Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles,[1] that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition" Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services.
[2] In 1991[3] and 1995 US Army manuals dealing with counterintelligence,[4] CI had a broader scope against the then-major intelligence collection disciplines.
While MASINT was defined as a formal discipline in 1986,[5][6] it was sufficiently specialized not to be discussed in general counterintelligence documents of the next few years.
Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations.
With the 2005-2007 National Counterintelligence Strategy statements, it is no longer clear what function is responsible for the overall protection of the intelligence cycle.
Methods of including encryption and traffic flow security may be needed in addition to, or instead of, specialized shielding of the equipment.
This also applies to imaging on aircraft and UAVs, although the more direct expedient of shooting them down, or attacking their launch and support area, is an option in wartime.
Britain is generally considered to have a very free press, but the UK does have the DA-Notice, formerly D-notice system.
While much of the book was reasonable commentary, it did reveal some specific and sensitive techniques, such as Operation RAFTER, a means of detecting the existence and setting of radio receivers.
Even though the principles of OPSEC go back to the beginning of warfare, formalizing OPSEC as a US doctrine began with a 1965 study called PURPLE DRAGON, ordered by the Joint Chiefs of Staff, to determine how the North Vietnamese could get early warning of ROLLING THUNDER fighter-bomber strikes against the North, and ARC LIGHT B-52 missions against the South.
The group conceived and developed the methodology of analyzing U.S. operations from an adversarial viewpoint to find out how the information was obtained.
Attendees discussed ways to adapt the OPSEC concept developed for combat operations to the peacetime environment.
Since that time, DOE has continued to refine and adapt the OPSEC concept to meet the specific needs of its mission.
Operations security (OPSEC), in a widely accepted meaning,[11] relates to identifying the information that is most critical to protect regarding future operations, and planning activities to: Contrary to the US Department of Defense definition, a 2007 webpage of the US Intelligence Board[12] describes (emphasis added) "the National Operations Security (OPSEC) Program - a means to identify, control, and protect unclassified information and evidence associated with U.S. national security programs and activities.
If the definition of counterintelligence is redefined to cover counter-HUMINT, a scope begins to emerge, although an official term still seems lacking to deal with the totality of security against all threats.
According to (NSDD 298), the Director, National Security Agency, is designated Executive Agent for interagency OPSEC training.
In this capacity, he has responsibility to assist Executive departments and agencies, as needed, to establish OPSEC programs; develop and provide interagency OPSEC training courses; and establish and maintain an Interagency OPSEC Support Staff (IOSS), whose membership shall include, at a minimum, a representative of the Department of Defense, the Department of Energy, the Central Intelligence Agency, the Federal Bureau of Investigation, and the General Services Administration.
Communications security forms an essential part of counterintelligence, preventing an adversary to intercept sensitive information that is transmitted, especially through free space, but also through wired networks capable of being wiretapped.
Protection of both sensitive information in human-readable form, as well as of cryptographic equipment and keys, is the complement of communications security.
The strongest cryptography in the world cannot protect information that, when not being sent through strong cryptographic channels, is left in an area where it can be copied or stolen.
One severe security breach was by a clerk, Christopher John Boyce, who worked inside the SCIF that held communications equipment and stored documents for a TRW facility in Redondo Beach, California.
[16] Boyce stole documents and gave them to a drug dealer, Andrew Daulton Lee, who sold them to the Soviet KGB.
The general process of determining whether a person can be trusted is security clearance; the British term, used in many Commonwealth countries, is positive vetting.
Indications of possible compromise, such as spending patterns that are inconsistent with one's known income, are supposed to be reported to personnel security officers.