Counterintelligence and Security.Where do the divisions lie?


Essay, 2017
7 Pages, Grade: 60

Excerpt

Contents

Abstract

Counterintelligence and Security – Where do the divisions lie?

Bibliography

Abstract

Enterprises, both state and non-state that are cognizant of their competitive advantage carry out some form of CI activities within their organizational structures in collaboration with security in order to secure their edge. As organizations become more complex, specialization creeps in, thus warranting specialized departments or teams to be responsible for recognizing and protecting their respective share of the business secrets. As a result, CI, in the business of protecting secrets and preventing it from landing in the hands of enemies tends to disperse as a key responsibility across specialized departments within organizations and not just only with the security team. This article examines how some enterprises in the public and private sector have organized their CI and security efforts and why they are organized that way. The analysis will then be used to establish that CI is not necessarily an extension of the duties of a security officer, rather, CI has a much broader scope than security.

About the author – Mohammad Naved Ferdaus Iqbal

The author is a postgraduate student of Intelligence and Security Studies at Brunel University London (UK). He has over 12 years of experience in the oil & gas industry, having worked extensively in the United States, China, Thailand and Bangladesh.

Counterintelligence and Security – Where do the divisions lie?

When George Washington had said, “there is one evil that I dread and that is their spies,”[1] the primary driver behind counterintelligence (CI) activities couldn’t have become any simpler. Washington’s statement also echoes seamlessly with how state and non-state entities essentially look at adversaries or competitors who could steal or compromise their secrets and consequently, weaken their competitive edge. Enterprises, both state and non-state that are cognizant of their competitive advantage carry out some form of CI activities within their organizational structures in collaboration with security in order to secure their edge. It is important to clarify that the secret that organizations want to protect from their adversaries is “knowledge”, stored in multiple forms including, but not limited to data, chemical solutions, technology prototypes or even enterprise critical personnel that give organizations their competitive advantage. As organizations become more complex, specialization creeps in, thus warranting specialized departments or teams to be responsible for recognizing and protecting their respective share of the “knowledge”. As a result, CI, in the business of protecting knowledge and preventing it from landing in the hands of enemies tends to disperse as a key responsibility across specialized departments within organizations and not just only with the security team. This paper examines how some enterprises in the public and private sector have organized their CI and security efforts and why they are organized that way. The analysis will then be used to establish that CI is not necessarily an extension of the duties of a security officer, rather, CI has a much broader scope than security. To put it analogously, if CI is an end, then security is only a means to an end.

While the principles of organizational structure (such as, enterprise’s mission, customer interface, decision protocol, specialization, staff strength, geographical spread, budget, performance management, etc.) are largely the same in public and private sector, various authors have tried to explain what else has either converged or split CI and security activities in state and non-state organizations. According to Frederick L. Wettering, “in the counterintelligence profession, ‘security’ officers are looked down on as poor cousins who have to deal with safe closings and employee thefts rather than the exciting business of catching spies. This hubris has resulted in a split throughout both the U.S. federal government and the private sector which has resulted in two bureaucracies: ‘security’ and ‘counterintelligence’”[2]. Wettering, who advocates that physical and personnel security are major components of CI, has summed up CI into three functions, namely protecting secrets; deterring and denying attempts by foreign enemies to steal those secrets; and catching “moles”[3]. Wettering has tried to establish the convergence between CI and security by grouping the commonly known activities of security into the CI function of “protecting secrets”. He has broken down “protecting secrets” into physical security (safes, password, identification badges, security guards, alarms etc.) and personnel security (background check, polygraph examination etc.), which are typically the responsibilities of a security department in an organization. John A. Nolan III, on the other hand has offered another explanation behind the CI and security split in organizations. He says, “…the security function is assigned a cost center identity, certainly not one that contributes to the profit side of the business where CI stars can be found. There are also companies where the security function is viewed as largely reactive, much the way that police forces are reactive; they are called upon only when needed to fix a problem. To a considerable extent, there is a good reason to view the security function in this light since large numbers of the people responsible for security come from law enforcement background.”[4] Nolan claims that CI differs significantly from security in scope, nature and approach. He relates an example that sets CI distinctly apart from security. Nolan’s firm, the Phoenix Consulting Group (PCG) was asked by its client to collect information on a target firm. When PCG presented the desired information, the client asked, “if we can get so much about them, what’s to keep them from getting the same information about us?” This question alone is a depiction of the client’s awareness that “CI measures are impervious to and unimpeded by security measures”,[5] which helps Nolan justify that CI warrants a distinct attention and must not be perceived as an extension of the responsibilities of the security team.

As Wettering has said about CI and security having emerged as two bureaucracies in the US federal government and the private sector, the security function in state enterprises of Bangladesh, for example, is no different from that structure. The security teams in the offices of Special Branch (SB), National Security Intelligence (NSI), Military Intelligence (Directorate General of Forces Intelligence-DGFI) of Bangladesh are effectively responsible for physical and personnel security within the premises. Although Bangladesh does not have a dedicated counterintelligence unit per se, each of these agencies finds it within its respective missions to thwart threats that would bypass or infiltrate physical security. Little is, however, known from published sources about the intricacies behind the organizational structures of these state agencies. One can, therefore, only assume that the purpose, mission and the skill sets required are different for CI and security teams, which most likely determine the split between security and CI in organizations. But the question to ask is if these two functions can, at all, complement each other to serve the greater mission of CI. Perhaps an answer lies in the fact that in the U.S. NSA, security and CI are fully merged in the Associate Directorate for Security and CI. This does not necessarily mean that CI and security need to report in to the same department in all organizations. Effective collaboration between CI and security can also be achieved through coordination and sharing of meaningful information. The CIA had lessons learned on the importance of CI and security to collaborate since Edward Lee Howard, a CIA case officer was identified in 1985 as spying for the KGB and escaped to the USSR. Before then, there had been no effective sharing of information among the Directorate of Operations, Office of Security and Office of Medical Services. Although CI and security offices are separate departments in the CIA, the interchangeability of personnel has apparently yielded improved cooperation.[6]

Where CI and security cease to converge is evident in the 1999 ban on foreign visitors to the U.S. Department of Energy (DOE) weapons labs. The weapons labs house nuclear weapons research and weapons information archives. Prior to the ban, 6,398 foreigners visited the labs and 1,824 visitors were from countries involved in arms proliferation or espionage such as Russia, China and India. The U.S. Congress issued a temporary ban and investigations had revealed that China had allegedly leveraged professional scientific visits and delegations to these labs to obtain sensitive technology.[7] But a few months later, the ban was lifted on the ground that there could be retaliation, such as a similar ban from those countries, which would prevent the U.S. from implementing nuclear arms agreements. In context of security, the ban appears as an appropriate security measure to protect secrets. From a CI standpoint, however, the U.S. urgency to enforce nuclear arms treaties as a CI measure against nuclear threats is evidently a more strategic option to adopt.

While the prevalence of CI activities may not be plainly admitted by non-state enterprises as they are likely to call all such activities as “security”, there is, however, no dismissal of the fact that these organizations do engage in CI efforts in order to prevent their secrets from landing into the hands of the competitors and losing competitive edge. For example, international oil companies (IOCs) conduct CI activities (primarily, protecting secrets and thwarting industrial or corporate espionage) via many teams across their organizational structures. All those teams are engaged in protecting secrets that are relevant to each team’s area of specialization. Teams such as Strategy and Planning would essentially protect business models and forecast data; Supply Chain would protect the company’s threshold for tender bids, commercial negotiations and contracts; Human Resources (HR) would protect sensitive personnel information (SPD); Information Technology (IT) would protect electronic data and IT infrastructures; Government Affairs would protect lobbying details and bargaining chips against client states; Security would protect personnel, assets and expatriates’ country evacuation plan. Each team is expected to protect its secrets, all of which collectively provide IOCs their competitive advantage. Some of the teams also engage in deploying CI measures to strengthen other teams’ abilities to protect secrets and neutralize attempts to compromise secrets. The Public Affairs team ensures that the business critical personnel and the leadership teams are trained in crisis communication and media skills to tactfully address questions and effectively manage provocations in public settings (social events, crisis situations, media ambush, corporate forums like Chamber of Commerce and Industry etc.) so that sensitive information and business secrets wouldn’t be accidentally given away or phished out of them. The IT team randomly carries out human inflicted vulnerability assessment of the company’s IT networks by sending out phishing emails to employees, conduct Data Privacy (DP) audits as part of Information Risk Management (IRM) and mandates IRM compliance training for all personnel. Lockheed Martin also adopts a similar awareness induction, which they officially call “Counterintelligence Awareness-Capability Without Compromise”. According to the Vice President and Chief Security Officer of Lockheed Martin, “…employees are entrusted with a great responsibility in the safeguarding of U.S. government customers’ classified information and a keen understanding of counterintelligence is critical to that responsibility”.

[...]


[1] George Washington, “From George Washington to Josiah Quincy”, Founders Online, National Archives, 24 March 1776, accessed 2 February 2017, https://founders.archives.gov/documents/Washington/03-03-02-0392

[2] Frederick L. Wettering, “Counterintelligence: The Broken Triad”, International Journal of Intelligence and Counterintelligence, 13:3, 265-300, DOI 10.1080/08850600050140607, 29 October 2010, accessed 5 February 2017, http://www.tandfonline.com/doi/pdf/10.1080/08850600050140607?needAccess=true

[3] Nigel West, “Spycraft Secrets: An Espionage A-Z”, 139, The History Press, 2016.

[4] John A. Nolan III, “Confusing counterintelligence with security can wreck your afternoon”, Wiley Online Library, accessed 5 February 2017, http://onlinelibrary.wiley.com/doi/10.1002/(SICI)1520-6386(199723)8:3%3C53::AID-CIR12%3E3.0.CO;2-D/epdf

[5] John A. Nolan III, “Confusing counterintelligence with security can wreck your afternoon”, Wiley Online Library, accessed 5 February 2017, http://onlinelibrary.wiley.com/doi/10.1002/(SICI)1520-6386(199723)8:3%3C53::AID-CIR12%3E3.0.CO;2-D/epdf

[6] Paul J. Redmond, “The Challenges of CounterIntelligence”, The Oxford Handbook of National Security Intelligence, 540, Oxford University Press, 2010

[7] “DOE Secretary Denounces Bill That Bans Foreign Visits To U.S. Labs”, Laboratory Network, 19 May 1999, accessed 5 February 2017, https://www.laboratorynetwork.com/doc/doe-secretary-denounces-bill-that-bans-foreig-0001

Excerpt out of 7 pages

Details

Title
Counterintelligence and Security.Where do the divisions lie?
College
Brunel University
Course
Intelligence and Security Studies
Grade
60
Author
Year
2017
Pages
7
Catalog Number
V355915
ISBN (eBook)
9783668464322
ISBN (Book)
9783668464339
File size
534 KB
Language
English
Tags
counterintelligence, security, where
Quote paper
Mohammad Naved Ferdaus Iqbal (Author), 2017, Counterintelligence and Security.Where do the divisions lie?, Munich, GRIN Verlag, https://www.grin.com/document/355915

Comments

  • No comments yet.
Read the ebook
Title: Counterintelligence and Security.Where do the divisions lie?


Upload papers

Your term paper / thesis:

- Publication as eBook and book
- High royalties for the sales
- Completely free - with ISBN
- It only takes five minutes
- Every paper finds readers

Publish now - it's free