(The Need to Know report is based on information pertaining to Threat, Security, Intelligence, and Investigative Professionals (TSIIP). Below is a summary and for more information, please read the attached original report.)
Writer: Elythir George
Editor: Jennifer Loy
Date: December 15, 2023
Keeping Your Company Safe[1]
BLUF/Summary: The US National Counterintelligence and Security Center released a report, “Enterprise Risk Mitigation Blueprint for Non-Intelligence Agencies.”[2] Although it is written specifically for US agencies, it is highly effective for any intelligence company or organization. It stressed that foreign intelligence entities, state actors, and non-state actors are aggressively targeting the U.S. government and private sector to steal sensitive information and undermine national security. The report lays out a plan for organizations to follow to protect themselves, including identifying critical assets, assessing vulnerabilities and threats, developing risk assessments and mitigation plans, and implementing best practices around security awareness, insider threat programs, supply chain risk management, and protection of intellectual property and critical infrastructure. The key message is that an integrated, organization-wide approach is needed to counter this growing threat.
Threats/Concerns:
Aggressive targeting by foreign intelligence entities (FIEs), state actors, and non-state actors to steal sensitive unclassified information from government agencies and private sector companies is ongoing. They are after personal data, trade secrets, intellectual property, technology, research, etc. to gain economic and strategic advantage.
FIEs are employing a wide range of tactics like insider threats, cyber intrusions, supply chain compromises, and blended operations to achieve their goals.
Risks to critical infrastructure sectors like energy, telecom, healthcare from interconnected IT systems and supply chain vulnerabilities are things FIEs could exploit.
Malicious influence campaigns using cyber operations, propaganda, and manipulation to sow divisions and undermine confidence in democratic institutions, and are likely to continue or even increase.
Attempts to control or debilitate critical infrastructure and compromise supply chains are prominent.
Growing foreign threats to steal intellectual property and scientific research through espionage and cyber intrusions is common.
The key concern is that these threats are targeting the core of America's economic and national security, as well as public health and safety. A holistic, integrated approach is needed to counter them.
Threats/Concerns by Sector:
Government:
Theft of classified and sensitive information from US government agencies
Compromise of federal, state, local, and tribal governments
Private Sector:
Intellectual property theft from virtually every sector of the economy
Compromise of critical infrastructure sectors like defense, energy, finance, healthcare, telecom
Research:
Theft of sensitive technologies, research & development from national labs, universities
Economic espionage targeting scientific discovery and innovation
Supply Chains:
Exploitation and compromise of supply chains across sectors
Attempts to access key supply chains from concept to deployment
Health Sector:
Risks to healthcare systems from interconnected IT systems
Public health and safety concerns from potential attacks
While it does not provide a sector-by-sector breakdown of threats, it highlights these sectors above as prime targets and at significant risk of exploitation by foreign adversaries.
Significance: It is almost certain that foreign intelligence entities will continue aggressive targeting of sensitive information in the government and private sector. State and non-state actors very likely have significant capabilities and resources dedicated to cyber intrusions, espionage, and supply chain exploitation targeting critical data and infrastructure. While unlikely that adversaries can fully debilitate critical infrastructure or completely undermine confidence in democratic institutions, it remains likely they will continue attempting malicious influence campaigns using cyber means and propaganda. Insider threats enabled by foreign entities have a roughly even chance of occurring as security clearances and digital access increase across sectors. Though unlikely to fully control supply chains, foreign actors will almost certainly gain some access and leverage that could be used for exploitation. Intellectual property theft has a very high likelihood of continuing through cyber intrusions of national labs, universities, and companies leading research and development. Organizations across all sectors almost certainly face a daunting and diverse foreign threat complex that is actively seeking access and advantage through multiple vectors with varying degrees of probability. Implementing the report's risk mitigation blueprint is vital and will almost certainly keep your company or organization safe.
Awareness for Threat, Security, Intelligence, Investigative, and Protection (TSIIP) Professionals:
The aggressive use of a wide range of legal and illegal tactics by foreign actors to target sensitive information in government and the private sector. TSIIPs need to understand these tactics and how to defend against them.
Blurring lines between traditional espionage, cyber intrusions, and supply chain exploits. Monitoring for threats needs to cover all these areas.
Risks to critical infrastructure and the potential for disruptive attacks beyond just data theft. Securing industrial control systems and key supply chains is critical.
The insider threat and importance of workforce awareness and monitoring. TSIIPs play a key role here in detecting anomalous behaviors.
Influence campaigns using cyber tools and propaganda to undermine institutions - awareness of latest techniques needed.
Emerging technologies around AI, quantum, biotech, and autonomous systems that could be targeted for theft and exploitation.
Best practices detailed in the report around asset identification, risk assessments, and mitigation planning to implement effective enterprise security. Leveraging interagency expertise and partnerships referenced in report.
TSIIP professionals need to understand that this report highlights an integrated, whole-of-enterprise approach is essential to counter the diverse and persistent foreign threat environment facing government and industry.
Recommendations for Threat, Security, Intelligence, Investigative, and Protection (TSIIP) Professionals:
Take a proactive and risk-based approach to identifying critical assets, conducting vulnerability assessments, and developing integrated mitigation plans.
Enhance security awareness and insider threat training programs focused on the latest tactics used by foreign intelligence entities.
Work closely with cybersecurity teams to monitor networks for anomalies, enforce access controls and authentication policies, and share threat intelligence.
Partner with supply chain, procurement, and vendor management groups to illuminate risks, establish integrity, and prevent exploitation.
Implement robust visitor access controls, foreign travel reporting procedures, and monitoring of foreign contacts.
Develop sensitive emerging technology control plans tailored to new R&D threats.
Promote better information sharing within industries on threats to critical infrastructure and coordinated contingency plans.
Enhance suspicious activity monitoring and response procedures consistent with civil liberties.
Pursue public-private partnerships and utilize interagency expertise from FBI, DHS, and the Intelligence Community.
Continually assess the changing threat landscape and adapt enterprise defenses accordingly.
The key for TSIIPs is taking an integrated, organization-wide view to security policies, access controls, monitoring, threat intelligence, and risk mitigation planning. Partnerships and information sharing are also vital to countering the sophisticated foreign threat environment.
To read the full report, click below.
[1] Computer Programmers by Wix images
[2] Enterprise Risk Mitigation Blueprint for Non-Intelligence Agencies, US National Counterintelligence and Security Center, 2023, https://www.dni.gov/files/NCSC/documents/products/Risk_Mitigation_Web_2023.pdf