Cyber-counterintelligence
Cyber Counter-Intelligence
What is counterintelligence (CI)? A compilation of definitions assists with understanding that CI is:
a division within an intelligence service charged with protecting sensitive information from an enemy, who is a hostile intelligence service or individual(s) engaged in espionage, sabotage, subversion or terrorism, by identifying threats to security, creating and disseminating deceptive information, preventing subversion and sabotage, and thwarting attempts to access and collect while still attempting to gather information from that enemy.
This amalgamation incorporates the many aspects involved with counterintelligence and highlights the many complexities. The essential goal is to keep outsiders from insider information, and exploit any perpetrators to insider advantage by either providing false intelligence or using them as a means to gather information about that outsider organization. In short, it is no easy task.
While CI is already complicated, the innovative and technologically driven society in which we live is increasingly more sophisticated and introduces yet another obscuring factor in this already indistinct equation. To the extent ‘Cyber’ is a tradecraft in which opponents are employing new and more subversive attack measures and likewise must be deterred by implementing new defensive measures and detection and exploitation mechanisms, it can be argued that Cyber-Counterintelligence (Cyber-CI) is a divergent subfield of CI. This perspective focuses on cyberspace and the use of information warfare by external adversaries, such as foreign intelligence services, organized crime groups, or hackers, whether politically motivated or not; and how to defend against attacks using new means. Already, CI has implemented strategies and other countermeasures to maintain the integrity and security as well as thwart attacks. Measures are primarily defensive such as protecting networks via information assurance practices and information security tools, emphasis on system administration, and hardware and software protection. System administration reinforces the classification system and compartmentalization structure by granting users access only to information necessary to complete current duties and ensures all data is secured. Of the remaining mentioned defenses, Information Security (InfoSec) is most frequently discussed, perhaps because it is akin to other CI safeguards. InfoSec encompasses the control and security components applied to widely networked systems. For example, it guards against penetration with the use of firewalls and intrusion detection systems, and also includes systems, which identify system vulnerabilities that are considered a threat because they can be exploited by enemies. By incorporating Cyber-CI defense activities, the IC has begun to address these new threats and potential vulnerabilities in this technological era.