Small Wars Journal

US Counterintelligence: The Big Picture of Subversion in the United States

Sat, 06/01/2019 - 3:23am

US Counterintelligence: The Big Picture of Subversion in the United States  

Kane S. VanVuren     

The unfailing application of proactive, effective security capabilities is crucial to protect sensitive US information and assets from foreign adversaries.”

~ National Counterintelligence Strategy 2016

Strategy Concerning Insider Threats

The evolution of the National Counterintelligence and Security Center (NCSC) from the former Office of the National Counterintelligence Executive (ONCIX) highlights the importance of both Counterintelligence and security as a single imperative under the national policy.  The NCSC Strategic Plan points out that their “overarching theme” is the “integration of CI and security activities because the solutions to countering adversarial threats often lie at the intersection of the CI and security disciplines” (2018).  Indeed, while counterintelligence threats can come in many forms, likewise, insider threats now have many vectors in which to access sensitive information.  The 2016 National Counterintelligence Strategy notes that efforts by the US to modernize and adapt to changing economic, technological, and cultural environments have also led to openings in which foreign entities can "expand their scope of the collection” against the US Government.  In this case, while the US government still classifies FIE’s (Foreign Intelligence Entities) and insider threats as different, they could easily be merged.  History has shown that a large portion of insider threats are from, or influenced by, state and non-state entities, as well as the usual suspects like Russia, China, Iran, and North Korea.

While neither the 2018 NCSC Strategic Plan nor the 2016 National Counterintelligence Strategy notes the current impact of insider threats, they both address these threats with emphasis.  As part of the 2016 Strategy, it specifically cites that complete integration of Counterintelligence and security includes the processes ranging from “information technology and acquisition to personnel decisions” and its essence “to preserving our national security” (emphasis added).  The 2018 Strategic Plan advances this concept, and includes that insider threats and unauthorized disclosures through technical advantage of “[a]nonymity and encryption tools, more users and devices, cloud computing, and advanced malware” enable insiders “to hide unauthorized actions among normal activities, and operate undetected to harvest valuable information.”

The Strategy of NCSC is a comprehensive interagency initiative through collaboration and partnerships that includes assets of the CI, security, and cyber communities (2018).  As impressive as the US Intelligence Community has become, a large portion of US protected interests come from the private sector.  Included in the 2018 Strategic Plan are instruments in which NCSC has devised for measuring progress and implementing a new policy in weak areas.  Of the14 initiatives from NCSC, some are new, and some are "continuing to kick-start the integration of CI and security” (2018). 

Prevention and detection have been taken up by a new task force created in response to the WikiLeaks release of thousands of classified documents.  The National Insider Threat Task Force (NITTF) is an extension of NCSC and co-chaired by the US Attorney General and the Director of National Intelligence that affects more than 99 federal departments and agencies that handle classified material (NITTF n.d.).  In short, the NITTF has personnel who are authorized to investigate clues and behavior of concern of someone who could pose a threat, as well as the capability to “help someone who may feel he or she has no other option than to commit an egregious act” (NITTF n.d.).  It is clear that the NCSC and Intelligence Community at large have renewed their efforts to counter insider threats.  In consolidating their combined assets, the NCSC is disrupting the earlier trend of unauthorized public disclosure and taking steps to ensure risks will be mitigated in the future.            

Enhancing Counterintelligence Procedures

It is not that persons who require security clearances are not adequately vetted when they enter these fields, but instead, there is poor oversight and follow-up once they occupy these positions.  An initial investigation could be more thorough, but at this point, the person being investigated does not have a work history, nor the input of others that may provide insight of someone’s personal and work habits.  Petra Bradley et al. (2017, 2) write that “[m]any insiders developed their intention to act after they were in the job, so while it is important to detect who is vulnerable to becoming a threat at the point of hiring, it will likely need to be complemented by periodic monitoring." In other words, vetting should be a continuous process that includes regular peer-reviews and supervisor evaluations in addition to scheduled re-investigations. Undoubtedly, the loose and seemingly unsupervised office culture that Hanssen and Ames enjoyed has since past.  They were vetted as per the requirements of that era but also served as a great example of how destructive and toxic behavior had crept into their daily activities and went unreported.         

Considering the vetting process as a whole, a plan consisting of new technology and randomized no-notice personnel interviews could be a valid and straightforward measure of deterrence.  In fields like military aviation, commanders use a “no-notice check ride” consisting of an oral evaluation or flight evaluation, or both, to ensure flight crews are proficient and prepared to operate when called to action.  Likewise, social media has provided an outlet for individuals to share thoughts, ideas, and to connect with persons outside of immediate social circles and may include clues to traits of psychopathy. 

Persons holding security clearances should be well aware that their personal lives will be under scrutiny.  This holds for both online presence and communications.  As more rigorous security levels are required for vetting, so should a corresponding counterintelligence assessment of an applicant’s online language.  One tool designed explicitly for this task is the Linguistic Inquiry and Word Count (LIWC) text analysis program.  It has been tested and used, in part, to assess insider threat behaviors, for example, a correlating change in word usage that is more self-focused (e.g., I versus we) (Bradley et al. 2017, 3). 

Petra Bradley et al. (2017) note that research on insider threats tends to be more focused on motivations and less on “behavioral and cognitive attributes of individuals who have posed threats in the past." This is not necessarily bad, but it indicates voids in research that could assist security and Counterintelligence in identifying patterns of individuals who are becoming disassociated from their responsibilities.  Some of the motivations cited by Bradley et al. are personal or social frustrations, reduced loyalty to the organization, and lack of empathy (2017, 2).  Former NSA contractor Reality Winner, for example, told Jeremy Redmon of The Atlanta Journal-Constitution, that “I think that I was isolated at that time” and “[while experiencing these emotions] psychologically, you are not going to make the best decisions” (2018). 

Bradley et al. also support a policy of “periodic monitoring” as a low-tech and low-overhead means of employee monitoring (2017).  Reports via supervisors and anonymous peer-reporting will need to balance privacy needs but compliment periodic monitoring for "triggering events such as loss of social support" (i.e., Reality Winner's feeling of isolation) (Bradley et al. 2017, 2).  NITTF recognizes that emotional and social support may make the difference between someone crossing the line or finding the help they need before something terrible happens. "[A]n individual may have no malicious intent, but is in need of help… Intervention prior to the act can save an employee’s career, save lives, and protect national security information” (NITTF n.d.).                                     

Embedding Counterintelligence Countermeasures

The 2019 National Intelligence Strategy has integrated several policies for the promotion of ethical behavior in the workplace.  In the past, when Ames and Hanssen served in supervisory positions, and earlier stations throughout their career, they misbehaved with almost immunity from their actions.  The Intelligence Community has recognized this harmful behavior as a burden to the values of its organization.  The Strategy (2019, 22) states, “personnel, including all civilians, military, and contractors, must adhere to the Principles of Professional Ethics for the IC” a supporting policy where through “Stewardship” personnel are responsible “to report wrongdoing through appropriate channels; and remain accountable to ourselves” (PPE n.d.).  This text recognizes that the behavior of Ames and Hanssen was damaging to the working analysis of others during their careers, and likely limited valuable insight by others who felt that their input was unimportant. 

Unlike the abusive and toxic environment that was fostered by Ames and Hanssen, the Strategy notes that inclusion has many benefits.  Intelligence Community cultures that “[connect] each employee to the organization,” indeed “encourages collaboration, flexibility, and fairness” (Strategy 2019, 22).  By their presence alone, Ames and Hanssen could be viewed as infiltration agents bent on the disruption of a conducive work atmosphere in the CIA.  Apart from their espionage, Ames and Hanssen scoffed at the values the Intelligence Community now holds as necessary and absolute for encouraging analysis and problem solving for critical issues of national security. 

Counterintelligence now has the responsibility to ferret out these ethical matters as contributing actions “by employees who may represent a threat to national security” (NITTF n.d., 1).  The literature on Ames and Hanssen typically concentrates on their activities of espionage, but even the casual reader can see that personnel under their supervision suffered in production and contribution to the overall mission of the CIA.  It is not difficult to correlate an example of someone's example of working under a leader or manager who was abusive and the resulting distractions away from accomplishing quality work.  According to the Intelligence Community’s current doctrine, the IC will meet the objective of inclusion and diversity by “[taking] measures to proactively prevent discrimination, harassment, and fear of reprisal, enabling the workforce to perform at its highest potential” (Strategy 2019, 22).  This represents a significant change for the better than during the era where Hanssen and Ames were allowed to continue their reign for several decades.            

Counterintelligence: Facing Threats from Within

“The mechanics of legal subversion extend far beyond any legitimate process of legal representation.  They embrace the efforts of a conspiratorial minority, trained in the use of the legal instruments of our society, to turn those instruments into weapons for the destruction of our free society.”

~ Committee on Un-American Activities (CUA). 1959

The authors of Communist Legal Subversion: The Role of the Communist Lawyer write that, “[f]rom the scope and nature of their activities, it is evident that Communist lawyers rank as part of an elite corps within the Communist fifth column on American soil” (1959, 8).  Further, the writers cannot emphasize more the imperative of protecting the US political system, the courts, Congress, and executive agencies from communist lawyers (CUA 1959, 8).  These four tools in which the United States uses to protect the Constitution also need to be protected from influence and manipulation.  The Communist Legal Subversion report was only just declassified in 2003 and highlighted the extent to which a Congressional committee was concerned about the subversion of the highest order by communists within the structure and foundation of US government. 

In the past, like now, Counterintelligence has their work cut out for them in what seems like an impossible task of eliminating this threat.  Under the mantle of political correctness or even freedom of speech, countermeasures or other efforts to suppress communist or socialist ideology will be met with harsh criticism from opposing parties.  Ironically, using the US systems against itself seems to be a tactic of communist infiltrators.  Saul Alinsky’s, Rules for Radicles, point out three that directly apply to this scenario: (1) “Make the enemy live up to its own book of rules,” (2) “Ridicule is man's most potent weapon,” and (3) “Pick the target, freeze it, personalize it, and polarize it” (Alinsky 1971).

The courts and Congress, two of America’s highest legislative and lawmaking apparatus, have been under attack since the Red Scare that began in the late 1940s and early 1950s.  One major defeat for the suppression of communist ideals, and thus a counterintelligence defeat as well, was the decision by Chief Justice of the Supreme Court Earl Warren.  Warren struck down the Pennsylvania Sedition Act in 1956, and this judgment was later used as precedence for others to challenge the internal security laws of 42 additional states also eventually rendering them unconstitutional (publius 2009, 10/14, 03:06).  Also, the Warren Supreme Court made over 30 other decisions regarding communism in the US that remain unchallenged to this day.  Several new members of Congress and even presidential candidates openly support converting the United States to a socialist state.  While a few conservative news and commentary personalities are sounding the alarm about the dangers of socialism from historical examples, there seems to be a growing interest in socialism from the public.  

It is difficult to decide who in US Executive offices have been influenced by communism, but startling revelations show that the possibility is genuine.  Former Director of the CIA, John Brennan, has not hidden the fact that he was a communist.  Former Director of the FBI, James Comey, may have been joking, but during a past speech said that he too was a former communist (McQuillan 2019).  Karin McQuillan writes that many of President Obama's executive staff had a communist or Marxist influence.  For example, Valarie Jarratt, a close personal advisor to Obama, who still lives with the president in retirement, father, stepfather, and mother were devout communists (McQuillan 2019).  David Axelrod, Obama's Chief Political Strategist, and Senior Advisor in the White House, parents were writers for a communist newspaper and Axelrod himself “got his start in Chicago politics through working for hardline Stalinist Soviet agents Harry and David Canter” (McQuillan 2019).  Even Obama’s longtime pastor, Reverend Jeremiah Wright was an avowed Marxist. “His church congregants had to sign a pledge to support redistribution of wealth and reject ‘middle-classness’” (McQuillan 2019).  In other words, with a former US president and a large portion of his senior staff having significant connections to communism, Marxism, and socialism, how does Counterintelligence have a chance?                            

Counterintelligence has to harden its defenses against communist infiltration of US interests, and all others for that matter.  While those who use a free society against counter-subversion efforts; and this may hamstring some efforts, CI can reinforce and redouble investigations and defensive precautions.  Media has some control on the population, but until people once again learn to conduct their research and make decisions absent those made for them by so-called news outlets, Counterintelligence is limited to defending the national security enterprise by the traditional means it has always done.  Another question remains - who polices the police?  Since the Muller Report has been released, US Attorney General William Barr has testified that former intelligence and federal law enforcement may not have been acting within the law or Constitution, thus also implicating many others possibly in the previous presidential administration.  Hopefully, Counterintelligence is allowed to take an active role in investigating these alleged violations.  Godspeed counterintelligence, but things may have gotten to the point that it is nearly impossible to unravel all the layers of subversion and deception within the US government.            


Alinsky, Saul D. 1971. “Rules for Radicles.” online. Accessed May 26, 2019.

Bradley, Petra, Wendy Chambers, Cory Davenport, and Lelyn Saner. 2017. “A National Research Agenda on Insider Threat.” Accessed May 22, 2019.

Committee on Un-American Activities (CUA). 1959. “Communist Legal Subversion The Role of the Communist Lawyer.” Committee On Un-American Activities House Of Representatives Eighty-Sixth Congress First Session. Accessed May 1, 2019.

McQuillan, Karin. 2019. “Obama Appointees in the Communist Orbit.” American Thinker. Accessed May 26, 2019. obama_appointees_in_the_communist_orbit.html

National Counterintelligence and Security Center (NCSC). 2018. “National Counterintelligence and Security Center: Strategic Plan | 2018–2022.” Office of the Director of National Intelligence (ODNI). Accessed May 20, 2019. NCSC/documents/Regulations/2018-2022-NCSC-Strategic-Plan.pdf

——. 2016. “National Counterintelligence Strategy of the United States of America 2016.” Office of the Director of National Intelligence (ODNI). Accessed May 20, 2019.  

National Insider Threat Task Force (NITTF). n.d. “National Insider Threat Task Force: Mission Fact Sheet.” Accessed May 19, 2019. products/National_Insider_Threat_Task_Force_Fact_Sheet.pdf

Principles of Professional Ethics for the Intelligence Community (PPE). n.d. Office of the Director of National Intelligence. Accessed May 26, 2019. CLPO/Principles%20of%20Professional% 20Ethics%20for%20the%20IC.pdf

Prunckun, Hank. 2019. Counterintelligence Theory and Practice. 2nd ed. Lanham, MD: Rowman & Littlefield Publishers.

publius10271787. 2009. “Hidden Agenda - Vol 2.” video. YouTube. Accessed May 1, 2019.

Redmon, Jeremy. 2018. “Reality Winner: Russia investigation a ‘little vindicating.'" TCA Regional News, Aug 31.

Categories: counterintelligence

About the Author(s)

Kane S. VanVuren retired from the US Army as a Chief Warrant Officer 3 (CW3) Blackhawk pilot, Tactical Operations and Personnel Recovery Officer.  Kane has deployed to Somalia, Iraq, and Afghanistan.  Kane is proud to continue his service by instructing intelligence analysis software to US Army soldiers worldwide.  As a Graduate student at American Military University, Kane’s focus on Counterintelligence subjects and Intelligence Operations comes from a passion for the US Intelligence Community and its impact on national security policy.