Intelligence cycle security


, and, by extension, the overall defenses of nations, are vulnerable to attack. It is the role of intelligence cycle security to protect the process embodied in the intelligence cycle, and that which it defends. A number of disciplines go into protecting the intelligence cycle. One of the challenges is there are a wide range of potential threats, so threat assessment, if complete, is a complex task. Governments try to protect three things:
  • Their intelligence personnel
  • Their intelligence facilities and resources
  • Their intelligence operations
Defending the overall intelligence program, at a minimum, means taking actions to counter the major disciplines of intelligence collection techniques:
  • Human Intelligence
  • Signals Intelligence
  • Imagery Intelligence
  • Measurement and Signature Intelligence
  • Technical Intelligence
  • Open Source Intelligence
To these are added at least one complementary discipline, counterintelligence which, besides defending the six above, can itself produce positive intelligence. Much, but not all, of what it produces is from special cases of HUMINT.
Also complementing intelligence collection are additional protective disciplines, which are unlikely to produce intelligence:
  • Physical security
  • Personnel security
  • Communications security
  • Information system security
  • Security classification
  • Operations security
These disciplines, along with CI, form intelligence cycle security, which, in turn, is part of intelligence cycle management. Disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security. For example, when communications intelligence identifies a particular radio transmitter as one used only by a particular country, detecting that transmitter inside one's own country suggests the presence of a spy that counterintelligence should target.
CI refers to efforts made by intelligence organizations to prevent hostile or enemy intelligence organizations from successfully gathering and collecting intelligence against them. Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles, that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition" Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services. In 1991 and 1995 US Army manuals dealing with counterintelligence, CI had a broader scope against the then-major intelligence collection disciplines. While MASINT was defined as a formal discipline in 1986, it was sufficiently specialized not to be discussed in general counterintelligence documents of the next few years.
All US departments and agencies with intelligence functions are responsible for their own security abroad.
In many governments, the responsibility for protecting intelligence and military services is split. Historically, CIA assigned responsibility for protecting its personnel and operations to its Office of Security, while it assigned the security of operations to multiple groups within the Directorate of Operation: the counterintelligence staff and the area unit, such as Soviet Russia Division. At one point, the counterintelligence unit operated quite autonomously, under the direction of James Jesus Angleton. Later, operational divisions had subordinate counterintelligence branches, as well as a smaller central counterintelligence staff. Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations. US military services have had a similar and even more complex split.
Some of the overarching CI tasks are described as
  • Developing, maintaining, and disseminating multidiscipline threat data and intelligence files on organizations, locations, and individuals of CI interest. This includes insurgent and terrorist infrastructure and individuals who can assist in the CI mission.
  • Educating personnel in all fields of security. A component of this is the multidiscipline threat briefing. Briefings can and should be tailored, both in scope and classification level. Briefings could then be used to familiarize supported commands with the nature of the multidiscipline threat posed against the command or activity.

    Changes in doctrine for protecting the entire intelligence cycle?

The US definition of counterintelligence, however, is narrowing, while the definition of Operations Security seems to be broadening. The manuals of the early 1990s describedCI as responsible for overall detection of, and protection from, threats to the intelligence cycle. With the 2005-2007 National Counterintelligence Strategy statements, it is no longer clear what function is responsible for the overall protection of the intelligence cycle. In this recent US doctrine, although not necessarily that of other countries, counterintelligence is now seen as primarily a counter the Human Intelligence HUMINT to Foreign Intelligence Service. FIS is a term of art that covers both nations and non-national groups, the latter including terrorists, or organized crime involved in areas that are considered fundamental threats to national security
The National Counterintelligence Strategy of 2005 states the CI mission as:
  • counter terrorist operations
  • seize advantage:
  • protect critical defense technology
  • defeat foreign denial and deception
  • level the economic playing field
  • inform national security decisionmaking
  • build a national CI system
The 2007 US joint intelligence doctrine restricts its primary scope to counter-HUMINT, which usually includes counter-terror. It is not always clear, under this doctrine, who is responsible for all intelligence collection threats against a military or other resource. The full scope of US military counterintelligence doctrine has been moved to a classified publication, Joint Publication 2-01.2, Counterintelligence and Human Intelligence Support to Joint Operations, so publicly it is unknown if that problem is clarified there.

Countermeasures to specific collection disciplines

More specific countermeasures against intelligence collection disciplines are listed below
DisciplineOffensive CIDefensive CI
HUMINTCounterreconnaissance, offensive counterespionageDeception in operations security
SIGINTRecommendations for kinetic and electronic attackRadio OPSEC, use of secure telephones, SIGSEC, deception
IMINTRecommendations for kinetic and electronic attackDeception, OPSEC countermeasures, deception
If accessible, use SATRAN reports of satellites overhead to hide or stop activities while being viewed

Counter-HUMINT

See additional detail on Project Slammer, which was an effort of the Intelligence Community Staff, under the Director of Central Intelligence, to come up with characteristics of Project Slammer, an Intelligence Community sponsored study of espionage.
Aspects of physical security, such as guard posts and wandering guards that challenge unidentified persons, certainly help with counter-HUMINT. Security education, also part of OPSEC, is important to this effort.

Counter-SIGINT

Military and security organizations will provide secure communications, and may monitor less secure systems, such as commercial telephones or general Internet connections, to detect inappropriate information being passed through them. Education on the need to use secure communications, and instruction on using them properly so that they do not become vulnerable to specialized technical interception. Methods of including encryption and traffic flow security may be needed in addition to, or instead of, specialized shielding of the equipment.
The range of methods possible in counter-SIGINT cover a wide range of what is appropriate in a combat zone to what can be done in a research laboratory. At the combat end, if an enemy SIGINT interception antenna can be targeted, thoroughly bombing it and its associated electronics will definitely end its career as a SIGINT threat. In slight less dramatic fashion, it can be taken under electronic attack, and strong enough electromagnetic signals directed at it to conceal any friendly signals, and perhaps to overload and destroy the electronics of the SIGINT facility. SIGINT protection for office buildings may require a room to be electronically shielded.

Counter-IMINT

The basic methods of countering IMINT are to know when the opponent will use imaging against one's own side, and interfering with the taking of images. In some situations, especially in free societies, it must be accepted that public buildings may always be subject to photography or other techniques.
Countermeasures include putting visual shielding over sensitive targets or camouflaging them. When countering such threats as imaging satellites, awareness of the orbits can guide security personnel to stop an activity, or perhaps cover the sensitive parts, when the satellite is overhead. This also applies to imaging on aircraft and UAVs, although the more direct expedient of shooting them down, or attacking their launch and support area, is an option in wartime.

Counter-OSINT

While the concept well precedes the recognition of a discipline of OSINT, the idea of censorship of material directly relevant to national security is a basic OSINT defense. In democratic societies, even in wartime, censorship must be watched carefully lest it violate reasonable freedom of the press, but the balance is set differently in different countries and at different times.
Britain is generally considered to have a very free press, but the UK does have the DA-Notice, formerly D-notice system. Many British journalists find that this system is used fairly, although there always be arguments. In the specific context of counterintelligence, note that Peter Wright, a former senior member of the Security Service who left their service without his pension, moved to Australia before publishing his book Spycatcher. While much of the book was reasonable commentary, it did reveal some specific and sensitive techniques, such as Operation RAFTER, a means of detecting the existence and setting of radio receivers.