Published: 10 February 2017

Know the Risk Raise Your Shield

CBS' 60 Minutes (23 December 2018) interviewed NCSC Director Evanina on the threat of Chinese espionage aginst the United States:

• "To Catch a Spy" segment on how a former CIA officer was caught betraying his country.
• "How China can spy on your electronics -- even in the United States" on 60 Minutes Overtime

Know the Risk | Raise Your Shield

Foreign intelligence entities, which may include foreign governments, corporations, and their proxies, are actively targeting information, assets, and technologies that are vital to both U.S. national security and our global competitiveness. The National Counterintelligence and Security Center is dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard that which has been entrusted to their protection.

This campaign and related products will enable personnel to better understand these threats and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access. It will also serve to help them protect their personal, confidential information that may be used by others to gain their trust.

NCSC Awareness Materials

Published: 08 February 2017

History of NCSC

Counterintelligence in the 21st Century

The position of the National Counterintelligence Executive (NCIX) was established in 2001 and the Counterintelligence Enhancement Act of 2002 established the Office of the National Counterintelligence Executive (ONCIX). In November 2014 the Director of National Intelligence (DNI) established NCSC by combining ONCIX with the Center for Security Evaluation, the Special Security Center and the National Insider Threat Task Force, to effectively integrate and align counterintelligence and security mission areas under a single organizational construct. The Director of NCSC serves in support of the DNI’s role as Security Executive Agent (SecEA) to develop, implement, oversee and integrate personnel security initiatives throughout the U.S. Government.

The Office of the National Counterintelligence Executive (ONCIX) was established in 2002 and then integrated into the Office of the Director of National Intelligence (ODNI) in 2004. The ODNI/Special Security Center (SSC) and the ODNI/Center for Security Evaluation (CSE) were integrated into ONCIX in 2010 to strengthen the synergies between CI and Security. SSC – renamed the Special Security Directorate (SSD) – continues to focus on personnel security, serving as the Director of National Intelligence’s (DNI’s) lead for Security Executive Agent (SecEA) authorities, clearance reform, and continuous evaluation. CSE, in consultation with the IC, supports the Department of State in protecting classified national security information and provides other security-related functions affecting IC interests at U.S. diplomatic and consular facilities abroad. ONCIX, on behalf of the DNI, along with the FBI, on behalf of the U.S. Attorney General provides direction and oversight of the National Insider Threat Task Force (NITTF) which was formed in 2011.

On 1 December 2014, the DNI established the National Counterintelligence and Security Center (NCSC) to effectively integrate and align counterintelligence and security mission areas and allow the DNI to address counterintelligence and security responsibilities under a single organizational construct. The establishment of NCSC is consistent with the DNI’s authority to establish national intelligence centers to address intelligence priorities. The National Counterintelligence Executive (NCIX) also serves as the Director of NCSC.

On 1 December 2015, on the one-year anniversary of NCSC, a new seal replaced the legacy ONCIX seal to represent the role of CI– to deter, disrupt, and defeat foreign intelligence threats and the role of security– to protect and defend U.S. infrastructure, facilities, classified networks, information and personnel. NCSC’s vision is to be the nation’s premier source for CI and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats.

Published: 09 February 2017

Time-line of Milestones

Legend: CI History CI Threat Event

• May 2014

  Director of National Intelligence James R. Clapper appointed William “Bill” Evanina the sixth National Counterintelligence Executive on May 22, 2014.  Evanina, a career FBI agent, most recently served as the Chief of CIA’s Counterespionage Group, where he led efforts to identify, prevent and neutralize the espionage related activities of foreign intelligence services.

• May 2014

  The U.S. Government unseals criminal charges against Chinese government officials for conducting cyber activities against U.S. companies

• December 2014

  The DNI Establishes the National Counterintelligence and Security Center
  

  NCSC, December 2014 – Present

• January 2013

  The Foreign and Economic Espionage Penalty Enhancement Act is signed by President Obama In response to Foreign Spies Stealing U.S. Economic Secrets in Cyberspace as well as growing Congressional focus on economic espionage that increases the prison sentencing guidelines and fines for economic espionage.

• June 2013

  Leaked briefings on several classified programs appear in the media, signaling a major unauthorized disclosure

• February 2012

  Director of National Intelligence James R. Clapper appointed Frank Montoya, Jr. the fifth National Counterintelligence Executive (NCIX) on February 6, 2012.  As NCIX, Mr. Montoya realigned ONCIX to reflect its functional mission within the IC.  He did this, in part, through focusing on his role as National Intelligence Manager for Counterintelligence (NIM-CI) and establishing a Directorate to manage the broad accompanying responsibilities.  He also established a close rapport with the private sector and created the first CI Operations Coordination Directorate – the first time CI Operations were coordinated across the community.  Under Mr. Montoya’s leadership, the office oversaw the equity assessments in the wake of recent unauthorized disclosures.  Mr. Montoya led numerous counterintelligence and national security investigations during his 21-year career with the FBI and was instrumental in establishing the National Cyber Counterintelligence Division.  Prior to his appointment as NCIX, Mr. Montoya was FBI’s Special Agent in Charge in Honolulu.  He oversaw national security investigations at FBI headquarters in April 2000 when he participated in the search and ultimate discovery of the spy Robert Hanssen.

• November 2011

  On November 3, 2011, ONCIX released Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, which is the first time the United States Government publicly identifies China and Russia as active and persistent threats to U.S. interests in Cyberspace. The report receives widespread attention and elevates the issue of foreign economic espionage. CNN and the Council on Foreign Relations later describe the report's revelations among the "Top Ten Events that shook Asia in 2011."

• October 2011

  In response to the unauthorized disclosures of classified information to Wikileaks in 2010, President Barack Obama signed E.O. 13587, directing the DNI and Attorney General to create a National Insider Threat Task Force. The NCIX and FBI were subsequently directed to chair the task force and commence implementation of a government-wide program to detect, deter and mitigate insider threats.

• August 2010

  James R. Clapper, Jr., Lieutenant General, USAF (Ret), is appointed by President Barack Obama and confirmed by the Senate on August 5, 2010.  DNI Clapper’s reorganization of the ODNI reflected his heightened focus on Counterintelligence.  In concert with the NCIX, he merged the formerly distinct IC disciplines of Counterintelligence and Security into ONCIX.  In so doing, he enhanced the U.S. response to 21st Century foreign intelligence threats.  DNI Clapper also oversaw the build-up of the National Insider Threat Task Force, the development of Continuous Evaluation and the IC Information Technology Enterprise (“The Cloud”) and signed ICD 750, Counterintelligence Programs – the first IC-wide counterintelligence policy.  Prior to serving as DNI, he held a variety of senior positions in the IC.  He was the Director of DIA from November 1991 – August 1995.  He was also the head of the National Geospatial Intelligence Agency from 2001 – 2006.

• September 2010

  In September 2010, the DNI announced the merger of ONCIX with the DNI’s Special Security Center and the Center for Security Evaluation. In unifying the formerly-distinct disciplines of Counterintelligence and Security, the ODNI adopted a new, layered response to foreign intelligence threats. The merger of these entities with ONCIX has enhanced IC mission integration, strengthened the protection of national intelligence, and saved resources by consolidating common functions.

• April 2010

  Wikileaks posts the first of the classified material leaked by SPC Bradley Manning

• July 2009

  Greg Chung is convicted of stealing U.S. aerospace secrets for China

• September 2009

  Robert M. (Bear) Bryant appointed NCIX NCIX, 2009 – 2012
  On September 18, 2009, Robert “Bear” Bryant became the fourth NCIX.  His tenure covered a critical and highly public period for ONCIX.  Under Bear Bryant, ONCIX oversaw the Wikileaks Damage Assessment, sketched the blueprints for the National Insider Threat Task Force and, in 2011, issued the report Foreign Spies Stealing U.S. Economic Secrets in Cyberspace.  It represented the first time the U.S. Government publicly named China and Russia as active and persistent perpetrators of economic espionage in Cyberspace.  The report’s revelations were ranked by CNN and the Council on Foreign Relations among the “Top Ten Events that shook Asia in 2011.“  A former Deputy Director of the FBI, Mr. Bryant's career in counterintelligence spanned more than 40 years and included the successful investigations and prosecutions of the spies Aldrich Ames, Earl Pitts and Harold Nicholson.

• January 2009

  President Obama took the oath of office on January 20, 2009, as the U.S. embarked upon one of the more transformational periods for the Intelligence Community.  Wikileaks, economic espionage and cyber attacks on the United States – associated with both foreign intelligence services and state-sponsored economic competitors – came into public focus to a degree rarely known to Counterintelligence issues.  The Obama Administration oversaw a comprehensive effort to enhance the protection of National Intelligence – particularly with respect to protecting sources and methods – and established the National Insider Threat Task Force, raised awareness on foreign intelligence threats in cyberspace, and accelerated the prosecutions related to leaks of US intelligence.

• January 2009

  Dennis C. Blair DNI, 2009 – 2010
  

  Dennis C. Blair became the third Director of National Intelligence on January 29, 2009. A former Navy Four Star Admiral and Commander of the Pacific Fleet, DNI Blair served during the first year of the Obama Administration.  During his tenure, DNI Blair focused on IC-wide priorities such as personnel, intra-IC communications, clearances and classification reform, and further integrating the IC to achieve common objectives.

• May 2007

  Chi Mak is convicted after 20 years of stealing U.S. defense secrets for China

• February 2007

  John M. (Mike) McConnell  DNI, 2007 – 2009
  

  Sworn in as the second Director of National Intelligence in 2007, Mike McConnell arrived with a long history of public service, including as an Admiral in the U.S. Navy and serving as Director of the National Security Agency (NSA) under two Presidents.  During his active tenure, DNI McConnell participated in orchestrating the passage of revised FISA legislation and the revision of Executive Order 12333.  He also participated in the establishment of the Comprehensive National Cybersecurity Initiative (CNCI) to protect U.S. communications infrastructure, a major step toward addressing current threats and future challenges.

• August 2006

  Dr. Joel Brenner appointed NCIX 2006 – 2009
  

  Dr. Joel F. Brenner was the NCIX from August 7, 2006 through July 4, 2008.  He is credited with an early advocacy for improving the U.S. Counterintelligence posture in Cyberspace, and organizing ONCIX to meet this objective.  Dr. Brenner also focused extensively on the private sector, expanding direct outreach to U.S. industry, to fulfill ONCIX’s statutory requirement to provide "threat warning and awareness" information to the U.S. private sector.  A graduate of the University of Wisconsin, the London School of Economics (PhD), and Harvard Law School (JD), Dr. Brenner was a Marshall Scholar.  From 2002 – 2006 he served as the Inspector General of the National Security Agency.

• April 2005

  John Negroponte  DNI, 2005 – 2007
  

  Ambassador John Dimitri Negroponte is sworn in as the first Director of National Intelligence (DNI) on April 21, 2005.  DNI Negroponte invested his early efforts in standing-up the Office of the Director of National Intelligence (ODNI), building out its personnel infrastructure and organization, and guiding the mission along a path of new and previously-untested authorities. He is often credited for his statesmanship for handling the introduction of the DNI to the IC.

• December 2004

  The Intelligence Reform & Terrorism Prevention Act (IRTPA)  is signed by President George W. Bush.  IRTPA represented the largest reorganization of the U.S. Intelligence Community since the Truman Administration.  This Act created the position of Director of National Intelligence and reorganized the National Counterintelligence Executive into the ODNI.

• July 2003

  Michelle Van Cleave appointed NCIX, 2003 – 2006
  

  The 2002 CI Enhancement Act placed the NCIX within the Executive Office of the President (EOP).  In July 2003, Michelle Van Cleave became the first and only presidentially-appointed National Counterintelligence Executive.  Ms. Van Cleave is largely credited with refining the initial organizational structure of ONCIX, focusing on providing strategic direction to the U.S. Intelligence Community, and raising the volume on the Twenty First Century threats facing the United States. Ms. Van Cleave served until January 2006, when the Office of the National Counterintelligence Executive had fully migrated from the EOP to the ODNI, in the wake of the Intelligence Reform and Terrorism Prevention Act of 2004.

• November 2002

  The Counterintelligence Enhancement Act of 2002 established the position of National Counterintelligence Executive in law. It also gave the office the unique authority to conduct outreach to the private sector and provide warning and awareness of intelligence threats to the public.

• February 2001

  FBI Special Agent Robert Hanssen is arrested for espionage

• March 2001

  David Szady becomes the first NCIX, 2001 – 2002
  

  On March 15, 2001, the National Counterintelligence Board of Directors appointed the first National Counterintelligence Executive, David Szady, an FBI Executive with experience in counterintelligence.  Mr. Szady arrived in May 2001 to begin building the new NCIX.  His job included advancing new missions, building office support, and fostering cooperation across the CI community.  The primary challenge, of course, involved securing fiscal and personnel resources.  The resources of the former National Counterintelligence Center had been conveyed to the NCIX, but were insufficient for the broad new mission as outlined in PDD-75.  On September 11, 2001, terrorists attacked the United States. In the aftermath, national security resources were directed toward counterterrorism.  The NCIX was hard pressed to obtain staff or contractors to fill positions needed to meet PDD-75 responsibilities.  In February 2002, Mr. Szady was appointed by Robert Mueller to serve as the Federal Bureau of Investigation’s Assistant Director for Counterintelligence.

• January 2001

  George W. Bush sworn in as President of the United States.  After taking the oath of office in January 2001, the Bush Administration reviewed and affirmed its commitment to PDD-75. The White House then began working with the Senate Select Committee on Intelligence to increase the focus and resources directed to Counterintelligence."

• December 2000

  Bill Clinton's Last Presidential Directive; The First National Security Policy for the Twenty-First Century: 
  

  On December 28, 2000, President Clinton signed Presidential Decision Directive-75, U.S. Counterintelligence Effectiveness – Counterintelligence for the 21st Century.  PDD-75 established the National Counterintelligence Executive, as well as the National CI Policy Board, the National Threat Identification and Prioritization Assessment, and the National CI Strategy.  In so doing, the President explained that the U.S. now faces a more complex set of threats from a variety of countries, non-state actors and traditional adversaries.  He noted that the CI system that worked in the Cold War would not be successful in the current threat environment.  He indicated his intention to have a U.S. CI system that is predictive and provides integration and oversight of CI issues across the national security agencies.  PDD-75 was the last Presidential Directive of the Clinton Administration.

Published: 08 February 2017

CI and Security Advocacy

The National Counterintelligence and Security Center (NCSC) oversees the allocation of CI and security resources within the National Intelligence Program (NIP). It advocates for implementing CI and security programs that may not be directly funded by the NIP.

The NCSC utilizes the Intelligence Planning Programming, Budgeting, and Evaluation (IPPBE) system to shape and sustain intelligence capabilities. Through this system, the NIP is developed. The NIP encompasses resources and initiatives critical for intelligence operations.

The NCSC conducts mission reviews, assessing progress based on the implementation of the National Counterintelligence (CI) Strategy. Additionally, it evaluates the state of the mission, guided by the Unifying Intelligence Strategy for Counterintelligence. By identifying key intelligence gaps, the NCSC seeks to leverage existing CI capabilities before proposing new ones.

In summary, the NCSC’s strategic planning, resource allocation, and gap analysis contribute to effective counterintelligence efforts, ensuring the protection of U.S. interests and national security.