At a glance.
- US Counterintelligence Strategy reflects growing complexity of the threat.
- A bill introduced into the US House would assist state, local, territorial, and tribal governments with grants to improve cybersecurity.
US counterintelligence efforts face a complex and increasingly commodified set of threats.
The US has released its National Counterintelligence Strategy. The document lays out a case, described in the Wall Street Journal, that the intelligence threats the US faces have grown more diverse, more complex, and more damaging, especially as they merge traditional intelligence disciplines with cyber operations and as they show an increased disposition to engage in economic espionage. The document outlines five strategic objectives:
- "Protect the Nation’s Critical Infrastructure"
- "Reduce Threats to Key U.S. Supply Chains"
- "Counter the Exploitation of the U.S. Economy"
- "Defend American Democracy against Foreign Influence"
- "Counter Foreign Intelligence Cyber Operations and Technical Operations"
The Strategy notes that an increasing number of threat actors now target the United States. The document specifically calls out Russia, China, Cuba, Iran, and North Korea as the principal nation-states of concern. Non-state actors like Lebanese Hizballah, ISIS, and al-Qa’ida are mentioned, as are "transnational criminal organizations and ideologically motivated entities such as hacktivists, leaktivists, and public disclosure organizations." The widespread availability of cyberattack tools and techniques have commodified espionage. What was once within the capabilities of a relatively advanced nation-state is now open to anyone with a good Internet connection and a very basic level of skill.
Bipartisan bill would offer Federal aid to state, local, tribal, and territorial governments to secure their networks.
- A $400 million DHS grant program to incentivize states to increase their cybersecurity funding.
- A requirement that the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) develop a strategy to improve the cybersecurity of state, local, tribal, and territorial governments.
- A requirement that state, local, tribal, and territorial governments develop comprehensive cybersecurity plans for using any Federal grants they receive.
- Establishment of a state and local Cybersecurity Resiliency Committee to better advise CISA on state, local, tribal, and territorial cybersecurity needs.