Though some of the most damaging exposures of classified material have come from companies working for the federal government in recent years, the intelligence community’s 100,000 contractors overall “are kicking butt” in helping agencies head off insider threats, the nation’s top counterintelligence chief said on Monday.
Anticipating threats “is a team sport,” Bill Evanina, the government’s national counterintelligence executive, told a gathering of the Intelligence and National Security Alliance, a nonprofit group made up of contractors and former intelligence officials. “The only way to win is a partnership, a whole-of-government, whole-of-country approach” that includes contractors and the news media as well.
“We have to get back to patriotism,” he said.
Despite incidents involving National Security Agency contractors such as Edward Snowden and Howard Martin, “we need to eliminate with urgency the idea that most insider threats are contractors,” Evanina said. “There’s no evidence” either for that, he said, or for the common notion that “millennials want to be leakers.”
Evanina acknowledged there’s been disturbing news on the counterintelligence front over the past year, much of which has lost the power to shock. He cited the recent hacking of the CIA’s internal digital toolbox and the arrest last week of State Department official Candace Clairborne, charged with allegedly meeting foreign agents without keeping her agency informed.
The arrest last August of a Chinese agent in New York City, Evanina said, was barely covered by the news media, but “10 or 12 years ago would have been front-page news in every paper across the country.”
Referencing the proverbial “death by 1,000 cuts,” Evanina said, “we’re hitting 800 cuts and getting close to 1,000.” Russian President Vladimir Putin, he guesses, probably wakes up most mornings smiling at his successful manipulation of events in the West.
An underrated success for counterintelligence against economic espionage, he said, was the Commerce Department’s recent imposition of a record $1.1 billion fine on the Chinese company ZTE for violating international sanctions by selling electronics to Iran and North Korea.
Evanina said terrorist threats can come from weapons as basic as “spear phishing” of email accounts in the hope that an ill-advised click on an attachment will send malware coursing through an agency or threaten critical infrastructure. And enemy efforts to grab personally identifiable information—more than half of Americans have been victimized by identity theft, he noted—can harm spouses, children and co-workers.
Following the breach of 22 million personnel files of federal workers at the Office of Personnel Management in 2015, Congress mandated that Evanina’s National Counterintelligence and Security Center sign a memorandum of understanding with OPM to assess the damage. That project is still underway, he said on Monday.
Evanina’s office works with the Treasury and Homeland Security departments to provide intelligence on threats to U.S. energy infrastructure and financial systems, as well as coordinating with smaller agencies, such as the Federal Communications Commission and the Federal Energy Regulatory Commission.
“Imagine if all the ATM machines went down,” Evanina said. And how would the industrial supply chain function if “our collection of satellites were rendered inoperable?” he asked. The government as a whole “has to be sure we’re making the right risk-based decisions.”
Increasingly, agencies and consultants are relying on psychological profiling to spot problem employees before any misconduct occurs.
People who become insider threats “can be narcissists,” or “Machiavellian manipulators” and have “callous personalities,” Evanina said. Signs to watch for include reacting badly to being passed over for a promotion, going through a divorce or financial distress, or coping with a child with special needs. These and other situations can make an employee or a contractor “angry at the world,” he said. “Sometimes the solution is as simple as an employee assistance program, an interview with a security officer, or peer consultation.”
Eliminating the insider threat entirely would be “almost impossible,” Evanina said. Searching “everyone on their way into work is not conducive to the kind of workplace we want to work in.”
He said the “key to success is robust monitoring of systems and data” and perhaps more training in due diligence for employees of contractors and subcontractors.
Correction: The original version of this article listed Bill Evanina's title as national counterterrorism executive. He is the national counterintelligence executive. The article has been updated to correct the error.