Playing Offense and Defense

Q&A with National Counterintelligence Executive Bill Evanina

OffenseDefense

William “Bill” Evanina serves as the National Counterintelligence Executive (NCIX) and director of the National Counterintelligence and Security Center (NCSC) with the Office of the Director of National Intelligence (ODNI). Prior to being appointed by the DNI, Evanina held positions as chief of the CIA’s Counterespionage Group and as assistant special agent in charge of the FBI’s Washington Field Office, where he led both the counterintelligence and counterterrorism divisions.

How would you describe your role as NCIX? What is your day-to-day like?

My role is triple-hatted. NCIX is a legislative position to lead and coordinate counterintelligence (CI) issues throughout the government and provide CI outreach to the private sector. As NCSC director I oversee CI for consulates and embassies around the world. Also, under the ODNI auspices, I am the National Manager for CI, developing policy strategy for top-level CI for the U.S.

My job is eclectic and different every single day. We facilitate operations and analytics throughout the Intelligence Community (IC) with respect to CI—not just against the big ones like Russia, China, Iran, Cuba, but also outside America and with our NATO and Five Eyes partners. Moving into the security realm, for example, today I’m going to the White House to deal with background investigation issues and reform efforts. In the past few months, with Russia [in the news], something new comes up all the time. We’re often defending against threats, but the good thing I get to see is the offensive excellence we have in the U.S. government—and that rarely gets reported.

What first drew you to work in CI?

Some of it was interest, and some of it was happenstance. In 2005 we had an insider threat at the FBI in New Jersey who we believed was spying and I got to head up that investigation. His name was Leandro Aragoncillo and he had previously worked at the White House. We investigated and charged him and he pleaded guilty to spying for the Philippines. After that I was sort of obsessed with spying and espionage. Coming from the terrorism side I wasn’t always aware of the insider threat. When I got promoted to the FBI in Washington, D.C., we were about a year away from taking down the Russian spy ring in 2010. It was just fascinating. It doesn’t get much luckier than to be a part of that—the investigation, the arrest, working with the CIA and the spy swap that occurred.

When I became chief of the CIA Counterespionage Group I had opportunities to brief DNI [James] Clapper and the directors of the CIA and FBI. When the NCIX job became available I had the opportunity and was appointed here. I’m a big believer in the slow bleeds that can be caused by nation state threats.

What role does geospatial intelligence play in NCSC’s mission?

GEOINT is probably the least appreciated INT in national security. It’s the fastest growing and most complex for multiple reasons. The globalization, privatization, and the capabilities being developed in the private sector have significant use and implications for the IC. But it’s a double-edged sword for the CI community. We look at GEOINT as an amazing tool that we’re able to exploit, ultimately to track the adversary and identify what they’re doing and how. But we also have to keep in mind our adversaries are doing the same thing. We are always in that pinball space, back and forth, of not only trying to find new, creative ways to utilize GEOINT, but also to ensure our offensive people are continuously educating our defensive people about its use.

With GEOINT, every month some new technology comes out and as it proliferates in the private sector the government has trouble keeping up with the capabilities out there. My goal as we move forward and use these tools every day is that we continue to understand they can also hurt us. And they do hurt us and our adversaries do use GEOINT against us. Looking at the horizon, what happens when you combine GEOINT with biometrics? What does that mean for our clandestine operators around the world and our ability to track our adversaries’ clandestine operators? GEOINT is a great case study for the IC to have offense and defense consistently aware not only of capabilities but of liabilities.

How does CI help prevent theft of technology and mitigate supply chain risks?

We’re in an aggressive campaign to educate the community about supply chain risks, starting with overhead platforms and the GEOINT Community. Our vector here in the next 10 to 20 years as we move to space is to provide uncompromised capabilities and analytics. Our adversaries are trying to compromise those things. If you look at it from a procurement/acquisition perspective on the supply chain side we need to add that layer of CI to ensure systems, rocketry, communications, and even widgets and micro-tech from the ground to the satellite aren’t compromised.

Say, for example, a general contractor has dozens of subcontractors. Every subcontractor is vulnerable to a foreign threat actor to penetrate the system and make it not work. It’s a big problem with multifaceted solutions. It all starts with awareness. Does the company know where it procures its material? Or who is doing IT security? Awareness is trying to get the C-suite companies all the way down to the startups to understand the significance of the supply chain.

As the IC, and in particular the GEOINT Community, begins to welcome more unclassified, open-source intelligence and consider the use of wireless devices, how does that change and heighten your mission?

It makes it very difficult. I’m a big proponent and understand the globalization and speed of technology. My office worked with the DNI to put out an interim policy on wireless devices in the IC, and it ruffled some feathers. It said not only are they a threat but we need to understand the risks. At home, people who work in the IC have the Internet of Things in everything—they come to work and expect a little bit of the same.

We have to work to improve efficiency in the workplace, but are unclassified and wireless really more efficient? I’m not totally against either. I don’t want to restrict progress but I want to continue to put a risk structure in place. But I can tell you if our adversary started to put wireless in their spaces we’d have to create multiple jobs because there would be so much work to do. To go wireless we must have the mitigations in place to maximize the protective capabilities we have to push back our foreign enemies who would try to compromise that. Again, it’s a catch 22.

How is artificial intelligence (AI) changing the CI mission and insider threat detection?

We use AI very effectively in the IC, and it’s even more effective in the private sector. But once again our adversaries are doing the same thing. As we proliferate progress we also have to be aware of the vulnerabilities. How do we get to a place were we can utilize AI in its purest form—add AI and machine learning with biometrics and you’re almost undefeatable in terms of what you could identify and analyze. AI is here to stay and it’s going to get bigger, faster, and more efficient.

In my world it is an enduring effort to educate those who use these capabilities but also those who could have it used against them. AI has great potential for showing us what we don’t know. One of the best insider threat programs we have uses AI.

What other thoughts would you like to share with the GEOINT Community?  

The race to use space as an intelligence gathering apparatus is on and in full swing with the U.S. and our adversaries (as well as friendly nations and frenemies) all in. And that race has to be won on our part, but it also has to be won in a careful manner because we don’t want to race to space and then have our stuff not work. Getting there uncompromised or minimally compromised is one thing we’re pushing in Congress. Let’s be patient and make sure we understand the threats.

In concert all things we do matter, from the private to the critical infrastructure and financial sectors. Take the theft of personally identifiable information—from Target and Sony to OPM and the last 6 months with the election. Ninety percent of that occurred from one thing—successful spearfishing, not sophisticated foreign government’s clandestine operations. No, just sending out emails with links and we’re clicking on them, then they’re having immediate access to our systems. The paradigm has to shift that as a country we’re all in this together. There has to be a holistic effort to protect America and that’s something we are trying to message. That this is a whole of government, whole of country effort.

A Homegrown Leader

Web exclusive Q&A with Justin Poole, the new deputy director of NGA

Innovating for the Homeland

Q&A with Andre Hentz, acting deputy under secretary for Science & Technology (S&T) with the Department of Homeland Security (DHS)

, ,

Beyond the Quantitative Approach

Q&A with Dr. Peggy Agouris, professor of spatial informatics at George Mason University