CYBER THREATS: A COUNTERINTELLIGENCE ISSUE AND FORCE FOR REFORM

Robert Sharpe

INTL498: Senior Seminar in Intelligence Studies

American Military University

29 March, 2015

1

CYBER THREATS: A COUNTERINTELLIGENCE ISSUE AND FORCE FOR REFORM

Espionage has evolved; it has gone digital. While the methods used historically to

facilitate espionage are still successful and pose a serious threat, espionage from cyber sources

poses a greater threat to a wider range of targets. Classified information is not taken a few

documents at a time, it is stolen in terabytes and years of data or research can be stolen in

seconds. Classified or sensitive information being stored digitally means vaults and physical

security measures do not present the barriers to access that they once did. Modern acts of

espionage, due to the nature of the medium that facilitates them, are often considered Cyber

threats and are therefore treated as cyber security measures. These threats should be

considered acts of espionage and a counterintelligence responsibility. All detection,

investigation, security measures and response to cyber threats should be led by

counterintelligence. Without centralized leadership and coordinated, cohesive efforts measures

will be localized, reactive, incident based and ineffective in protecting the increasing amount of

what is considered sensitive information.

The 2010 National Security Strategy states, “Cybersecurity threats represent one of the

most serious national security, public safety, and economic challenges we face as a nation.”1 To

understand how to meet this challenge requires an understanding of the threat as well as an

understanding of the tools available in order to apply them effectively and efficiently. Cyber

threats require a malicious actor gaining access to or control of a network or computer and

exploiting the data stored in it. Cyber security, the measures used to defend against cyber

threats, has become an umbrella term used to describe a wide range of actions intended to

1 U.S. President Barack Obama, National Security Strategy. National Security Archive, 2010 p. 27

2

defend against malicious acts delivered over computer networks. Defense against such acts

should be considered a counterintelligence issue, as the task of counterintelligence is to ensure

the security of information and prevent foreign intelligence collection. To view cyber threats as

a criminal, security or policy issue fails to recognize the nature of the sponsor, the target, the

intent and the potential damage; it is of little benefit to national security.

Figure 1: Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. P. 18

The United States relies on its cyber infrastructure for everything from communications, to the management of critical infrastructure, to the command and control of our military. This dependence on technology, along with the rapid rate of technological innovation, creates numerous vulnerabilities that our adversaries seek to exploit.2

Definitions

2 National Counterintelligence and Security Center, Cyber Security, 2014. http://www.ncix.gov/issues/cyber/index.php

3

In order to understand the hypothesis that cyber threats should be considered a

counterintelligence responsibility the definitions of related phenomenon need to be addressed.

This work is based on a few major definitions that guide the preceding argument. Many

definitions of espionage apply more to the historical incidents of spying than to the challenges

faced in today’s threat environment. Former CIA Case Officer Brain P. Fairchild’s statement

illustrates this point, “In espionage, two factors are constant. Intelligence officers recruit foreign

nationals who can provide classified information on their governments’ plans and intentions,

and the counterintelligence services of those countries try to thwart these operations.”3 This

explanation of espionage does not account for cyber espionage and therefore does not address

the challenge as faced today. The definition of espionage must recognize the intent and not

limit what is defined as espionage by focusing on the methods employed.

Figure 2: FireEye. 2014. M-Trends p. 3

There is not a need for the recruitment of foreign nationals is cyber espionage; as stated

there are not safes, vaults, restricted areas or other devices of physical security in cyber space;

foreign intelligence services have direct access to their target without the need for the man in

3 Brian P. Fairchild, Human Intelligence, Operational Security and the CIA’s Directorate of Operations. Statement before the Joint Economic Committee, U.S. Congress 20 May 1988

4

the middle. Espionage, as relating to this work, will be based upon Kermit Roosevelt’s

statement from the War Report of The OSS, “The object of secret intelligence activity

[espionage] is to obtain by secret means information which cannot otherwise be secured and

which is not elsewhere available.”4 Simply stated espionage is theft of sensitive information. It

is not limited to military or government secrets, but targets research in the academic and

corporate world and an increasing range of what could be considered information beneficial to

adversaries. Security measures used to prevent or make information more difficult to obtain

come from an understanding how information is stolen and who and what information is

targeted: counterintelligence. Senate report 94-755 defines counterintelligence as, “Activities

conducted to destroy the effectiveness of foreign intelligence operations and to protect

information against espionage, individuals against subversion, and installations against

sabotage.”5 This theme and its appropriateness to cyber threats is advanced in the definition

provided by the Church Committee.

Counterintelligence (CI) is a special form of intelligence activity, separate and distinct from other disciplines. Its purpose is to discover hostile foreign intelligence operations and destroy their effectiveness. This objective involves the protection of the United State Government against infiltration by foreign agents, as well as the control and manipulation of adversary intelligence operations. An effort is made to both discern and deceive [sic] the plans and intentions of enemy intelligence services.6

While the Church committee’s definition of counterintelligence, being drafted before

the threat of cyber espionage, lacks somewhat the definition does task counterintelligence to

discover, destroy, control and manipulate the infiltration of foreign agents and intelligence

4 Kermit Roosevelt, War Report of the OSS (1976)5 Senate Report 94-755, Church Committee Report, Book 1, Glossary, 26 April 1976 p. 6206 Ibid p.163

5

services. These intelligence services fully utilize cyber capabilities to perform what was

previously a Human intelligence (HUMINT) activity.

Cyber, as defined by the Cyber security Act of 2009 is, “Any process, program, or

protocol relating to the use of the Internet or an intranet, automatic data processing or

transmission, or telecommunication via the Internet or an intranet; and 2) any matter relating

to, or involving the use of, computers or computer networks.”7

The use of cyber is widespread, the volume of traffic is high, the equipment is easily

accessible and it is a publically available resource. It can be found in individual households, the

workplace, academic institutions, the military and the government. While cyber does occur

over a dedicated medium and a limited range of devices, it is not an INT of itself. It is a

challenge, one that has been divided among existing IC members.

Figure 3: Rosenbach, Eric and Peritz, Aki J. Confrontation or Collaboration? Congress and the Intelligence Community 76

When viewed in the context of Roosevelt’s definition of espionage the following

definition of a cyber-attack shows that the intent of these attacks should be labeled as

espionage, as they are targeting sensitive information. The Committee on National Security

7 Senate Bill S.733, Cybersecurity Act of 2009

6

Systems defines a cyber-attack as “an attack, via cyberspace, targeting an enterprise’s use of

cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a

computing environment/infrastructure; or destroying the integrity of the data or stealing

controlled information.”8 The definition of the function of counterintelligence as provided in

Senate Report 94-755 specifies counterintelligence duties are protecting information from

espionage and installations from sabotage. It is an easy conclusion to expand this to protecting

information systems from espionage and sabotage. Computer security as defined in JP 14-02 is,

“the protection resulting from all measures to deny unauthorized access and exploitation of

friendly computer systems.”9 If access and exploitation are the recurring themes in the threats

delivered through computers or through cyber means counterintelligence should be the

responsible entity for cyber security, as counterintelligence is responsible for preventing

sabotage and securing information from exploitation.

It is not that counterintelligence does not have a presence in cyberspace, it is the

position of the presence that is of issue. Counterintelligence activities are applied to

counterintelligence investigations using cyber applications. Like with other INTs or

organizations the task, tactics, techniques and procedures of counterintelligence have been

adapted to the medium.

The use of cyber means as the primary tradecraft methodology to engage in targeting and collecting cyber based FIE [Foreign Intelligence Entity] activities. CI Collection in cyberspace may include the use of authorized non-attributable Internet connections, development and use of national cyber personas, use of authorized obfuscation techniques, as well as appropriate digital tradecraft and cover.10

8 Committee on National Security Systems, National Information Assurance Glossary, CNSS Instruction No. 4009, 26 April 2010, P. 229 Joint Publication 1-02, Department of Defense Dictionary of Military And Associated Terms, 12 April 2001 p.111

7

It is impossible to conduct effective intelligence functions without cyber due to the

reliance on computers. The issue is that cyber, being only a function of counterintelligence and

only applying to investigations, fails to move an IC function into a position of responsibility for

overall security. The DoD description of, “cyber means as the primary tradecraft

methodology”11 for counterintelligence reveals that counterintelligence is already primarily a

cyber-activity with a developed understanding of the cyber threats posed by hostile foreign

actors. The methods described as tradecraft are similar to the methods used by hostile actors

to conduct espionage, this knowledge should be applied directly to cyber security. The Army

counterintelligence manual states, “The first priority for all CI investigative situations is to

assess for possible exploitation.” (Army FM 2-22.2) Investigating for exploitation should be a

persistent function of cyber and it is already a function of counterintelligence,

counterintelligence should have authority at the federal level to oversee all aspects of cyber

security.

The use of cyber by Foreign entities to achieve the stated advantages is espionage; separating

cyber intelligence or security or the function by any other name is separating it from

counterintelligence (as the 2014 National Intelligence Strategy has) and creates a structural

issue that impedes what should be a singular process. As the threats overlap and combine due

to the medium they occur over so has the response. This results in duplication of efforts,

separation of public and private efforts and a lack of centralization. There is no need to argue

10 Office of the Counterintelligence Defense and HUMINT Center, Defense Intelligence Agency, Terms & Defintions of Interest for DoD Counterintelligence Professionals, 2 May 2011. http://www.ncix.gov/publications/ci_references/docs/CI_Glossary.pdf11 Ibid

8

the merits of interagency communication and cooperation if one agency has authority over the

issue in its entirety.

The 2014 National Intelligence Strategy’s four mission objectives include cyber

intelligence “provide intelligence on cyber threats” as distinct from the counterintelligence

mission “thwart efforts of foreign intelligence entities.”12 This is questionable.

Malicious Acts, Malicious Actors

Figure 4: Norse, Live Attacks, March 28, 2015. map.ipviking.com

State and non-state actors use digital technologies to achieve economic and military advantage, foment instability, increase control over content in cyberspace, and achieve other strategic goals—often faster than our ability to understand the security implications and mitigate potential risks.13

Cyber threats encompass a large range of entities. The traditional state enemies have

adapted cyber activities to accomplish intelligence collection, but cyber has also opened up

espionage to a wider range of actors. Like China, many states, organizations and individuals

12 Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. P. 613 Ibid p. 8

9

who did not have the resources to target American interests have found cyber as a safe way to

take action against the United States.

The risk of exposure is low because cyber operations can be carried out remotely and with a high degree of anonymity. In addition, cyber operations are comparatively inexpensive, and can be conducted rapidly. For all of these reasons, state and non-state actors are increasingly turning to the cyber domain to augment and bolster their respective intelligence activities against the United States in an effort to gain advantage.14

Investigation has shown that many incidents of cyber-attack, cyber espionage and cyber-

crime are performed by state supported cyber units; this in itself is an argument for

counterintelligence as national head of cyber related matters. These are actions by foreign

entities targeting American enterprises on American soil, but without a physical presence. The

nature of the threat contrasted with preventive measures shows a gap, exploited by hostile

actors, in American response. Without centralized oversight this systemic problem becomes a

series a small battles. Individual entities defending dispersed networks cannot make the

connections that lead to the identification of responsible parties and the distinct methods they

employ. Their authority and responsibility ends at their respective networks. Mandiant states,

“Across numerous industries, we’ve increasingly observed the Chinese government conduct

expansive intrusion campaigns to obtain information to support state-owned enterprises.”15

What Mandiant is describing would be automatically accepted as espionage and a

counterintelligence responsibility if not for the cyber aspect.

China’s cyber unit 61398 provides an example of the threat posed by foreign intelligence

collection. They are considered as the number one threat in the advanced persistent threat 14 National Counterintelligence and Security Center, Cybersecurity, http://www.ncix.gov/issues/cyber/index.php15 Mandiant, M-Trends, Beyond the Breach, 2014. P. 15 https://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf

10

(APT) classification; a classification of groups known to have successful breached hundreds of

computers networks across the globe. 16 This unit is illustrative of the evolution of traditional

espionage and the opportunities proved to foreign intelligence services by cyber means. In May

2014 the Department of Justice indicted five Chinese military hackers, members of unit 61398,

for charges of espionage directed at U.S. corporations. Federal charges of espionage directed

against a foreign military unit for actions against U.S. corporations shows an evolution of

foreign intelligence targeting and its success is evident of needed change. The indictment did

not include defense contractors, but was focused on commercial technologies.

In some cases, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. For example…an Oregon producer of solar panel technology was rapidly losing its market share to Chinese competitors that were systematically pricing exports well below production costs; at or about the same time, members of the conspiracy stole cost and pricing information from the Oregon producer.17

Mandiants investigation of 61398 comes in part from its investigation of the hacking of

defense contractor Qinetiq. During the investigation they discovered that this unit was

responsible for a range of cyber espionage incidents. Part of the difficulty in identifying the unit,

their attack signatures and what actions could be attributed to them was that independent

cyber security companies who encountered their cyber actions did not have a proper outlet to

share the information. Instead Unit 61398’s actions had been given nicknames by the entity

that discovered them; 61398 actions were also attributed to groups called comment crew,

comment group, byzantine candor, and ugly gorilla among other nick names. A centralized

16 “We refer to this group as “APT1” and it is one of more than 20 APT groups with origins inChina. APT1 is a single organization of operators that has conducted a cyber-espionage campaign against a broad range of victims since at least 2006.” Mandiant, APT1, 2014 p.217 United States District Court Western District of Pennsylvania, United States of America v. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zheng, Gu Chunhui. Criminal Number 14-188 May 1, 2014. http://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf

11

counterintelligence organization that operated as clearing house between public and private

security sectors could prevent such instances of espionage from having the reach and affect

unit 61398 has proven is possible through cyber means. While counterintelligence cannot

replace policy in holding these individuals and their sponsors responsible it can provide a profile

of attack methods, points of origin, and information that can enhance security across US cyber

networks.

As espionage has evolved with the capabilities provide through cyber means it has made

more targets available, “This translates into data theft that goes far beyond the core intellectual

property of a company, to include information about how these businesses work and how

executives and key figures make decisions.” 18 Malicious actors, such as unit 61398, have

blurred the lines, they have changed the targets and tactics as well as the definition of

espionage; the function of counterintelligence needs to reform to meet this threat. This is not a

trend, but the new status quo. The 2014 National Intelligence Strategy states, “Technological

advances also create the potential for increased systemic fragility as foreign governments and

non-state actors attempt to leverage new and evolving technologies to press their interests.”19

18 Mandiant, M-Trends, Beyond the Breach, 2014. P.1519 James R. Clapper. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. http://www.dni.gov/files/documents/2014_NIS_Publication.pdf

12

Figure 5: Mandiant, APT1 p. 23

The Future

The future is uncertain, but according to the 2014 National Intelligence Strategy the

danger posed by cyber threats will only increase.

A wider spectrum of instruments of war—especially precision-strike capabilities, cyber instruments, and bioterror weaponry—will become accessible. Individuals and small

13

groups will have the capability to perpetrate large-scale violence and disruption—a capability formerly the monopoly of states.20

The preceding statement begs the question of how could this occur. It could be argued

that cyber espionage has allowed the acquisition without the investment of advanced warfare

technologies by states that would not be permitted access to such end products. The theft of

technologies from a wide range of industries allows for their reproduction and offering in the

global marketplace. As stated cyber espionage is cheap, much cheaper than research and

development. Accepting that cyber espionage is often state sponsored and intended to support

commercial industries as well as match military power, the sustained position of the United

States as a global leader could be directly challenged.

Global Trends 2030 states, “…by 2030, Asia will have surpassed North America and

Europe combined in terms of global power, based upon GDP, population size, military spending,

and technological investment.”21 If the actions listed in the indictment of unit 61398 serve as an

indicator, espionage will have played a significant role in this rise to power. To separate cyber

threats into subcategories and disperse responsibilities does not suit the nature of the threat.

Cyber events, of any sort are a counterintelligence issue. They require the penetration of secure

networks and the theft and exploitation of sensitive data. Even actual acts of cyber warfare

have their origins and ends in espionage if they are considered sabotage and not physical

attack.

20 National Intelligence Council, Global Trends 2030, Alternative Worlds. P. 5 http://www.dni.gov/files/documents/GlobalTrends_2030.pdf21 Ibid p. 15

14

Figure 6: Mandiant, APT1. p.22

The United States is the largest target for hostile cyber actions. Yet its response is

scattered and uncoordinated. If the increase in both number of events of cyber espionage and

damage caused is an indicator of future potential the United States must prepare an effective

offense and defense. The National Intelligence Council states, “So far the cyberweapons

wielded by criminals and malicious individuals are unsophisticated in comparison to state actors

but this is likely to improve as criminal organizations become more adept and potentially sell

their services to those state and nonstate actors with even more dangerous intentions.22

Counterintelligence in the United States

Although counterintelligence requires investigation, collection and analysis of

information it is not an INT; it is a function. As a function it has existed as a department within

an organization and focused on protecting that entity exclusively. The threat landscape has

changed. Enemies are able to target multiple entities simultaneously. Defense from these 22 Ibid p. 67

15

malicious actors should not be at the level of protecting a single entity, but should be a

cohesive effort with the goal of preventing actions from occurring.

Figure 7: Mandiant, M-Trends p. 3

Counterintelligence, like the intelligence community as a whole, has undergone

significant changes. The Counterintelligence and Security Act of 1994 worked to “amend the

National Security Act of 1947 to improve the counterintelligence and security posture of the

United States intelligence community and to enhance the authority of the Federal Bureau of

Investigation in counterintelligence matters…”23 This measure is illustrative in that, although

enacted before the spread of the cyber espionage threat, it was focused largely on insider

threat from intelligence community employees and was intended to give the FBI more

resources in investigation of such. Protecting classified information from foreign espionage is

not best served today by focusing, as this order does, on insider threats and a federal law

enforcement agency’s ability to investigate them. In 2001 counterintelligence was again the 23 S.1948. the Counterintelligence and Security Act of 1994. July 1, 1994 103rd Congress. https://www.congress.gov/bill/103rd-congress/senate-bill/1948/text

16

focus with the establishment of the Office of the National Counterintelligence Board of

Directors under the Presidential Decision Directive U.S. Counterintelligence Effectiveness,

Counterintelligence for the 21rst Century (PDD CI-21) issued by President Clinton. The directive

“outlines specific steps that will enable the U.S. counterintelligence (CI) community to better

fulfill its mission of identifying, understanding, prioritizing and counteracting the intelligence

threats faced by the United States.” 24 This was followed with the Counterintelligence

Enhancement Act of 2002, which also established a National Counterintelligence Executive and

an Office of the National Counterintelligence Executive. The Intelligence Reform and Terrorism

Prevention Act of 2004 (IRPTA) established, or moved, the Office of the National

Counterintelligence Executive and the executive to the newly established Office of the Director

of National Intelligence. 25 While the location of the office had changed, the duties were those

established in the Counterintelligence Enhancement Act of 2002.26 The only other mention of

counterintelligence in the law (IRPTA) is relating to FBI budgeting for the activity, as

counterintelligence is considered one of the four principle missions of the Bureau.27

In November 2010 the Special Security Center (SSC) and Center for Security Evaluation

were established by the Director of National Intelligence under the leadership of the National

Counterintelligence Executive. In November of 2014 the Director of National Intelligence

24 U.S. President Bill Clinton, U.S. Counterintelligence Effectiveness, Counterintelligence for the 21rst Century, PDD CI-21. January 5, 200125 Public Law 108-458, Intelligence Reform and Terrorism Prevention Act of 2004. Sec 103(c)(6). 108th Congress,26 Ibid Sec 103F(b)27 The four principle missions of the FBI: Intelligence, counterterrorism and Counterintelligence, Criminal enterprise/Federal Crimes and Criminal justice services. Ibid Sec 2001(f)

17

announced the establishment of the National Counterintelligence and Security Center (NCSC) in

the Office of the Director of National Intelligence.28

The organizational construct of the NCSC aligns with the other designations within ODNI (i.e. NCTC and NCPC) and supports our efforts to ensure that counterintelligence and security are addressed as interdependent and mutually supportive disciplines. These disciplines have shared objectives and responsibilities associated with the protection of intelligence information, sources and methods.29

Previous changes to counterintelligence were the results of what was considered

counterintelligence failures; the espionage committed by Ames and Hanssen, the finding of the

COX commission and the events of 9/11. These recent changes indicates that there is still a

problem with counterintelligence. Restructuring of the intelligence community as a whole, such

as what occurred with IRPTA did not result in significant changes with IC members (minus the

CIA and FBI). The CIA still is HUMINT, the NSA is SIGINT, the NGA is GEOINT, the DIA has

MASINT, but counterintelligence has been kept a function that receives structural and location

changes with every major IC failure. This could be, in part, due to the definition it is given. In a

publication to inform Congress about the structure, capabilities and responsibilities of members

of the IC this example is found, “Example of counterintelligence concerns: Foreign agents

approaching U.S. businessmen and scientists to learn about U.S. technology advances with

military applications.” 30 This statement would be applicable to Cold War espionage, but not to

the espionage performed today.

In February of 2015 the establishment of the Cyber Threat Intelligence Integration

Center was announced “In order to stem the wave of cyber threats targeting the U.S. 28 James R. Clapper, Announcement, Office of the Director of National Intelligence. http://www.ncix.gov/about/docs/Announcement.pdf29 Ibid30 Eric Rosenbach and Aki J. Peritz, Confrontation or Collaboration? Congress and the IntelligenceCommunity (Cambridge, Mass: The Belfer Center, Harvard University, June 2009). P. 13

18

government and private industry each day, the administration is announcing a new intelligence

integration center to get the entire nation working together to combat cyber-attacks.”31 This

center and its focus on cyber threats shows that a solution has not been found to the

challenges posed by cyber threats yet. Will another center or office or department really make

a significant change?

Figure 8: Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. P. 18

Conclusion

Espionage has evolved to adapt the tools and methods made available through cyber

means; the United States response to this evolution has been the establishment of offices and

departments focused on what is considered cyber threats. There is a gap in the US response to

such events that is being continuously exploited by malicious actors. It is a gap that should be

filled by counterintelligence. Those in counterintelligence understand this, “Counterintelligence

31 Aaron Boyd, New Cyber Center to Coordinate Threat Intelligence, Federal Times, February 10, 2015. http://www.federaltimes.com/story/government/cybersecurity/2015/02/10/new-cyber-center-threat-intelligence/23179005/

19

can play a critical role in reversing the benefits that cyber operations afford our adversaries.”32

The definitions of cyber threats, cyber-attacks, cyber warfare, and other modern phenomenon

focus on the method of delivery or infrastructure that facilitates these threats; while cyber is a

common element among these topics, they are themselves just an extension of longstanding

intelligence challenges. Definitions such as offered in Joint Publication 1-02, “Computer Security

(COMUSEC). The protection resulting from all measures to deny unauthorized access and

exploitation of friendly computer systems”33 have the intent of a counterintelligence tasking,

protection from unauthorized access and exploitation. Response to cyber threats have been

hampered by the word cyber; if removed it would be understood that cyber threats are simply

threats, cyber espionage is just espionage and cyber warfare is warfare. Definitions should not

hamper response. To solve this growing issue the word cyber needs to be removed from terms

related to intelligence issues; it seems that this reference to what is essentially a

communications medium adds confusion and obscures that acts that are occurring over it.

[Foreign] intelligence is, in essence, the gathering and analysis of secret information about other nations. Its opposite twin, security, is the protection of one’s own secrets. Counterintelligence seeks to protect both of the elements from foreign intelligence activities.34

By removing the word cyber and viewing events from the perspective of intent and actor, what

is currently labeled as being cyber phenomenon can be seen as it really is foreign intelligence

gathering and sabotage efforts.

32 National Counterintelligence and Security Center, Cyber Security, Office of the Director of National Intelligence, http://www.ncix.gov/issues/cyber/index.php33 Joint Publication 1-02, Department of Defense Dictionary of Military And Associated Terms, 12 April 200134 The institute of World Politics, American Counterintelligence and Security for the 21st Century, Class Description

20

Figure 9: Office of the Counterintelligence Defense and HUMINT Center, Defense Intelligence Agency, Terms & Definitions of Interest for DoD Counterintelligence Professionals, 2 May 2011.

BIBLIOGRAPHY

S.1948. The Counterintelligence and Security Act of 1994. July 1, 1994. 103rd Congress. https://www.congress.gov/bill/103rd-congress/senate-bill/1948/text

Public Law 108-458, Intelligence Reform and Terrorism Prevention Act of 2004, 108th Congress

Boyd, Aaron, New Cyber Center to Coordinate Threat Intelligence. Federal Times. 10 February 2015, http://www.federaltimes.com/story/government/cybersecurity/2015/02/10/new-cyber-center-threat-intelligence/23179005/

Clapper, James R., Announcement, Office of the Director of National Intelligence. http://www.ncix.gov/about/docs/Announcement.pdf

21

Clapper, James R. The National Intelligence Strategy of the United States of America 2014, Office of the Director of National Intelligence. http://www.dni.gov/files/documents/2014_NIS_Publication.pdf

Committee on National Security Systems, National Information Assurance Glossary, CNSS Instruction No. 4009, 26 April 2010, P. 22 http://www.ncix.gov/publications/policy/docs/CNSSI_4009.pdf

Fairchild, Brian P. Human Intelligence, Operational Security and the CIA’s Directorate of Operations. Statement before the Joint Economic Committee, U.S. Congress 20 May 1988

Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms, 12 April 2001 http://jitc.fhu.disa.mil/jitc_dri/pdfs/jp1_02.pdf

Mandiant, APT1, Exposing One of China’s Cyber Espionage Units, Intelligence Center Report, http://intelreport.mandiant.com/

Mandiant, M-Trends, Beyond the Breach, 2014. https://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf

National Counterintelligence and Security Center. Cyber Security. 2014 http://www.ncix.gov/issues/cyber/index.php

National Intelligence Council, Global Trends 2030, Alternative Worlds. http://www.dni.gov/files/documents/GlobalTrends_2030.pdf

Norse, Live Attacks, March 28, 2015. map.ipviking.com

Office of the Counterintelligence Defense and HUMINT Center, Defense Intelligence Agency, Terms & Definitions of Interest for DoD Counterintelligence Professionals, 2 May 2011. http://www.ncix.gov/publications/ci_references/docs/CI_Glossary.pdf

Roosevelt, Kermit, War Report of the OSS (1976)

Rosenbach, Eric and Peritz, Aki J. Confrontation or Collaboration? Congress and the Intelligence Community The Belfer Center, Harvard University, June 2009).

Senate Bill S.733, Cybersecurity Act of 2009

Senate Report 94-755, Church Committee Report, 26 April 1976

United States District Court Western District of Pennsylvania, United States of America v. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zheng, Gu Chunhui. Criminal Number 14-188 May 1, 2014. http://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf

22

U.S. President Barack Obama. National Security Strategy. 2010 National Security Strategy Archive. http://nssarchive.us/

U.S. President Bill Clinton, U.S. Counterintelligence Effectiveness, Counterintelligence for the 21rst Century, PDD CI-21. January 5, 2001

U.S. Army. Counterintelligence, FM 2-22.2, October 2009