National Counterintelligence and Security Center

Features

National Counterintelligence and Security Center

Time-line of Milestones

Legend: CI History CI Threat Event

  • May 2014

    Director of National Intelligence James R. Clapper appointed William “Bill” Evanina the sixth National Counterintelligence Executive on May 22, 2014.  Evanina, a career FBI agent, most recently served as the Chief of CIA’s Counterespionage Group, where he led efforts to identify, prevent and neutralize the espionage related activities of foreign intelligence services.
  • May 2014

    The U.S. Government unseals criminal charges against Chinese government officials for conducting cyber activities against U.S. companies
  • December 2014

    The DNI Establishes the National Counterintelligence and Security Center

    NCSC, December 2014 – Present

  • January 2013

    The Foreign and Economic Espionage Penalty Enhancement Act is signed by President Obama In response to Foreign Spies Stealing U.S. Economic Secrets in Cyberspace as well as growing Congressional focus on economic espionage that increases the prison sentencing guidelines and fines for economic espionage.
  • June 2013

    Leaked briefings on several classified programs appear in the media, signaling a major unauthorized disclosure
  • February 2012

    Director of National Intelligence James R. Clapper appointed Frank Montoya, Jr. the fifth National Counterintelligence Executive (NCIX) on February 6, 2012.  As NCIX, Mr. Montoya realigned ONCIX to reflect its functional mission within the IC.  He did this, in part, through focusing on his role as National Intelligence Manager for Counterintelligence (NIM-CI) and establishing a Directorate to manage the broad accompanying responsibilities.  He also established a close rapport with the private sector and created the first CI Operations Coordination Directorate – the first time CI Operations were coordinated across the community.  Under Mr. Montoya’s leadership, the office oversaw the equity assessments in the wake of recent unauthorized disclosures.  Mr. Montoya led numerous counterintelligence and national security investigations during his 21-year career with the FBI and was instrumental in establishing the National Cyber Counterintelligence Division.  Prior to his appointment as NCIX, Mr. Montoya was FBI’s Special Agent in Charge in Honolulu.  He oversaw national security investigations at FBI headquarters in April 2000 when he participated in the search and ultimate discovery of the spy Robert Hanssen.
  • November 2011

    On November 3, 2011, ONCIX released Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, which is the first time the United States Government publicly identifies China and Russia as active and persistent threats to U.S. interests in Cyberspace. The report receives widespread attention and elevates the issue of foreign economic espionage. CNN and the Council on Foreign Relations later describe the report's revelations among the "Top Ten Events that shook Asia in 2011."

  • October 2011

    In response to the unauthorized disclosures of classified information to Wikileaks in 2010, President Barack Obama signed E.O. 13587, directing the DNI and Attorney General to create a National Insider Threat Task Force. The NCIX and FBI were subsequently directed to chair the task force and commence implementation of a government-wide program to detect, deter and mitigate insider threats.
  • August 2010

    James R. Clapper, Jr., Lieutenant General, USAF (Ret), is appointed by President Barack Obama and confirmed by the Senate on August 5, 2010.  DNI Clapper’s reorganization of the ODNI reflected his heightened focus on Counterintelligence.  In concert with the NCIX, he merged the formerly distinct IC disciplines of Counterintelligence and Security into ONCIX.  In so doing, he enhanced the U.S. response to 21st Century foreign intelligence threats.  DNI Clapper also oversaw the build-up of the National Insider Threat Task Force, the development of Continuous Evaluation and the IC Information Technology Enterprise (“The Cloud”) and signed ICD 750, Counterintelligence Programs – the first IC-wide counterintelligence policy.  Prior to serving as DNI, he held a variety of senior positions in the IC.  He was the Director of DIA from November 1991 – August 1995.  He was also the head of the National Geospatial Intelligence Agency from 2001 – 2006.
  • September 2010

    In September 2010, the DNI announced the merger of ONCIX with the DNI’s Special Security Center and the Center for Security Evaluation. In unifying the formerly-distinct disciplines of Counterintelligence and Security, the ODNI adopted a new, layered response to foreign intelligence threats. The merger of these entities with ONCIX has enhanced IC mission integration, strengthened the protection of national intelligence, and saved resources by consolidating common functions.
  • April 2010

    Wikileaks posts the first of the classified material leaked by SPC Bradley Manning
  • July 2009

    Greg Chung is convicted of stealing U.S. aerospace secrets for China
  • September 2009

    Robert M. (Bear) Bryant appointed NCIX NCIX, 2009 – 2012
    On September 18, 2009, Robert “Bear” Bryant became the fourth NCIX.  His tenure covered a critical and highly public period for ONCIX.  Under Bear Bryant, ONCIX oversaw the Wikileaks Damage Assessment, sketched the blueprints for the National Insider Threat Task Force and, in 2011, issued the report Foreign Spies Stealing U.S. Economic Secrets in Cyberspace.  It represented the first time the U.S. Government publicly named China and Russia as active and persistent perpetrators of economic espionage in Cyberspace.  The report’s revelations were ranked by CNN and the Council on Foreign Relations among the “Top Ten Events that shook Asia in 2011.“  A former Deputy Director of the FBI, Mr. Bryant's career in counterintelligence spanned more than 40 years and included the successful investigations and prosecutions of the spies Aldrich Ames, Earl Pitts and Harold Nicholson.

  • January 2009

    President Obama took the oath of office on January 20, 2009, as the U.S. embarked upon one of the more transformational periods for the Intelligence Community.  Wikileaks, economic espionage and cyber attacks on the United States – associated with both foreign intelligence services and state-sponsored economic competitors – came into public focus to a degree rarely known to Counterintelligence issues.  The Obama Administration oversaw a comprehensive effort to enhance the protection of National Intelligence – particularly with respect to protecting sources and methods – and established the National Insider Threat Task Force, raised awareness on foreign intelligence threats in cyberspace, and accelerated the prosecutions related to leaks of US intelligence.
  • January 2009

    Dennis C. Blair DNI, 2009 – 2010

    Dennis C. Blair became the third Director of National Intelligence on January 29, 2009. A former Navy Four Star Admiral and Commander of the Pacific Fleet, DNI Blair served during the first year of the Obama Administration.  During his tenure, DNI Blair focused on IC-wide priorities such as personnel, intra-IC communications, clearances and classification reform, and further integrating the IC to achieve common objectives.

  • May 2007

    Chi Mak is convicted after 20 years of stealing U.S. defense secrets for China
  • February 2007

    John M. (Mike) McConnell  DNI, 2007 – 2009

    Sworn in as the second Director of National Intelligence in 2007, Mike McConnell arrived with a long history of public service, including as an Admiral in the U.S. Navy and serving as Director of the National Security Agency (NSA) under two Presidents.  During his active tenure, DNI McConnell participated in orchestrating the passage of revised FISA legislation and the revision of Executive Order 12333.  He also participated in the establishment of the Comprehensive National Cybersecurity Initiative (CNCI) to protect U.S. communications infrastructure, a major step toward addressing current threats and future challenges.

  • August 2006

    Dr. Joel Brenner appointed NCIX 2006 – 2009

    Dr. Joel F. Brenner was the NCIX from August 7, 2006 through July 4, 2008.  He is credited with an early advocacy for improving the U.S. Counterintelligence posture in Cyberspace, and organizing ONCIX to meet this objective.  Dr. Brenner also focused extensively on the private sector, expanding direct outreach to U.S. industry, to fulfill ONCIX’s statutory requirement to provide "threat warning and awareness" information to the U.S. private sector.  A graduate of the University of Wisconsin, the London School of Economics (PhD), and Harvard Law School (JD), Dr. Brenner was a Marshall Scholar.  From 2002 – 2006 he served as the Inspector General of the National Security Agency.

  • April 2005

    John Negroponte  DNI, 2005 – 2007

    Ambassador John Dimitri Negroponte is sworn in as the first Director of National Intelligence (DNI) on April 21, 2005.  DNI Negroponte invested his early efforts in standing-up the Office of the Director of National Intelligence (ODNI), building out its personnel infrastructure and organization, and guiding the mission along a path of new and previously-untested authorities. He is often credited for his statesmanship for handling the introduction of the DNI to the IC.

  • December 2004

    The Intelligence Reform & Terrorism Prevention Act (IRTPA)  is signed by President George W. Bush.  IRTPA represented the largest reorganization of the U.S. Intelligence Community since the Truman Administration.  This Act created the position of Director of National Intelligence and reorganized the National Counterintelligence Executive into the ODNI.
  • July 2003

    Michelle Van Cleave appointed NCIX, 2003 – 2006

    The 2002 CI Enhancement Act placed the NCIX within the Executive Office of the President (EOP).  In July 2003, Michelle Van Cleave became the first and only presidentially-appointed National Counterintelligence Executive.  Ms. Van Cleave is largely credited with refining the initial organizational structure of ONCIX, focusing on providing strategic direction to the U.S. Intelligence Community, and raising the volume on the Twenty First Century threats facing the United States. Ms. Van Cleave served until January 2006, when the Office of the National Counterintelligence Executive had fully migrated from the EOP to the ODNI, in the wake of the Intelligence Reform and Terrorism Prevention Act of 2004.

  • November 2002

    The Counterintelligence Enhancement Act of 2002 established the position of National Counterintelligence Executive in law. It also gave the office the unique authority to conduct outreach to the private sector and provide warning and awareness of intelligence threats to the public.

  • February 2001

    FBI Special Agent Robert Hanssen is arrested for espionage
  • March 2001

    David Szady becomes the first NCIX, 2001 – 2002

    On March 15, 2001, the National Counterintelligence Board of Directors appointed the first National Counterintelligence Executive, David Szady, an FBI Executive with experience in counterintelligence.  Mr. Szady arrived in May 2001 to begin building the new NCIX.  His job included advancing new missions, building office support, and fostering cooperation across the CI community.  The primary challenge, of course, involved securing fiscal and personnel resources.  The resources of the former National Counterintelligence Center had been conveyed to the NCIX, but were insufficient for the broad new mission as outlined in PDD-75.  On September 11, 2001, terrorists attacked the United States. In the aftermath, national security resources were directed toward counterterrorism.  The NCIX was hard pressed to obtain staff or contractors to fill positions needed to meet PDD-75 responsibilities.  In February 2002, Mr. Szady was appointed by Robert Mueller to serve as the Federal Bureau of Investigation’s Assistant Director for Counterintelligence.

  • January 2001

    George W. Bush sworn in as President of the United States.  After taking the oath of office in January 2001, the Bush Administration reviewed and affirmed its commitment to PDD-75. The White House then began working with the Senate Select Committee on Intelligence to increase the focus and resources directed to Counterintelligence."
  • December 2000

    Bill Clinton's Last Presidential Directive; The First National Security Policy for the Twenty-First Century: 

    On December 28, 2000, President Clinton signed Presidential Decision Directive-75, U.S. Counterintelligence Effectiveness – Counterintelligence for the 21st Century.  PDD-75 established the National Counterintelligence Executive, as well as the National CI Policy Board, the National Threat Identification and Prioritization Assessment, and the National CI Strategy.  In so doing, the President explained that the U.S. now faces a more complex set of threats from a variety of countries, non-state actors and traditional adversaries.  He noted that the CI system that worked in the Cold War would not be successful in the current threat environment.  He indicated his intention to have a U.S. CI system that is predictive and provides integration and oversight of CI issues across the national security agencies.  PDD-75 was the last Presidential Directive of the Clinton Administration.

History of NCSC

Counterintelligence in the 21st Century

The position of the National Counterintelligence Executive (NCIX) was established in 2001 and the Counterintelligence Enhancement Act of 2002 established the Office of the National Counterintelligence Executive (ONCIX). In November 2014 the Director of National Intelligence (DNI) established NCSC by combining ONCIX with the Center for Security Evaluation, the Special Security Center and the National Insider Threat Task Force, to effectively integrate and align counterintelligence and security mission areas under a single organizational construct. The Director of NCSC serves in support of the DNI’s role as Security Executive Agent (SecEA) to develop, implement, oversee and integrate personnel security initiatives throughout the U.S. Government.

NCIX Seal Converted old

The Office of the National Counterintelligence Executive (ONCIX) was established in 2002 and then integrated into the Office of the Director of National Intelligence (ODNI) in 2004. The ODNI/Special Security Center (SSC) and the ODNI/Center for Security Evaluation (CSE) were integrated into ONCIX in 2010 to strengthen the synergies between CI and Security. SSC – renamed the Special Security Directorate (SSD) continues to focus on personnel security, serving as the Director of National Intelligence’s (DNI’s) lead for Security Executive Agent (SecEA) authorities, clearance reform, and continuous evaluation. CSE, in consultation with the IC, supports the Department of State in protecting classified national security information and provides other security-related functions affecting IC interests at U.S. diplomatic and consular facilities abroad. ONCIX, on behalf of the DNI, along with the FBI, on behalf of the U.S. Attorney General provides direction and oversight of the National Insider Threat Task Force (NITTF) which was formed in 2011.

NCSC Seal

On 1 December 2014, the DNI established the National Counterintelligence and Security Center (NCSC) to effectively integrate and align counterintelligence and security mission areas and allow the DNI to address counterintelligence and security responsibilities under a single organizational construct. The establishment of NCSC is consistent with the DNI’s authority to establish national intelligence centers to address intelligence priorities. The National Counterintelligence Executive (NCIX) also serves as the Director of NCSC.

New NCSC Seal

On 1 December 2015, on the one-year anniversary of NCSC, a new seal replaced the legacy ONCIX seal to represent the role of CI– to deter, disrupt, and defeat foreign intelligence threats and the role of security– to protect and defend U.S. infrastructure, facilities, classified networks, information and personnel. NCSC’s vision is to be the nation’s premier source for CI and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats.

CI and Security Advocacy

The IC uses the Intelligence Planning Programming, Budgeting, and Evaluation (IPPBE) system to effectively shape and sustain intelligence capabilities through the development of the National Intelligence Program (NIP). NCSC oversees the CI and security NIP resources and advocates for our Federal Partners to implement CI and security programs not funded by the NIP.

Through mission reviews, based on the implementation of the National CI Strategy and the state-of-the-mission, based on the Unifying Intelligence Strategy for CI, NCSC assesses progress toward closing key intelligence gaps and finds ways to leverage existing CI capabilities before proposing new ones.

National and IC Strategy Development

NCSC leads the development, implementation and assessment of the National CI Strategy that guides US Government and private sector entities to unify CI efforts at home and abroad. NCSC also leads the development, implementation and assessment of the Unifying Intelligence Strategy for Counterintelligence for the Intelligence Community. NCSC leads comprehensive assessment programs to identify gaps, make recommendations about priorities, and inform and shape resource and budget decisions.

National CI and Security Policy Development

NCSC is responsible for national CI and security policy development and policy compliance oversight. The National Counterintelligence Policy Board, established by the Counterintelligence and Security Enhancements Act of 1994, serves as the principal mechanism for developing national policies and procedures to guide the conduct of counterintelligence activities across the US Government.

For personnel security under SecEA authorities, in coordination with the Suitability Executive Agent, NCSC ensures that policies, procedures and standards relating to suitability of contractor and employee fitness, eligibility to hold a sensitive position, access to federally controlled facilities and information systems, and eligibility for access to classified information are aligned to the extent possible, for reciprocal recognition and protection of national security information.

Intelligence Community Policy and Guidance

NCSC facilitates and monitors the implementation and effectiveness of IC CI and security policies and programs, and develops recommendations for new or modified policies; develops and promulgates IC CI and security standards and other guidance to implement CI and security policies.

Physical Security

NCSC works with the Department of State to protect classified national security information and to perform other security-related functions affecting U.S. diplomatic and consular facilities abroad.

Technical and cyber threat assessments bring an understanding of foreign scientific and technical developments and capabilities that might pose potential threats, targets, or opportunities for the U.S. Government and its partners.

Technical Surveillance Countermeasures (TSCM) represent the convergence of counterintelligence and security. Countermeasures are designed to detect and nullify a wide variety of technologies used to gain unauthorized access to classified national security information, restricted data or otherwise sensitive information.

Relevant Reports, Briefings, & Reading Material

i.    Protecting U.S. Embassies and Consulates

NCSC, in consultation with the IC, works with Department of State (DoS) to protect classified national security information and to perform other security-related functions affecting U.S. diplomatic and consular facilities abroad. NCSC provides IC input to the DoS biannual Security Environment Threat List for the Human Intelligence and Technical Threat categories and conducts risk assessments for U.S. diplomatic facilities abroad in response to specific requests from DoS that involve analyses of asset value, threats, and vulnerabilities as well as recommendations for risk mitigation.

NCSC has responsibility for overseas security which requires: maintaining databases on foreign intelligence threats to and the vulnerabilities of U.S. diplomatic facilities abroad; collaborating with the IC and DoS to enhance information assurance standards and policies for the protection of classified national security information held in U.S. diplomatic facilities abroad, and partnering with DoS, industry and the IC elements to assess technical security shortfalls, identify solutions and manage the integration of emerging technologies to improve security countermeasures.

ii.    Protecting IC Facilities Domestically and Abroad

NCSC oversees the management of U.S. Government facilities containing Sensitive Compartmented Information Facilities (SCIFs) and a framework for common security standards for IC domestic facilities enabling savings through shared, multi-use spaces. NCSC provides a single automated source for secure facility information worldwide. SCIF locations can be an invaluable tool to identify sites in jeopardy due to national disasters, heightened security alerts, as well as domestic and international hostilities.

iii.    Technical Threat Assessment and Technical Surveillance Countermeasures

The protection of national intelligence and intelligence sources and methods, and the neutralization of foreign intelligence threats, are fundamental to the success of the CI and security mission. Technical and cyber threat assessments bring an understanding of foreign scientific and technical developments and capabilities that might pose potential threats, targets, or opportunities for the U.S. Government and its partners.

Technical Surveillance Countermeasures (TSCM) represent the convergence of counterintelligence and security. Countermeasures are designed to detect and nullify a wide variety of technologies used to gain unauthorized access to classified national security information, restricted data or otherwise sensitive information.

Information on foreign technical penetrations, technical surveillance, or technical collection efforts against the U.S. is centralized and managed, including information and techniques obtained through U.S. TSCM activities and subsequent CI investigations.

Information Sharing and Audit Data

IC elements treat information collected and analysis produced as national assets. They are stewards of information who have a "responsibility to provide." Authorized IC personnel have a "responsibility to discover" information believed to have the potential to contribute to their assigned mission need and a corresponding "responsibility to request" relevant information they have discovered.

National Counterintelligence and Security Center