A Baseline for U.S. Counterintelligence Programs

A 2013 Intelligence Community Directive that was released this week “establishes the baseline for CI [counterintelligence] programs across the Intelligence Community (IC).”

Counterintelligence is defined as “Information gathered and activities conducted to identify, deceive, exploit, disrupt, or protect against espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons, or their agents, or international terrorist organizations or activities.”

Counterintelligence Programs, Intelligence Community Directive 750, was signed by DNI James R. Clapper on July 5, 2013, and was released by the Office of the Director of National Intelligence in response to a Freedom of Information Act request.

CI programs within the Intelligence Community are directed to address CI analysis, awareness and education, risk assessments, and critical asset protection.

A critical asset is “Any asset (person, group, relationship, instrument, installation, process, or supply at the disposition of an organization for use in an operational or support role) whose loss or compromise would have a negative impact on the capability of a department or agency to carry out its mission; or may have a negative impact on the ability of another U.S. Government department or agency to conduct its mission; or could result in substantial economic loss; or which may have a negative impact on the national security of the U.S.”

By any reasonable definition, the Office of Personnel Management database of security clearance background investigations for federal employees and contractors that was recently compromised by a foreign adversary would appear to qualify as a “critical asset.” But since OPM is not a member or an element of the Intelligence Community, it appears to fall outside the scope of this directive.

The IC Directive includes only the briefest of references to the sensitive topic of offensive counterintelligence, which involves penetrating, diverting and redirecting foreign intelligence efforts targeted at the United States:

“Effective mitigation of FIE [Foreign Intelligence Entity] activities involves anticipating, detecting, understanding, and assessing threats to national security and also taking appropriate CI actions to defeat, counter, neutralize, or exploit the threat.”

    *    *    *

ODNI this week also released a 2012 instruction on the ORCON dissemination marking, referring to intelligence information whose distribution is “originator controlled.”

“The use of ORCON enables the originator to maintain knowledge, supervision, and control of the distribution of ORCON information beyond its original dissemination. Further dissemination of ORCON information requires advance permission from the originator.”

However, its use should be limited. “The ORCON marking shall be applied judiciously in accordance with this ICPG to ensure that classified national intelligence is disseminated appropriately without undue delay or restriction.”

“The decision to apply ORCON shall be made on a case-by-case basis using a risk-managed approach. It shall not be applied in a general or arbitrary manner.”

See Application of Dissemination Controls: Originator Control, ICPG 710.1, July 25, 2012.