Bill Evanina is the Director of the National Counterintelligence and Security Center (NCSC) - a part of the U.S. Intelligence Community that leads and supports the government’s counterintelligence and security efforts.
The NCSC tackles that mission in a number of ways, but a large part of their task is to interact with private sector entities at the greatest risk of being targeted by foreign spies. The office also works on Insider threats, overhauling the security clearance process, security at U.S. Embassies, and coordinating all double agent operations.
Cipher Brief CEO & Publisher Suzanne Kelly sat down with Director Bill Evanina for The State Secrets podcast.
What follows is a shortened and edited version of the highlights of that conversation. You can download and listen to the full conversation here.
Prioritizing the Threats
The Cipher Brief: Everybody wants to know, particularly from your position, what are the top threats today? It's difficult to know how to prioritize them. I know that you just turned over your national threat prioritization assessment - which is classified - to the president.
Evanina: We break them down in a couple of different areas. Number one is country threat; number two, I’ll call the cross-sector threat. So for country threats China would be number one, then Russia, Iran, North Korea, and then two unique areas we'll call the island of Cuba and Djibouti. Also, with respect to non-country-based threats, three key areas stick out for us: number one is supply chain, number two is critical infrastructure and obviously the perennial threat is the insider threat, which continues to be pervasive and a real obstruction for us, not only in the government but in the private sector.
The Cipher Brief: Let's tick through those: China. I think sometimes its difficult to understand why China is the biggest threat because you don't hear about it in terms of everyday news like you hear that the Russians are influencing the election, or North Korea is conducting hacks against private entities. You hear a lot that China is going after IP, but why is China the biggest threat?
Evanina: Let’s parse this out a little. We’ll start with a macro-perspective and then get down to the bottom. Yes, Russia right now is the shiny object. Russia and Vladimir Putin want to destroy our democracy and they hate capitalism. Now, those are two things they want to sow discord in our electoral process, and anything that is democratic.
The Cipher Brief: You have no hesitation in that.
Evanina: None. That is his ultimate goal, and he's been successful the last couple of years. We, as a society, have helped him do that with respect to how polarized our nation is because of the shiny object which is Vladimir Putin. And I will say that the intent, capability and the willingness to act by the Russians is high in all three aspects with what they want to do. However, the Chinese, long term, are a much greater threat to the U.S. national security and to the enduring security framework of our democracy and our freedom of speech and everything else that we hold dearly. Their influence efforts and their theft of intellectual property and trade secrets is prolific, but it doesn't get the media play that the shiny object of Russia does. And I think that's problematic for us. We spend a lot of time in the private sector talking about this problem set that we have with China. For instance in the last 12 months there have probably been seven or eight significant arrests by the FBI, of what we call Chinese spies or agents of influence.
The Cipher Brief: That doesn't seem to get a lot of attention.
Evanina: Well, there was a big one that just happened last month. The arrest of an individual working for GE in an insider threat case - working on behalf of the Chinese; I think it made two local newspapers. For us, the damage assessment will be interesting because it will be very, very damaging, but it gets no media play. The government, the FBI, is putting a lot of resources into arresting nefarious individuals working on the behalf of the PRC and their intelligence services conducting very nefarious activities here in the US - criminal activities, but it gets very little media play because we are obsessed with the shiny object which is Russia.
Social Media as a National Security Vulnerability
Evanina: Social media is a very big problem and as U.S. citizens, I like to say that we are easily influenced, and obviously, with the nation being polarized the way we are, that influence is being manipulated by Putin and others. The Chinese intelligence services are well aware of our inability to decipher truth from fiction on social media, so they use that against us. We, as a democratic institution, I would say, the best nation in the world, do provide some vulnerabilities, and this is one. We have to be better postured from a public private perspective to defend against it.
The Cipher Brief: Have you seen indications that the Chinese are trying to make an influence on social media platforms in the way that the Russians have?
Evanina: We have seen their influence activities over the years increase significantly. We are now just at the point where we're able to put that in the same box as the Russians, with respect to influence. And I think the elections are vague, but when we talk about specific candidates around the country that they think are pro-China, they will help them. But that's nothing new, that's been going on for decades. Which is why I think we have to put it in the right container to identify it as such. But yes, I think any foreign entity can now see the value of doing what Putin did in 2016.
Cuba
The Cipher Brief: We talked about China, we talked about Russia, you mentioned Iran, North Korea, Cuba, and Djibouti. I wouldn't put Cuba high on my list, so what am I missing?
Evanina: I would say the island of Cuba is a threat, not necessarily the Cuban government, although they control everything on the island of Cuba. But we have a proliferation of Russian intelligence services and Chinese intelligence services and resources on the island of Cuba, so when you add Russian intelligence services with the Chinese, under the protection of the Cuban intelligence services - which are still in their own right very viable – this produces a very, very difficult issue for us 90 miles from our border.
The Cipher Brief: There have been attacks against Americans working down there that nobody has really been able to explain yet.
Evanina: We’re working on that. The U.S. government agencies are working diligently to identify what happened to our U.S. citizens down there, and I think we’re making progress. That’s very difficult.
The Cipher Brief: So just to remind people: there was some sort of a noise that was projected into either the place where they worked or the place where they lived, and it impacted them in ways that were traumatic to the brain.
Evanina: Numerous U.S. intelligence and State Department employees were affected by something while working in Havana and they had to be brought back to the U.S., which resulted in our state department closing the embassy. And those effects and the damage is enduring and some of them were very serious. So we take that very seriously.
The Cipher Brief: Any chance, do you think, that you’ll ever figure out who did that?
Evanina: Yes.
Djibouti
The Cipher Brief: What is the threat in Djibouti?
Evanina: You have to ask yourself, “why are the Russians and Chinese building military bases there?” It's very strategic for not only global shipping, underwater cables, communication networks, trans-shipment. We have an ability to either compete with that or not. When we see the amount of resources the Chinese and Russians are putting into Djibouti, it becomes a national security threat.
Spies Among Us
The Cipher Brief: Let’s talk about the environment for spying in Washington. How active is it? How big of a deal is it, and how do people know if they're being targeted?
Evanina: Two different issues there. I think the environment for spying in Washington, D.C. is the best in the world because we are the most open society in the world and it provides a lot of freedom of movement for intelligence officers as well as co-optees and non-traditional collectors, we call them, in the D.C. area.
The Cipher Brief: Non-traditional collectors would include students…
Evanina: Engineers, scientists, people that come over here and work on behalf of their intelligence services back home. But D.C. is - for the most part - governmental collection. The biggest threat we see is outside D.C. - the intelligence service collecting on our critical infrastructure, our gas and our oil pipelines, our electrical grids, how we move information or telecommunications systems or financial systems around the globe and in the U.S. That is where we see the biggest challenge for us in mitigating and neutralizing that collection capability. Now with the Russians we've sent back or PNG’d those 60 individuals a few months ago that really helped our ability to stem the strategic collection by Putin and his intelligence services. However, they still have been able to supplement that with their non-traditional collectors or co-optees because the collection can't stop.
Business Travel to China
The Cipher Brief: What is the threat if you take your device with you overseas? They're going to get your information when you're sleeping? When you're away from your hotel room?
Evanina: As soon as you land from the airplane. We have to remember the paradigm from which we live under here in the U.S. is similar nowhere else. So, when you wake up in the morning and you turn your phone on, you're connecting to AT&T or Verizon, and you're fairly protected. When you travel overseas, it doesn't make a difference what country it is. Friendly or not, you are not connecting to AT&T or Verizon. You're connecting to another company which is mostly government-run, which means they have access to not only your phone but everything on your phone. So when you get off the plane and you're in a hotel and you hook up to Wi-Fi, a nefarious actor, hacker, and/or government can easily get into your phone and take your e-mails, your texts, any PowerPoints you have on there, if you don’t have a VPN it becomes very, very easy for them to do that. If you’re on business, of course they want that information. And if you have a VPN where you have something more strategically protective, then they'll send you an e-mail. And as you know, Suzanne, as Americans, we have an unbelievable inability not to click a link. So when you click that link, they’re in your phone, they’re in your iPad, they’re in your laptop and they have access to everything. We have some videos on our website called “Know the risk, raise your shield”, which are two minute vignettes for the adult learner, which we also use for high school children and for eighth graders. Understand two things when you travel overseas: Number one, whatever you don't want people to have access to, they’ll have access to. And two, that little safe in your hotel room is not safe. There are hundreds of people in that hotel room who have access to the combination for that safe.
The Risk of Sharing Too Much on Social Media
The Cipher Brief: There's another interesting thing that you've spoken about, and that's the social media risk. Talking about putting information out there and being very open and transparent. Americans love to share information about themselves, and it's not just the Facebook thing that we've seen in the headlines. It's not just Twitter used for messaging but it's also LinkedIn, right? What are some of the concerns around LinkedIn? It seems pretty benign, I mean, you are looking for a job, you want to connect with people, you want to network, you’re in the private sector, it's a great place to get your name out there… What's the risk?
Evanina: First of all, LinkedIn is an amazing site with respect to having a social media-based networking site for professionals, whether to obtain jobs or hire people. It is the best in the world, first and foremost. Number two, is what we've been able to identify, which we've known from an intelligence perspective but it came out in a recent trial, is that Chinese intelligence services and other government intelligence services have been utilizing LinkedIn as a platform to identify vulnerable individuals in the government and or formers government employees to be able to recruit them as spies.
The Cipher Brief: What do you mean vulnerable?
Evanina: So for instance, if you retire from an intelligence community organization or a three letter agency and then you go out, you put your resume out there, and you talk about all the particular things that you had access to - the clearances that you currently have, any kind of SAPs (Special Access Programs) you’re a part of - well that's seen worldwide. So, if you are the intelligence services of China or Russia you get to see that — and you could search in LinkedIn, you could say “Find me individuals who have worked on project X” and if you put in your résumé on LinkedIn, they can identify you and then they send you an e-mail, they invite you to a conference in a different country and then they pitch you and then they give you money and then next thing you know, you become an employee of the MSS or the Chinese, and that slippery slope doesn't stop. We were able to identify this in one case which exposed this capability for us publicly. We were able to provide warning to not only the government employees, businessmen, and former government employees who have access or had access to classified information and had clearances to say “hey, be careful when you're out there”. We inform and advise folks on that platform to be judicious.
The Cipher Brief: That's always the challenge, right, trying to balance the utility of something, and the benefits that it brings to our lives with understanding how people might be targeting you. So, what advice do you give people?
Evanina: Some of this is common sense, for instance you have to ask yourself what do you have that someone else would want, a foreign company would want, a foreign government would want? And then how do you protect that information? And if you get an email or an invitation from someone to join your network, Google that person. Make sure they exist, and if they say “I'm Bob Smith from this company” Google the company, make sure the company exists. Oftentimes, nefarious actors, they don't exist, right. And we just say “Oh that's a good company. They're working the same field that I do, and it looks like a legitimate person; I'm going to accept the invitation.” Just do a little bit of due diligence. It's not a race for whoever has the most friends and/or contacts.
Warning the Private Sector about the Threats
The Cipher Brief: You actually travel quite a bit in your role and you visit executives in the private sector. We talked about some of those areas that you focus on, energy being one of them, critical infrastructure being another. What do you talk to those executives about?
Evanina: We have the ability to not only bring in the private sector, but to bring in the CIA, FBI, DHS, DOE, to provide classified briefings for them. So, I have the ability to provide CEOs and general counsels and CSOs a one-time read-in on classified briefings and allow them to go back and mitigate the threats which are germane to their sector. This year, we've probably briefed more than 100 energy companies with respect to the threat to their industry, which allows them to work closer with DHS and other folks and mitigate the threat. That's a critical role that we play here: bridging that gap between the intelligence community and the private sector.
The Security Clearance Process
Evanina: Right now, it takes too many days to come to work. But that is not just security clearances, it’s also human resources. Our inability in the government to onboard people effectively and efficiently with mobility doesn't exist. And it’s a holistic effort which includes acquisition, human resources and security clearances. We have to do much better. So with my role here serving as the DNI’s executive agent for security, we are trying to facilitate programmatic, revolutionary change in how we vet people moving forward. And that is a separate part of the backlog and we have a plan that we hope to provide to Congress by the end of the year which will be effective next year, to reformat and revolutionize how we vet, and what are we looking for and it's not the Hansen and Ames stuff anymore. What do we consider bad debt.? What are things that the FBI or government agency should really look at with respect to you in terms of can you hold a secret clearance? And some of the things we talked about I'll be honest are like marijuana usage. So currently drug use is a no go but now have states in the U.S. where it is legal. So do we tell those folks you can't smoke marijuana or that you have to stop when you get the government? We're looking at everything. So not only that but also a lot of other issues that have been in place with security clearances where we have papered over process and policy for decades which makes it very laborious.
For even more of the conversation with Bill Evanina, download the State Secrets podcast.
