Intelligence_ From Secrets to Policy - Mark M. Lowenthal [117]
DNI McConnell wants to move from the “risk-avoidance” security approach to a “risk-management” approach. This implies a willingness to give the benefit of the doubt to some applicants or employees rather than to try to run a system that wards off any potential risks, which clearly is not possible. As sensible as this approach may be, it can run into opposition from those people who are supposed to administer it, the individuals responsible for personnel security. These individuals are unlikely to see any benefit to clearing more people if this means they have also cleared the individual who becomes a security threat. The personnel security staff may also recognize that they will be the ones who are asked to explain how breaches got through in the first place. This personnel policy shift will be an interesting test of the DNI’s authority over intelligence officers who work in agencies that the DNI does not control directly.
EXTERNAL INDICATORS AND COUNTERESPIONAGE
Besides internal measures taken to prevent or to identify problems, counterintelligence agents look for external indicators of problems. They may be more obvious, such as the sudden loss of a spy network overseas, a change in military exercise patterns that corresponds to satellite tracks, or a penetration of the other service’s apparatus that reveals the possibility of one’s own having been penetrated as well. (This apparently is how Robert Hanssen was detected.) The indicators may be more subtle—the odd botched operation or failed espionage meeting or a negotiation in which the other side seems to be anticipating one’s bottom line. These are all murkier indicators of a leak or penetration—what some have described as a “wilderness of mirrors.”
In 1995 the CIA and NSA published signal intelligence (SIGINT) intercepts (code-named VENONA) that had been used to detect Soviet espionage in the United States. From 1943 to 1957 VENONA products helped identify Alger Hiss, Julius Rosenberg, Klaus Fuchs, and others working for Soviet intelligence. As VENONA showed, SIGINT can offer indications of ongoing espionage, although the references to spying may be oblique and are unlikely to identify the spy outright . The VENONA intercepts used code names for the spies but often provided enough information to help narrow the search.
The serious problems resulting from having been penetrated by a hostile service also highlight the gains to be made by carrying out one’s own successful penetration of the hostile service. Among the intelligence that may be gathered are• An opponent’s HUMINT capabilities and targets, strengths, weaknesses, and techniques;
• An opponent’s main areas of intelligence interest and current shortfalls;
• Possible penetrations of one’s own service or other services;
• Possible intelligence alliances (for example, the Soviet-era KGB used Polish émigrés in the United States for some defense industry espionage and Bulgarian operatives for “wet affairs—assassinations): and
• Sudden changes in an opponent’s HUMINT operations—new needs, new taskings, changed focuses, a recall of agents from a specific region—each of which can have a host of meanings.
Discovering the presence of foreign agents may not lead automatically to their arrest. The agents also present opportunities, as they are conduits to their own intelligence services. At a minimum, efforts could be made to curtail some of their access without their becoming aware of it and then false information could be fed to them to send home to confuse their analyses. Alternatively, counterintelligence officers may try a more aggressive approach, attempting to turn them into double agents who, although apparently continuing their activities, now provide information on their erstwhile employer and knowingly pass back erroneous information.