A lot of espionage activities took place within the United States and abroad in 2022. Indeed, a quick review of the top five of 2022 showed a healthy presence of Russia and China. Not surprisingly, we predict 2023 will be more of the same.
China and Russia will continue to invest in their espionage operations targeting the United States and its allies. In addition, criminal entities will continue to target both government and private sector actors for their information (PII and intellectual property). We can also expect to see the odd country decide it is in their national interest to obtain specific information or attempt to influence economic or political policy in the United States.
In sum, 2023 is going to be a busy year for the counterintelligence and counterespionage teams in government and the private sector, both those who operate within the NISPOM/DCID, and those who have no government engagement. Information/data has always been the goal of the nation’s adversaries in their espionage operations, nothing changes for 2023, and our information/data remains a target.
Let’s dig in and expand. On January 19, acting director of the National Counterintelligence Security Center (NCSC), Michael Orlando, speaking at the Clearance Jobs hosted the webinar “2023 The Year Ahead in Counterintelligence and Security” which highlighted areas worthy of approbation.
China
As noted, we have China high on our list, and we should, per Orlando, be prepared for China to continue to target the United States, both via illicit means, as well as fully above-board channels. Orlando confirmed that China will be taking an all-of-government approach. We’ve written about China’s all-of-government engagement in the past, and also cautioned that not every Chinese student is under government control or business engagement with a Chinese entity being controlled by the PLA or the Ministry of State Security. That said, China’s track record is sufficient to suggest that every engagement be vetted, even if the probability of the Chinese government having an unseen hand in the equation is low. But it is not zero.
A current example can be found in the Swedish media outlet, Dagens Nyheter, which ran an expose on January 13 that spoke to the existence of a secret agreement between the government of the PRC and scholarship students who are sent to Sweden via the Chinese Scholarship Council (CSC) program. The secret agreement requires the students to mind their Ps and Qs and not speak ill of China and to promise to be cooperative and do the country’s bidding when asked. (Kinas hemliga avtal med studenter i Sverige – kräver lojalitet med regimen).
Orlando mentioned how the Chinese diaspora within the United States would continue to be a matter of national interest. He spoke specifically to that Chinese citizens residing in the UnitedStates and how they should be able to live in the U.S. free of fear from the PRC. The recent revelation of the existence of sub rosa existence of “Chinese police stations” in major cities around the world, including within the United States is an ongoing concern.
We expect China to keep its foot on the gas and take every opportunity to advantage itself in the acquisition of information of interest in support of their long term global goals.
Critical infrastructure – Supply Chains
According to the Trellix 2923 Threat Predictions Report, legacy systems and software applications are the equivalents of “skeletons in the closet.” The report appropriately notes how “hackers are lazy. They wish to incur the largest amount of financial gain or – especially in the case of nation states – inflict the most amount of damage with the least amount of effort.” Leaders should be aware of how exploitation of vulnerabilities found long ago, yet never mitigated and long forgotten will be like the Achilles heel. The report explains, “Both threat actors and security researchers are likely to heighten their study of the underlying frameworks which are part of the supply chain. As a result, we anticipate seeing more vulnerabilities discovered (or rediscovered) and exploited which have a wide impact.”
The attacks over the past few years on the U.S. critical infrastructure should be sufficient rationale to expect this type of activity to continue, both from state actors or criminals sponsored by state actors and lone wolf domestic terrorists who have taken to using kinetic means to disrupt utilities
Russia
Questioned specifically if Russia had reduced its level of activity in the pursuit of information of interest, Orlando, noted that such was far from the case. Indeed, Orlando opined that the interest in U.S. technologies and policies was higher than ever given the current Russian-initiated conflict in Ukraine. He continued that we can expect to see Russia engaging in both cyber operations, as well as traditional clandestine operations to cultivate sources within both government and private sectors.
Counterintelligence Programs
It’s important to highlight Orlando’s comments about our readiness to address the threats. Orlando acknowledged that those who consume intelligence and counterintelligence are the most aware, followed by those within the NISPOM/DSCID communities of cleared personnel, and then within the critical infrastructure and defense entities. He cited how when he is speaking at public events the questions coming to him are more nuanced and specific which is indicative of having embraced and engaged to understand by the private sector entities. He then quickly noted that there remains a wide swath of the country that is not tuned in to the threats facing them in 2023.
To that end, he pointed all concerned to the NCSC website and toolkit for any entity to use to build their internal counterintelligence capability
