). 34 Bell, Constructing Social Theory. 35 Tony Buzan, How to Mind Map (London: Thorsons, 2002). 36 Barney Glaser and Anselm Strauss, The Discovery of Grounded Theory (Chicago: Aldine, 1967). 37 In the first edition of this book, these assumptions were referred to as principles. 38 There may be synonyms for these concepts that apply to specific contexts; for instance, the concept of detection might be equated to identification, and so on. 39 See, for instance, Abram Shulsky, “Elements of Strategic Denial and Deception,” Trends in Organized Crime 6, no. 1 (Fall, 2000): 17. 40 In the first edition of this book, propositions were referred to as axioms. 41 John Hospers, An Introduction to Philosophical Analysis, 2nd ed. (London: Routledge and Kegan Paul, 1973). 42 Cynthia M. Grabo, Anticipating Surprise: Analysis for Strategic Warning (Lanham, MD: Uni- versity Press of America, 2004). 43 Alain Franqu, “The Use of Counterintelligence, Security and Countermeasures,” in Craig Fleisher and David Blenkhorn (ed.), Managing Frontiers in Competitive Intelligence (Westport CT: Greenwood, 2001). 44 Robin W. Winks, Cloak and Gown: Scholars in the Secret War (New York: Morrow, 1987), 328. 45 Godson, Dirty Tricks or Trump Cards, 231. 46 Frank Santi Russell, Information Gathering in Classical Greece (Ann Arbor: University of Michigan Press, 1999), 190. 47 Lock K. Johnston, “A Theory of Strategic Intelligence,” 50. 48 Henry Prunckun “The Paradox of Fiction and Terrorism’s Overshadowing of Organised Crime as a Law Enforcement Concern,” Salus Journal 4, no. 2 (2016): 65–66. 49 Information security should not be confused with computer security. Information security is used in this book in its widest form; that is, documents and papers, electronic data, software, knowledge, and artifacts. 50 See, for example, Andrew Fowler, The Most Dangerous Man in the World. 51 For in-depth examples and case studies involving deception, see, for instance, Thaddeus Holt, The Deceivers: Allied Military Deception in the Second World War (London: Phoenix, 2005), and Jon Latimer, Deception in War (Woodstock, NY: The Overlook Press, 2001). See also, Melrose M. Bryant, Deception in Warfare: Selected References from Air University Library Collection, Special Bibliography No. 275 (Maxwell Air Force Base, AL: U.S. Air Force, 1985). 52 Winks, Cloak and Gown, 342–43. 53 William Stevenson, A Man Called Intrepid: The Secret War 1939–1945 (London: Book Club Associates, 1976). 54 W. J. R. Gardner, ed., The Evacuation from Dunkirk: “Operation Dynamo,” 26 May–4 June 1940 (London: Frank Cass Publishers, 2000). 55 Prunckun, Scientific Methods of Inquiry for Intelligence Analysis, 10. 56 Winks, Cloak and Gown, 422. 57 Prunckun, Scientific Methods of Inquiry for Intelligence Analysis, 2. Chapter 4 Tenets of Defensive Counterintelligence D efensive counterintelligence is concerned with deterrence and detection. Translating these concepts into actions is done through various risk treatment options, or in intelligence parlance, countermeasures. Applied in an intelligence context, countermeasures have a somewhat narrower conno- tation than is commonly found in the mainstream intelligence studies literature. In its application here, countermeasures are an umbrella term for actions that includes either passive defensive or active offensive measures. This chapter discusses seventeen tenets of defensive counterintelligence.1 Even though these tenets are the handmaidens for counterintelligence planning (chapter 5), defensive counterintelligence is not the end state; it facilitates the offensive work of the craft—counterespionage. Goal keepers are important to sporting teams because they prevent the opponent from scoring, but a team will never win the game without its offensive side. Although defensive counterintelligence is not by definition part of the active measures employed in offensive operations, security operations offer conceal- ment for aggressive action—“an effective security program often can do much to mislead or deceive the intended victim of attack even if no more sophisticated measures are undertaken. Although security along will not normally lead the adversary to undertake the wrong preparations or to misdeploy his forces, it may lead him to undertake very inadequate countermeasures of even to fail to alert his forces at all, if security is totally effective.”2 This chapter, as well as the following chapter on planning, serves, assists, and complements offensive counterintelligence. Tenets of Defensive Counterintelligence Tenet 1—Executive Responsibility Of the tenets of defensive counterintelligence, the highest order tenet is that of executive governance. Although it might seem to some as somewhat self-evident, 55 56 Chapter 4 Tenets of Defensive Counterintelligence it is worth stating this tenet for clarity. The responsibility for security in all its forms rests with the head of the agency. Although the agency head will rarely be involved in any of the day-to-day security issues, he or she has responsibility for creating and maintaining a security program to guard the agency’s confidential information and secret operations. To this end, this functional responsibility is therefore delegated to subordinates (or a committee), and, depending on the size of the agency, there may be several such delegations flowing down the chain of command. Nevertheless, the point is that the ultimate responsibility for orches- trating these activities rests with the agency head, and the importance placed on security within the agency is driven by the commitment of that person. Tenet 2—Executive Support For security to be effective the agency head must be willing to promote secu- rity so that all employees understand and accept it in the most favorable light. The image of security within the agency must be positive. Staff’s attitudes must be cultivated to respect its purpose and, consequently, accept its associated poli- cies and practices. The main hazard to information is complacency regarding its security. Tenet 3—Ethical Symmetry One of the key issues for security acceptance is that staff view the security regime as one that is in harmony with the prevailing social norms—that is, it does not seek to recreate the model of a dictatorial state to deal with procedural compliance. Nor should it implement countermeasures that are illegal or unethi- cal; for example, barriers that are electrified to a lethal level, or air-locks that fill with poisonous gas. Tenet 4—Need-to-be-there The rationale for allowing people to access an area where sensitive information is being processed, analyzed, or stored needs to be established. Although the doctrine’s relation to access to information—known as the need-to-know3—is discussed in more detail in tenet 5 below and in chapter 8 (Defensive Counter- intelligence: Information Security), it is important to illustrate the basis for this tenet. Known as friendly access, this is a means where the opposition attempts to gain access by deception rather than force. Therefore, access to an agency’s offices should be limited to employees and visitors who are known or have appointments. All other visitors should be carefully screened, and their identi- ties verified prior to entry. People making deliveries, including mail deliveries and maintenance workers, should be handled in the same manner. Access to all areas of the agency should be on a restricted need-to-be-there basis. If an agency’s visitor/staff traffic is heavy, a system of custom-designed identity cards Tenets of Defensive Counterintelligence 57 worn on employees’ outer clothing can be an efficient method of quickly estab- lishing friend or foe. Tenet 5—Need-to-know Much of what is considered regarding defensive counterintelligence could be redundant if the opposition was never aware that sensitive information existed. This means that the first breach of security occurs when the opposition becomes aware that information worthy of targeting exists. If one uses the metaphor of a genie, it is at the point when the opposition knows about the information that the proverbial genie has been let out of the bottle and there is no way of return- ing it. All that can be done at that juncture is intensify the defensive counterin- telligence measures and/or conduct an offensive counterintelligence operation. So, if an agency holds information with some degree of sensitivity, its existence needs to be kept confidential to all but those with a need-to-know. Tenet 6—Counterreconnaissance This tenet is associated with tenet 5—not allowing the opposition to know of the information or operation in the first place. This tenet seeks to prevent reconnaissance.4 In this sense, it is more than preventing a reconnoitering of a physical target, as the case would be for the location of a piece of critical infrastructure. It is preventing environmental scanning—that is, hunting for leads that could indicate the agency is inactive in perusing certain developments. For instance, strategic intelligence analysts use a method known as environmen- tal scanning to investigate issues of value. It seeks to obtain data at the macro level. If in analyzing these data the analysts conclude that there are indicators that the opposition may be involved in activities that they would like to know about, the proverbial genie has been let out of the bottle. Tenet 7—Realistic Policies and Procedures Countermeasures need to be flexible and need to correspond to the risk. They should not become a rigid set of policies and procedures. Rather, they need to be fluid and adaptable to changes in the agency’s requirements for security. No doubt practitioners will need to consider many factors before implement- ing countermeasures. Nevertheless, important issues need to be weighed when establishing, or improving, a defensive counterintelligence program. These include, but are not limited to, financial constraints and the willingness of staff to follow proposed procedures. For instance, in the business and private sec- tors, there is little sense in spending large sums of money on safes and intruder detection systems if the utility is not justified, or it pushes the budget toward insolvency. Likewise, staff may be tempted to bypass security procedures if they are overly complicated or time consuming.5 Physical security, employee vet- ting, information handling policies, classification schemes, and the like are only backstops for contest of wits that is at the center of counterintelligence; that is, the offensive stratagems. 58 Chapter 4 Tenets of Defensive Counterintelligence Tenet 8—Synergistic Approach Countermeasures should be modular, that is, able to be adapted either in whole or in part, depending on the results of the counterintelligence planning process that are described in the next chapter (chapter 5, Defensive Counterintelligence Planning). The important issue is that the tenets of defensive counterintelligence are observed and that periodic inspections are carried out to check on the stan- dard of security practiced. Countermeasures can therefore be seen in a synergistic way—the combination totaling more than the sum of the individual components. Tenet 9—Early Detection Break-ins and burglaries are not an uncommon occurrence for government agencies or businesses to experience. However, in June 1972 the Watergate affair brought home the reality that break-ins are not only a method for acquiring cash and valuable physical assets, but they are also a technique for information gathering.6 In intelligence work this technique is referred to as a black bag operation.7 Surreptitious entries are used to plant surveillance devices or to carry out other covert intelligence-gathering activities. Short of creating a mini-fortress, there is nothing that will make an office 100 percent burglar- proof—even Buckingham Palace has had its intruder. Ideally, this tenet dictates that an alert is sent to the counterintelligence officer that a penetration has occurred at the time it took place. This facilitates several things: an immediate notification shortens the time the perpetrator has to access information, as well as places the perpetrator under pressure, thus increasing the chance of errors. Errors could also result in trace evidence being left behind. If it is not possible to design an immediate alert facility, then the time between penetration and detection needs to be as short as possible. Detection also increases the deterrent effect of the system. FIGURE 4.1 Diagrammatic Representation of the Tenet of Defense-in-depth. Source: Courtesy of the author. Tenets of Defensive Counterintelligence 59 Tenet 10—Defense-in-Depth The tenet of early detection (tenet 9) is integral to this tenet—that of delay. Namely, once detected, countermeasures should be directed to delaying the per- petrator so that security guards or police can arrive and apprehend the offender. This requires a system of barriers to be installed. Barriers can be any device that separates two spaces. They can range from reinforced walls and doors to transparent glass partitions. Barriers also act to cause the perpetrator to leave behind evidence of how they tried to penetrate the barrier, thus providing a potentially rich source of forensic evidence for counterintelligence investigators. In this regard, the barrier system needs to consist of several barriers to form layers—termed defense-in-depth. The theory behind defense-in-depth is that perpetrators will lose momentum as they encounter each barrier. If there was one single defensive barrier, although difficult to penetrate, once breached, the target data is immediately vulnerable. This is known as single point of failure, or a single path to failure (Figure 4.2).8 The layering of barriers applies equally to the building obstacles in physical world and to creating the same in the cyber-sphere. The strongest barrier in a defense-in-depth system needs to be located closest to the targeted data. This is discussed in tenet 12. As to how many layers are needed for security-in-depth to be effective depends on the agency’s risk threshold, its security budget, the value of the data it is holding, and for what period these data items need to remain secret. Allied to the tenet of defense-in-depth is the central pillar of personnel security (see chapter 7). This pillar states that, to ensure that staff who work for the agency do not inadvertently disclose secrets, some form of “protection” needs to be in place. Although not a physical barrier as such, the protection afforded is a barrier nonetheless. This protection takes the form of background investigations. For instance, to guard against people who may seek to inten- tionally reveal classified information and those who may be so indiscreet that they may unintentionally reveal secrets if employed, a vetting process needs to take place. FIGURE 4.2 Swiss Cheese Analogy: The Left-hand Path Avoids the Uninterrupted Route Seen in the Right-hand Path, which Offers No Resistance. Source: Courtesy of the author.

Counterintelligence Theory PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue