National Counterintelligence and Security Center

Features

National Counterintelligence and Security Center

Supply Chain Risk Management

The mission of NCSC's Supply Chain and Cyber Directorate (SCD) is to enhance the nation's supply chain and cyber security, leveraging multidisciplinary counterintelligence and security expertise to inform, guide, and coordinate integrated risk decisions and responses with strategic partners.

Protecting Supply Chains for Critical Technologies

In October 2021, the National Counterintelligence and Security Center (NCSC) prioritized outreach efforts in five critical technology sector areas: Artificial Intelligence (AI), Bioeconomy, Autonomous Systems, Quantum, and Semiconductors.

These technologies present unique opportunities and challenges where the stakes are potentially greatest for U.S. economic and national security.

One of the unique challenges is managing the threats and risks to the very complex supply chains that support each one of these critical and emerging technologies.

During April Supply Chain Integrity Month, NCSC focused on supply chain security issues unique to AI, specifically machine learning (ML) an AI subset; autonomous systems, specifically autonomous vehicles; and semiconductors.

The awareness materials below highlight the unique supply chain issues associated with these critical technologies.

Champion Supply Chain

Take the General Services Administration (GSA) and Federal Acquisition Institute (FAI) training course to Fortify the Chain:

National Supply Chain Integrity Month

April 2022 — Fortify the Chain

April 2021 — A Call to Action

Supply Chain Risk Management (SCRM) - Don't Be the Weakest Link!

Supply Chain Risk Management

Executive Orders

Authorities, Policies, and Standards

Tools

Reducing Threats to Key U.S. Supply Chains

Podcasts

Thought Leaders: Supply Chain Security

5G Wireless Technology

Supply Chain Resources

Additional Resources

Insider Threat

 

NCSC co-leads the National Insider Threat Task Force (NITTF) with the FBI.  The NITTF helps the Executive Branch build programs that deter, detect, and mitigate actions by insiders who may represent a threat to national security.  The NITTF develops guidance, provides assistance, assesses progress and analyzes new and continuing insider threat challenges.  It is important to note that insider threat programs target anomalous activities, not individuals, so the NITTF’s work is coordinated with the relevant organization’s records management office, legal counsel, and civil liberties and privacy officials to build-in protections against infringing upon employees’ civil liberties, civil rights, privacy and whistleblower protections.

 

 Insider Threat Websites

 

 

 

Relevant Reports, Briefings & Reading Material:

 

Economic Espionage

 

America's adversaries throughout history have routinely taken their competitive efforts beyond the battlefield. They frequently avoid using standing armies, shirk traditional spy circles, and go after the heart of what drives American prosperity and fuels American might. Nazi spies during World War II tried to penetrate the secrets behind our aviation technology, just as Soviet spies in the Cold War targeted our nuclear and other military secrets.

 

Today, foreign intelligence services, criminals, and private sector spies are focused on American industry and the private sector. These adversaries use traditional intelligence tradecraft against vulnerable American companies, and they increasingly view the cyber environment—where nearly all important business and technology information now resides—as a fast, efficient, and safe way to penetrate the foundations of our economy. Their efforts compromise intellectual property, trade secrets, and technological developments that are critical to national security. Espionage against the private sector increases the danger to long-term U.S. prosperity.

 

Without corrective action that mobilizes the expertise of both the Federal Government and the private sector, the technologies cultivated by American minds and within American universities are at risk of becoming the plunder of competing nations at the expense of long-term U.S. security.

 

The private sector alone lacks the resources and expertise to thwart foreign efforts to steal critical American know-how. This is in large part because counterintelligence is not a typical corporate function, even for well-trained and well–staffed security professionals.

 

Counterintelligence is a challenge for corporations for two reasons. Cost is the first reason. CI measures absorb company resources that would otherwise be used for growth. The second CI challenge is tied to the nature of public corporations. American companies are driven into developing markets by shareholders, growth ambitions, and the desire to beat Wall Street's quarterly earnings expectations. The requirement to move quickly and unabashedly leaves American companies vulnerable as they flock into spy-rich developing nations. China and Russia are our most aggressive and capable adversaries using economic espionage.

 

China and Russia are not the only perpetrators of espionage against sensitive US economic information and technology. Some US allies abuse the access they have been granted to try to clandestinely collect critical information that they can use for their own economic or political advantage.

Reports, Briefings & Reading Material:

Foreign Spies Stealing US Economic Secrets in Cyberspace Protecting Key Assets: A Corporate Counterintelligence Guide20180724 foreign economic espionage cyberspace

 

Cyber Security

 

The cyber threat is simultaneously a national & homeland security threat and a counterintelligence problem.  State and non-state actors use digital technologies to achieve economic and military advantage, foment instability, increase control over content in cyberspace and achieve other strategic goals — often faster than our ability to understand the security implications and neutralize the threat.

 

NCSC works with the U.S. Government cyber community and the IC, to provide the CI and security perspective on foreign intelligence and other threat actors’ cyber capabilities and provides context and possible attribution of adversarial cyber activities.

 

Relevant Reports, Briefings & Reading Material:

Provides an indispensable series of basic steps every American can take to safeguard their home networks from cyber intrusions

 

CI tips for cyber smarts:

 

Other Links:

 

FBI Cyber Crime

 

 

“CI and security are interconnected and cannot be
executed in isolation.” –
NCSC Director Evanina

 

The solutions to countering adversarial threats often lie at the intersection of the CI and security disciplines.  CI has both a defensive mission — to protect our nation’s secrets and assets from theft, manipulation, or destruction by foreign adversaries by knowing their intentions, targets, capabilities and methods — and an offensive mission — to exploit, deceive or disrupt their hostile activities.  Assuring the security of personnel, data, networks, national & trade secrets, and physical facilities – is a critical element.  The U.S. faces higher cyber, physical, and technical threat levels than ever before; and security policies, standards, guidelines and practices must be based on sound threat analysis and risk management.

 

NCSC blends CI and security expertise to lead and support CI and security activities across the U.S. Government, the Intelligence Community and U.S. private sector entities at risk of intelligence collection, penetration or attack by foreign and other adversaries.

 

NCSC Blends CI and Security expertise to lead and support CI and security activities

 

 

  • For Counterintelligence, the Director of NCSC serves as both the National Counterintelligence Executive (NCIX) and the National Intelligence Manager for Counterintelligence (NIM-CI).
  • For Security, NCSC is responsible for Security Executive Agent (SecEA) activities, on behalf of the Director National Intelligence, across the Executive Branch and is the DNI’s designee for oversight and direction for safeguarding national security programs across the IC.

 

We also:

National Counterintelligence and Security Center