Threat Awareness for Industry & Academia
- 20200205-National_CI_Strategy_2020_2022.pdf (dni.gov)
- National Counterterrorism Center (NCTC) Terrorist Identities Datamart Environment (TIDE) Fact Sheet (dni.gov)
- NCTC/JCAT Products/Resources (dni.gov)
eLearning Courses
- Counterintelligence Awareness and Security Brief, CI112.16
Although this 30-minute eLearning course was developed for Department of Defense ( the basics a security professional needs to understand about threat awareness. This short co facility security personnel.
Job Aids
- Foreign Collection Methods: Indicators and Countermeasures
- Foreign Intelligence Entity (FIE) Targeting and Recruitment
- Counterintelligence Awareness for Defense Critical Infrastructure
InfrastructureThis job aid is more Department of Defense (DOD) oriented for critical infrastructure but has some applicable information for those outside the DOD as well. This job aid is best suited for facility security personnel. - Potential-risk-indicators-kinetic-violence-jobaid.pdf (cdse.edu)
- Insider-threat-indicators-job-aid.pdf (cdse.edu)
Reports
- Foreign Economic Espionage in Cyberspace 2018
This National Counterintelligence and Security Center (NCSC) report focuses on foreign economic and industrial espionage against the United States; foreign intelligence services and threat actors working on their behalf; and disruptive threat trends that warrant attention. This report is more applicable for network administrators, information technology and security personnel, and senior leaders. - Targeting U.S. Technologies: A report of Foreign Targeting of Cleared Industry 2019
The Defense Counterintelligence and Security Agency (DCSA) produces an annual report of trends from the suspicious contact reporting coming in from cleared industry. Although this is geared for cleared industry, there is a discussion of the basic methods of operation and contact used. This report is best suited for security personnel. - DCSA: Foreign Intelligence Recruitment of Cleared Academia
Foreign Intelligence entities (FIE), specifically China and Russia, use academic talent recruitment plans and academic excellence initiatives to collect U.S. scientific research and technologies in a strategic effort to enhance their militaries and economies. China and Russia often utilize foreign students accepted to U.S. universities or at postgraduate research programs to collect sensitive U.S. Government information and/or technology. Additionally, Iran uses government-sponsored initiatives to persuade students studying abroad to return and share their knowledge. FIE target U.S. subject matter experts (SMEs), professors, and researchers in order to obtain sensitive U.S. Government information and technology.
Watch & Learn
- Suspicious Emails
This 10-minute interactive video details the threat of suspicious emails and gives countermeasures and indicators. The video is more focused on solicitation and the attempted illicit acquisition of facility assets or information. - Counterintelligence Video Lesson: Request for Information and Suspicious Emails
This is a three minute news video on YouTube detailing an actual arrest of a foreign national for smuggling, moneylaundering, and conspiracy to commit espionage. Although the example concerns export controlled items, this is applicable to any facility in any sector as the methods used to illicitly acquire the goods are universal. - Economic Espionage
This 36 minute YouTube video and accompanying information from the Federal Bureau of Investigation is the dramatization of a true story concerning the attempted recruitment of an employee to commit economic espionage.
Webinars
- Counterintelligence and Insider Threat in the Time of COVID-19
This hour long webinar focuses on the CI and Insider Threat and highlights some of the evolving threat vectors because of the COVID-19 Pandemic. This webinar is applicable for all employees. - 2019 Targeting U.S Technologies Report
This hour long webinar focuses on foreign efforts to compromise and/or exploit cleared personnel in order to obtain unauthorized access to sensitive and classified information. This unclassified format provides analysis of the technology targeted, the methods of operation used, and the geographical regions targeting cleared industry and is based off of the Defense Counterintelligence and Security Agency (DCSA) annual trends report. Although this webinar is geared for cleared industry, there is a discussion of the basic methods of operation and contact used. This report is best suited for security personnel. - Counterintelligence Support to Personnel Security
This hour long webinar discusses the Personnel Security (PERSEC) mission by identifying foreign intelligence entity(FIE) threats to personnel and enacting efforts to detect, deter, and neutralize the threat. This webinar is applicable for all facility personnel.
Supply Chain Risk Management for Industry & Academia
Job Aids
- Deliver Uncompromised: Supply Chain Risk Management
This job aid delivers the basics on Supply Chain Risk Management (SCRM), which is essential to protect supply chains and deliver uncompromised. It defines the supply chain, highlights external supply chain threats, and helps you make a self-assessment of your own supply chain security. - Exploitation of Global Supply Chain
This job aid from the Defense Counterintelligence and Security Agency (DCSA) and National Counterintelligence and Security Center (NCSC) focuses on the perils of supply chain exploitation. This job aid is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles. - Software Supply Chain Attacks
This is a more advanced job aid from the Office of the Director of National Intelligence (ODNI) that details the compromise of software code that may come from legitimate sources. This job aid is best suited for security personnel, network administrators/information technology personnel, and technically minded employees.
Toolkits
- Supply Chain Risk Management
This toolkit from the National Counterintelligence and Security Center (NCSC) on Supply Chain Risk Management(SCRM) hosts multiple resources for developing a more advanced supply chain center security plan. This toolkit is best suited for facility security personnel, senior leaders, and employees in acquisitions-type roles. - CDSE Supply Chain Risk Management
This toolkit from the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) contains resources, including policy documents pertaining to supply chain risk management.
Watch & Learn
- Know The Risk – Raise Your Shield: Supply Chain Risk Management Video Lesson
This is a five minute video on YouTube developed by the Office of the Director of National Intelligence (ODNI). This short video gives the basics of Supply Chain Risk Management (SCRM) and is best suited for security personnel and senior leaders.
Webinars
- Counterintelligence, the Supply Chain, and You
This hour long webinar provides the basics on Supply Chain Risk Management (SCRM). A Defense Counterintelligence and Security Agency (DCSA) CI Special Agent (CISA) also talks about some tactics, techniques, and procedures for SCRM as seen in the field. This is a good introductory for anyone involved in the facility’s supply chain. - Supply Chain Resiliency
This hour long webinar conducted by the Defense Counterintelligence and Security Agency (DCSA) Center for Development of Security Excellence (CDSE) and National Counterintelligence and Security Center (NCSC) gives amore holistic look at Supply Chain Risk Management within the Federal Government. This webinar may be especially helpful for those in a facility’s acquisitions department.
Counterintelligence Program for Industry & Academia
The National Counterintelligence and Security Center (NCSC) provides resources and best practices for organizations looking to implement counterintelligence (CI) programs. These resources cover various aspects related to CI awareness, risk mitigation, and countering foreign intelligence threats. Please review the following information:
- Enterprise Risk Mitigation Blueprint for Non-Intelligence Agencies: Although geared towards federal agencies, this 2023 brochure from the NCSC provides best practices for any organization looking to implement an enterprise risk mitigation program.
- Countering Foreign Intelligence Threats – Implementation and Best Practices Guide: This job aid gives best practices for implementing a CI Program. It is well-suited for facility security personnel and senior leaders.
- Counterintelligence (CI) Awareness Integration Plan: This job aid provides basic guidelines on setting up a CI program. It addresses universal principles applicable anywhere, not just within the Department of Defense (DOD).
- Understanding Espionage and National Security Crimes: This resource discusses the difference between economic espionage, trade secret theft, and violations related to Export Administration Regulation (EAR) or International Traffic in Arms Regulation (ITAR).
- Computer Security Resource Center Toolkit: The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) toolkit for computer security resources has a wealth of information for incorporating both CI and cyber into a security program. It is more applicable for network administrators and information technology and security personnel.
- Watch & Learn CDSE Counterintelligence Awareness Video Lesson: A four-minute YouTube video that serves as a basic primer on Counterintelligence and Security. It is suited for all facility personnel.
These resources provide valuable insights and best practices for implementing effective counterintelligence measures in both industry and academia.
Establish an Insider Risk Program
eLearning Courses
- Insider Threat Awareness Course INT101.16
- Establishing an Insider Threat Program for Your Organization INT122.16
- Developing a Multidisciplinary Insider Threat Capability INT201.16
- Insider Threat Mitigation Responses INT210.16
- Preserving Investigative and Operational Viability in Insider Threat INT220.16
- Insider Threat Records Checks INT230.16
- Insider Threat Basic HUB Operations INT240.16
- Critical Thinking for Insider Threat Analysts INT250.16
- Insider Threat Privacy and Civil Liberties INT260.16
- Maximizing Organizational Trust INT270.16
- Cyber Insider Threat INT280.16
- Behavioral Science in Insider Threat INT290.16Back
Job Aids
- PERSEREC Insider Risk Evaluation and Audit Tool
- DHS CISA Insider Threat Mitigation Resources | CISA
- DHS CISA Insider Risk Self-Assessment Tool | CISA
- DCSA/Center for Development of Security Excellence:
- Behavioral Science and Insider Threat
- Critical Thinking Techniques for Insider Threat Analyst
- Critical Thinking Tools for Insider Threat Analyst
- Cultural Competence and Insider Risk
- Human Resources and Insider Threat Programs
- Insider Risk Implementation Guide for Food and Agriculture
- Insider Risk Programs for the Healthcare and Public Health Sectors
- Insider Threat Program Kinetic Violence Self-Assessment: Lessons Learned from School Safety
- Insider Threat Vigilance Campaign Guidance
- Potential Risk in Informal Banking and Finance
- Potential Risk Indicators: Insider Threat
- Potential Risk Indicators: Kinetic Violence
- Privacy Act Consent Rule Exceptions
- Privacy and Civil Liberties Case Law Examples
- Sample Insider Threat Program Plan
- Tales from the Inside: Volume 1
- Tales from the Inside: Volume 2
- Tales from the Inside: Volume 3
- Tales from the Inside: Volume 4
- The Critical Pathway - Facilitated Discussion Guide
- The Principle of Confidentiality
- Turning People Around, Not Turning Them In - Facilitated Discussion Guide
- Understanding Espionage and National Security Crimes
- Why Threats of Violence Are Not Protected
- Workplace Environment and Organizational Justice
Policy
- Presidential Policy Directive: Critical Infrastructure Security and Resiliency
The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.
Resources
- Full Catalog of Training Materials for Insider Threat Practitioners
Insider Threat Programs are designed to deter, detect, and mitigate actions by insiders who represent a threat to national security. CDSE has provided an extensive catalog of insider threat resources for your use. - Insider Threat Mitigation
This CISA site is designed to assist individuals, organizations, and communities in improving or establishing an insider threat mitigation program. - National Infrastructure Protection Plan
This job aid discusses the risk management framework and how it is implemented within the context of the unique characteristics and risk landscape of the sector. This website provides the sector specific plan and links to sector resources. - National Insider Threat Task Force
This site provides insider risk resources to assist you in developing your Insider Risk Program.
Promote Awareness in Your Organization
Case Studies
- Case Study Library
Explore a growing repository of U.S. case studies. Learn about the crimes, the sentences, the impact, and the potential risk indicators that, if identified, could have mitigated harm.
eLearning Courses
- Insider Threat Awareness, INT101.16
This course provides a thorough understanding of how Insider Threat Awareness is an essential component of a comprehensive security program.
Job Aids
- Potential Insider Risk Indicators: Insider Threat
Most insider threats exhibit risky behavior prior to committing negative workplace events. If identified early, many risks can be mitigated before harm to the organization occurs. This job aid provides information about the potential risk indicators for which you should be looking. - Potential Risk Indicators: Kinetic Violence
In the weeks and months before an active shooter attack, many active shooters engage in behaviors that may signal impending violence. While some of these behaviors are intentionally concealed, others are observable and — if recognized and reported — may lead to a disruption prior to an attack.
Watch & Learn
- Insider Threat Training Videos
This repository contains 18 training videos about insider threat, including the 4-part award-winning series “Turning People Around, Not Turning Them In.”
Additional Resources
- National Insider Threat Awareness Month
Participating in Insider Threat Awareness Month can help your program detect, deter, and mitigate insider risk by increasing awareness and promoting reporting. This website will help you identify a variety of activities and engagements available to your organization. - More Awareness Materials
Instilling a sense of vigilance in the general workforce is a basic tenet of establishing an insider risk program. Developing avigilance campaign for your organization is an effective solution. Deploying regular messaging, awareness, and communications materials ensures that the general workforce is prepared to recognize and respond to the insider risk.
Operations Security for Industry & Academia
National OPSEC Program Office - Operations Security (dni.gov)