OPINION — In their article “An All-of-Society Approach to U.S. Counterintelligence,” Calder Walton and Greg Levesque noted the comprehensive nature of contemporary PRC and other foreign intelligence threats. What we now consider foreign counterintelligence (CI) builds on more than a century of American experience which I divide into four eras, each defined by the geopolitical threats of the time and how the CI Community[1] developed its response: multipolar rivalry; bipolar strategic competition; American global dominance; and multipolar rivalry redux. In each era, new geopolitical situations required the CI Community to adapt. Understanding this past is a necessary precursor to assessing how best to answer contemporary threats. To Walton’s and Levesque’s able discussion of fourth-era concerns, I add thoughts from my perspective as a recently-retired career FBI CI analyst having watched these new challenges materialize in more than three decades of federal service. In this piece, I argue that foreign intelligence threats are outpacing CI Community efforts to adapt. Fourth-era challenges exceed government-only responses, and the needed public-private partnerships, workforce expertise, and mission focus do not yet exist at scale.
The First Era (1916-1940)—America’s entry into multipolar rivalry
Modern American CI began in the aftermath of the 1916 Black Tom Island explosion and lasted until the start of World War II. Imperial German saboteurs detonated a massive Allied munitions stockpile on New York Harbor’s Black Tom Island. Germany’s intelligence services sought to reduce the role of the United States—a relatively new global power—in supporting the Allied Entente against the Central Powers in World War I. This event jump-started American CI awareness of adversary threats and the need for a response concentrated on investigations and enforcement.[2] Until Black Tom, U.S. CI efforts were mostly insular (e.g., in the Revolutionary and Civil Wars). The first era was a free-for-all in an environment with multiple major powers (notably the Central Powers and soon the Soviet Union) and few formal alliances (at least for the United States). The U.S. Government had to create laws (especially the Espionage Act of 1917) and capacity (centered on the FBI) to counter espionage and sabotage[3] as core parts of developing its ability to identify adversary intelligence officers and their source networks.
The Second Era (1940-1991)—Bipolar Strategic Competition
America’s entry into the global competition of World War II defined CI for the next five decades. The spy-versus-spy game[4] intensified as the United States, NATO, and the West competed with the Axis in World War II and then with the Soviet Union and the Warsaw Pact in the Cold War. Investigations and enforcement remained central in the hunt to identify and counter spies. The United States (and its Allies) also had to hone how it protected the truth with a bodyguard of lies, as Winston Churchill noted. The CI Community developed and used double-agent operations for deception efforts and strategic messaging. Collection and analysis abilities also grew as part of the then-new idea of an intelligence cycle.
Experts are gathering at The Cipher Brief’s NatSecEDGE conference June 5-6 in Austin, TX to talk about the future of war. Be a part of the conversation.
The Third Era (1991-mid-2010s)—American Global Dominance
With the Cold War’s abrupt end, the United States became the indispensable power for the better part of two decades. The CI Community had to identify which nations might singly or collectively challenge American supremacy in the vacuum created by global Communism’s collapse. The CI Community also recognized that secrets were not the only adversary collection targets, and that economic security is national security. The CI Community gave more attention to commercial matters empowered by the Economic Espionage Act of 1996 and related statutes.[5] The complexity of these adversary threats required the CI Community to increase its role in coordination and policy support and identifying responses. [6] The CI Community recognized that America’s national security edge stems in large part from the intellectual property and research innovation that power U.S. economic dominance. CI Community efforts to “harden the target”[7] through increased cooperation with private sector and academic partners became more common, although not universal. [8]
The Fourth Era (early-2010s-present)—Multipolar Rivalry Redux
The United States is now solidly in an era of resurgent great power rivalry, with even more complicated geopolitical challenges. The PRC is now the pacing threat and modern Russia constitutes a significant (if lesser) adversary. In the first three eras, the CI Community emphasized finding and stopping spies, thwarting saboteurs, and protecting classified information. In the last two decades especially, CI practitioners have realized that contemporary national security requires more. The fourth era encompasses three new challenges. First, the scope of what many consider a CI concern has grown, creating pressure to undertake new functions. Second, national leaders expect more of the CI Community in policy discussions. Third, the CI Community, with the broader IC, has a relatively smaller advantage in the technical capabilities which enabled American intelligence’s edge in second and third eras.
The scope of contemporary CI has expanded. [9] Modern expectations for the CI Community now exceed the spy-versus-spy model that defined decades’ worth of effort, training, and resource investments. The CI Community’s core function of identifying and protecting against foreign intelligence threats to classified material remains necessary in the fourth era, but insufficient for the array of contemporary challenges.[10] The United States’ adversaries seek a host of information, including material that is not now and will never be classified. To do the job properly, the CI Community must also address:
- Economic security. Nations get ahead by stealing or otherwise acquiring intellectual property and trade secrets. The PRC is collecting against the corporate and academic centers that enable U.S. technological and innovation success. The U.S. Government is much more attentive to allegations of foreign ownership, control, and influence in American companies. Added to this is heightened technology competition — in AI, quantum, and semiconductors — in which the CI Community has relatively little expertise.
- Supply chains. Foreign supply chain interdictions are both recent (the 2023 Microsoft case) and potential (remotely-compromised ZPMC port cranes could impede U.S. military logistics in a time of conflict). The ability of adversaries to get inside America’s production and response capacity suggests a new era of potential sabotage.
- Critical infrastructure. Multiple levels of government in the United States and critical infrastructure owners and operators are keenly attentive to the vulnerability of lifeline sectors having witnessed the damage Russia waged in its war with Ukraine.
- Foreign malign influence. Elections now routinely feature allegations of foreign adversaries attempting to interfere with representative processes, both in the United States and in other democracies. Misinformation and disinformation from troll farms—and how to counter them—is now a more common discussion topic in CI circles.
- Transnational repression. Several foreign powers have used their intelligence services and proxies to scare or harm opposition members and dissidents living abroad, including in the United States. Open sources have reported on transnationally-repressive activity tied to the PRC, Russia, Iran, India, and Rwanda.
The CI Community is playing catch up. Several CI Community members have engaged with the private sector to harden the target, but this is not enough. Because the CI Community is built for enforcement, collection, and analysis, there is not yet the default instinct for partnering more to raise defensive awareness and so counter a larger swath of foreign intelligence threats.
Policymakers expect more from the CI Community. When the CI Community’s main purpose was to catch spies, the governing laws and policies were set. The National Security Council and Hill oversight committees were more interested in case updates than identifying policies to shape the future. Over time, the dynamic has shifted from spy-versus-spy to state-versus-state, with the rising awareness that intelligence services are tools of statecraft and not independent actors. The CI Community is much more likely to have a seat at the policy table with the understanding that the competition is not the CIA or FBI versus the SVR or MSS, but rather Washington versus Moscow or Beijing. This state-versus-state model introduces a larger range of potential responses (diplomacy, demarches, sanctions) in addition to enforcement actions. [11]
Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that provides the best way to unwind while staying up to speed on national security. Sign up today.
The relative advantage of the United States over its intelligence adversaries has dramatically narrowed. The explosion of cyber-enabled surveillance technology, and the ability to acquire and process massive amounts of data, have enabled foreign intelligence services to challenge U.S. interests at lower cost and reduced the need for a sizable corporeal presence in the United States. Adversary intelligence services can use the post-September 11th terrorist-hunting commercial tools to boost their own efforts. These tools add to the internet-enabled global research and surveillance capabilities which collectively enable adversaries to increase their regional and global reach and pursue a much broader suite of collection targets. The United States used to have a decisive intelligence advantage. Now, that is not so evident.
Three options for fourth-era competition. There are no quick fixes to alleviate these newer responsibilities. Further, these threats have an additive quality; previous needs will not vanish. Developing new capabilities and responses will mean more missions with limited resources. With that in mind, the CI Community should consider three approaches:
- Increase and better orchestrate engagement and foreign partnerships. The CI Community has long standing domestic and foreign engagement. To counter PRC and other whole-of-society threats, the U.S. Government should pursue an even stronger networked defense, uniting the public, private, and academic sectors. Partnering to raise defensive awareness has never been a core CI mission. Such engagement is further complicated because many private sector companies are multinational, featuring staff from – and doing business in – countries of concern. The rise of private sector Insider Threat and enterprise risk offices have given the CI Community an important entry point for more (and more substantive) exchanges. Foreign engagement is the other side of this partnership coin. Five Eyes exchanges have been an important force multiplier for CI Community understanding. The U.S. Government can forge new and deeper multilateral ties with partner democracies, setting goals for and monitoring the utility of these new exchanges.
- Update and expand hiring and training. The CI Community’s core career paths–investigators, collectors, and analysts–have underpinned successes for more than a century. CI today requires these roles, and also professionals well-versed in how the private sector and academia work. CI Community interlocutors are too often unaware of what motivates profit-loss entities and what raises fears for academic freedom. Concerns about the CI Community inadvertently providing companies with competitive advantage by showing them how to enhance their security, for example, likely impedes greater information sharing. Along with new career paths, giving CI Community personnel more direct exposure to national-level policy making would make them better at crafting and implementing the executive orders and statutes needed to guide future national CI. Creating boot camps for CI Community personnel protecting critical infrastructure and supply chains, or working foreign malign influence and transnational repression, are also important. The CI Community should also establish a lexicon of newer foreign intelligence threats to ensure a common understanding and response.
- Revise missions. The ethos of the CI Community is firmly rooted in identifying, understanding, and countering foreign intelligence threats. Changing organizational culture is one of the hardest challenges known to government. Nonetheless, the CI Community should consider how to move beyond its historic core roles to increase the emphasis on coordination and policy support and raising defensive awareness.
William Webster, the only person to have been Director of the FBI and the CIA, noted a core challenge to the CI mission when he said “When you are not catching spies, you have bad counterintelligence, and when you are catching spies, you have bad counterintelligence and you cannot have it both ways.” In its fourth era, the CI Community must be mindful that there is even more challenge in the CI arena.
This article completed FBI Pre-Publication Review. The observations expressed here are solely those of the author and are not the official views of the FBI or the Office of the Director of National Intelligence. This article benefits from the thoughtful observations of former National Counterintelligence and Security Center Directors The Honorable William Evanina and Michael Casey; Anne Valentino, Ph.D.; and several esteemed former FBI, NCSC, and IC colleagues.
[1] These are the Intelligence Community members with specific CI charter (notably the CIA, DIA, FBI, NSA, and ODNI components), and other U.S. Government agencies with CI and security roles.
[2] I assert that the CI Community has five missions: Investigation and Enforcement; Offensive Operations; Collection and Analysis; Coordination and Policy Support; and Defensive Awareness.
[3] Concerns about foreign sabotage—listed in Executive Order 12333 but not given much attention–are back, as seen in open-source reporting of Russia’s kinetic efforts to impede Europe’s support for Ukraine.
[4] Human-intelligence centric operations to identify adversary intelligence officers and the sources.
[5] Including the Foreign Agents Registration Act (1938), International Traffic in Arms Regulations (1976), and the International Emergency Economic Powers Act (1977). Concerted effort to inform policymakers led to these becoming regular CI tools.
[6] A notable example is Executive Order 13587, on Insider Threats, from October 7, 2011.
[7] A former FBI Assistant Director for CI succinctly restated the quote often attributed to Benjamin Franklin that “an ounce of prevention is worth a pound of cure.”
[8] The CI Community has been active for years in the public-private partnership realm for years. AFOSI’s SPARTAN CITADEL technology protection initiative, the FBI’s Private Sector Coordinators, and NCSC’s Safeguarding Bulletins, and other agencies’ programs continue to enhance defensive awareness.
[9] I first heard The Honorable William Evanina, formerly NCSC’s Director, describe this concept of “expanded CI.”
[10] Two sage CI Community alumni have noted: a) agencies do best when they adhere to the core function of finding foreign spies and thwarting adversaries’ collection efforts and b) CI and security are not the same. However, the reality is that issues become “CI concerns” when people do not know where else to assign them.
[11] A former FBI Assistant Director for CI noted that “we cannot arrest our way out of” contemporary foreign intelligence threats.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
