National Counterintelligence and Security Center STRATEGIC PLAN

Home , Counterintelligence, Tempest (codename)

National Counterintelligence and Security Center STRATEGIC PLAN | 2018–2022

NATIONAL COUNTERINTELLIGENCE AND SECURITY CENTER

A Message from the Director

I am pleased to present the National Counterintelligence and Security Center‘s (NCSC’s) Strategic Plan for fiscal years 2018- 2022. NCSC’s mission is to lead and support the US Government's counterintelligence (CI) and security activities critical to protecting our nation; provide outreach to US private sector entities at risk of intelligence penetration; and issue public warnings regarding intelligence threats to the US. The Center's vision is to carry out its mission in a way that ensures it is the premier source for counterintelligence and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats. William R. Evanina Director, NCSC The openness of America—our government, industries, universities and research labs in pursuit of scientific discovery and innovation— makes us a prime target of foreign intelligence entities. The technologies that connect people to computers and networks also provide a nexus for adversarial penetrations, theft of intellectual property and unauthorized disclosures through remote access and through the recruitment of insiders. As we face higher physical and technical threat levels than ever before, our security policies, standards, guidelines and practices must be based on sound threat Penetrating the US analysis and risk management. US Government CI and security national decisionmaking activities protect our nation’s secrets and assets from theft, manip- ulation or destruction by foreign adversaries by knowing their apparatus and the intentions, targets, capabilities and methods. The overarching theme Intelligence Community of our Strategy is the integration of CI and security activities because will remain primary the solutions to countering adversarial threats often lie at objectives for numerous the intersection of the CI and security disciplines. foreign intelligence entities. The targeting of While our five Strategic Goals are individually important, they cannot national security be executed in isolation. NCSC is uniquely positioned to integrate the tremendous assets of the CI, security and cyber communities and to information and achieve mission success through collaboration and partnerships. This proprietary information Strategy defines our mission, vision, strategic goals, key objectives from US companies and and initiatives that will guide our choices and direct our resources in research institutions how we will work with our mission partners and stakeholders to deter involved with defense, and defeat any adversary that threatens our national security. energy, finance, dual-use technology, and other areas will remain a persistent threat to US interests.*

*Worldwide Threat Assessment of the US Intelligence Community 2017. Purpose of this Plan

NCSC activities must be consistent with and responsive to national security priorities and com- ply with the US Constitution, applicable statutes and Congressional oversight requirements. In fulfilling NCSC’s responsibilities under theNational Security Act of 1947, Counterintelligence Enhancement Act of 2002, Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), Executive Orders, Intelligence Community Directives and in support of the National Security Strategy, the National Intelligence Strategy and the National Counterintelligence Strategy of the United States of America, this Strategic Plan provides our mission partners, stakeholders, and our workforce with our mission, vision, goals, objectives and key initiatives.

MISSION

Lead and support the US Government’s counterintelligence and security activities critical to protecting our nation; provide counterintelligence outreach to US private sector entities at risk of foreign intelligence penetration; and issue public warnings regarding intelligence threats to the US.

VISION

NCSC is the nation’s premier source for counterintelligence and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats.

STRATEGIC GOALS

Goal 1: Advance our Knowledge of, and our Ability to Counter Foreign and other Threats and Incidents.

Goal 2: Protect US Critical Infrastructure, Technologies, Facilities, Classified Networks, Sensitive Information, and Personnel. Goal 3: Advance our Counterintelligence and Security Mission and Optimize Enterprise Capabilities through Partnerships.

Goal 4: Strengthen our Effectiveness through Stakeholder Engagement, Governance, and Advocacy.

Goal 5: Achieve our Mission through Organizational Excellence. Contents

Foreign Intelligence Threats • 1 A Counterintelligence and Security Perspective on the Threat Environment • 3 Threat Actors • 3 Cyber Threats • 4 Physical Threats • 4 Threats to the Supply Chain • 4 Threats to US Technologies and Intellectual Property • 5 Threats to US Critical Infrastructure • 5

The National Counterintelligence and Security Center: An Overview • 7 NCSC Counterintelligence Responsibilities for the US Government and the Intelligence Community • 7 NCSC Security Responsibilities for the US Government and the Intelligence Community • 9

NCSC Mission Partners and Stakeholders • 11

An Overview of NCSC Responsibilities • 12 Threat Assessments to Disrupt and Defeat the Adversary • 12 Personnel Security • 12 National Insider Threat Task Force • 13 Information Sharing and Audit Data • 13 Damage Assessments • 13 Physical Security • 13 Supply Chain Risk Management • 15 Cyber Threats and Counterintelligence • 15 National and Intelligence Community Policy and Strategy Development • 15 Advocating for CI and Security Resources • 16 Civil Liberties, Privacy and Transparency • 16

How NCSC Integrates Counterintelligence and Security Capabilities • 17 NCSC Strategic Goals, Objectives and Initiatives • 19 Goal 1: Advance our Knowledge of, and our Ability to Counter Foreign and • 20 Other Threats and Incidents Goal 2: Protect US Critical Infrastructure, Technologies, Facilities, Classified Networks, • 21 Information, and Personnel Goal 3: Advance our Counterintelligence and Security Mission and Optimize • 22 Enterprise Capabilities through Partnerships Goal 4: Strengthen our Effectiveness through Stakeholder Engagement, Governance, and Advocacy • 23 Goal 5: Achieve our Mission through Organizational Excellence • 24

NCSC: Organization, Core Programs and Publications, and Governance • 25 Implementing this Strategy and Measuring Progress • 27 A Chronology of the National Counterintelligence and Security Center • 28 Principles of Professional Ethics for the Intelligence Community • 29 Foreign Intelligence Threats

As a backdrop for NCSC's Strategic Plan, this excerpt from the 2017 Worldwide Threat Assessment, succinctly summarizes the leading state and non-state intelligence threats to US interests, as well as their targets and methods. These threats underpin NCSC's Counterintelligence and Security misson and strategic goals.

Counterintelligence advance their own, and despite improving cyber defenses, nearly all information, communication The United States will face a complex global networks, and systems will be at risk for years. foreign intelligence threat environment in 2017. The leading state intelligence threats to US Russia interests will continue to be Russia and China, based on their services’ capabilities, intent, Russia is a full-scope cyber actor that will and broad operational scope. Other states in remain a major threat to US Government, South Asia, the Near East, East Asia, and Latin military, diplomatic, commercial, and critical America will pose local and regional intelligence infrastructure. Moscow has a highly advanced threats to US interests. offensive cyber program, and in recent years, the Kremlin has assumed a more aggressive Penetrating the US national decisionmaking cyber posture. apparatus and the Intelligence Community will remain primary objectives for numerous foreign China intelligence entities. The targeting of national security information and proprietary information China will continue actively targeting the US from US companies and research institutions Government, its allies, and US companies for involved with defense, energy, finance, dual- cyber espionage. Private sector security experts use technology, and other areas will remain a continue to identify ongoing cyber activity from persistent threat to US interests. China. Beijing has also selectively used offensive cyber operations against foreign targets that it Non-state entities, including international probably believes threaten Chinese domestic terrorists and transnational organized crime stability or regime legitimacy. groups, are likely to continue to employ and improve their intelligence capabilities including Iran by human, technical, and cyber means. As with state intelligence services, these non-state Iran continues to leverage cyber espionage, entities recruit sources and perform physical propaganda, and attacks to support its security and technical surveillance to facilitate their illicit priorities, influence events and foreign activities and avoid detection and capture. perceptions, and counter threats—including against US allies in the region. Iran has also Trusted insiders who disclose sensitive or used its cyber capabilities directly against the classified US Government information without United States. authorization will remain a significant threat in 2017 and beyond. The sophistication and North Korea availability of information technology that increases the scope and impact of unauthorized North Korea has previously conducted cyber- disclosures exacerbate this threat. Our attacks against US commercial entities, and adversaries are becoming more adept at using remains capable of launching disruptive or cyberspace to threaten our interests and destructive cyber attacks to support its political objectives.

1 Counterintelligence, Security, and Cyber

Rapid technological advances are enabling a broad range of foreign intelligence entities1 (FIEs) to refine their cyber capabilities and target the US Government, private sector, and academia. FIEs aggressively use cyber operations to advance their interests and gain advantage over the US. These activities intensify traditional FIE threats, place US critical infrastructure and technologies at risk, erode US competitive advantage, and weaken our global influence. In formulating this Strategy we note that cyber threats and attacks by FIEs are considered both a CI and security challenge.

Counterintelligence Cyber Threats Security

Counterintelligence programs Foreign Intelligence Entities Security programs and collect information and conduct cyber operations activities establish personnel, conduct activities to identify, to penetrate our public and physical, information, deceive, exploit, disrupt, or private sectors in the pursuit operational, industrial and protect against espionage, of policy and military insights, technical safeguards and other intelligence activities, sensitive research, intellectual countermeasures to protect sabotage, or assassinations property, trade secrets, US Government information, conducted for or on behalf of and personally identifiable critical infrastructure, foreign powers, organizations, information (PII). FIE cyber networks, personnel, and or persons or their agents, activities present both CI and facilities from all threats. or international terrorist security threats. organizations.

NCSC works with the Intelligence Community and US Government cyber community to provide the CI and security perspective on foreign adversarial cyber capabilities, intent, and attribution.

To mitigate FIE threats, the IC must drive innovative CI and security solutions, further integrate CI, security, and cyber disciplines into IC business practices, and effectively resource such efforts. While the authorities that govern CI and security and the programs they drive are distinct, their respective actions must be synchronized, coordinated, and integrated.

1 A foreign intelligence entity (FIE) is any known or suspected foreign state or non-state organizations or persons that conducts intelligence activities to acquire US information, block or impair US intelligence collection, unlawfully influence US policy, or disrupt US systems and programs. The term includes foreign intelligence and security services and international terrorists. Intelligence Community Directive (ICD) 750.

2 A Counterintelligence and Security Perspective on the Threat Environment

Threat Actors Threats from Insiders and Unauthorized Disclosures There are many more highly capable foreign intelligence services in the world than ever The IC, US Government organizations and before. Threats to US national and economic the private sector continue to face insider security come from a range of malign actors threats, data breaches, and unauthorized disclo- including nation states with highly sures. When trusted insiders disclose sensitive sophisticated intelligence services and cyber US Government information to the public they programs; nations with lesser technical degrade and disrupt our ability to conduct intel- capabilities but possibly more disruptive ligence missions and provide our adversaries intent; ideologically motivated hackers, with a competitive advantage. profit-motivated criminal enterprises, terrorist organizations, and insiders. Anonymity and encryption tools, more users and devices, cloud computing, and advanced Threats from Foreign Intelligence Entities malware enable insiders to hide unauthorized actions among normal activities, and operate The US faces persistent and substantial undetected to harvest valuable information. The threats from the activities of FIEs. These unauthorized disclosure of classified information adversaries relentlessly target the US to the public via the media, whether for ideo- Government; US critical infrastructure; national logical or personal reasons, causes significant security information; proprietary information damage to national security. One action by one from US companies; and research institutions individual can cause disproportionate and involved in defense, energy, finance, dual-use enduring damage. technology, and other sensitive areas.

Advancing our knowledge and understanding of FIE plans, intentions, capabilities, tradecraft and operations will enable us to strengthen America’s protective barrier against their hostile intent and actions.

3 Cyber Threats Physical Threats

America’s economy, safety, and health are US Government personnel and facilities, both linked through a networked infrastructure that domestic and abroad, are increasingly under is targeted by foreign governments, criminals, threat of physical attack by hostile actors and individual actors who try to avoid seeking to cause death and destruction. attribution. Physical security threats come from a variety of hostile actors including lone gunmen, domestic Cyber threats to classified and unclassified terrorists, and organized foreign terrorists. Other US information networks are increasing in physical threats to our personnel and facilities frequency, scale, and severity of impact. come from those opposed to US Government The range of cyber threat actors, methods of policies and activities. While they may not attack, targeted systems and victims is also commit violent acts, they aim to disrupt daily expanding. The information and communication business. Such efforts may be in the form of technology (ICT) networks that support US demonstrations, blocking access to buildings, Government, military, commercial and social sabotaging equipment, or physically harassing media activities remain vulnerable to espionage, workers. hacking and disruption. Threats to the Supply Chain The widespread incorporation of “smart” devices into everyday objects, often referred to The global nature of critical US supply chains as the “Internet of Things” (IoT) is changing how increases the threat for subversion of our critical people and machines interact with each other infrastructure, industrial and national security and the world around them. Their deployment sectors. Attribution of FIE exploitation of supply has also introduced vulnerabilities into the chains is difficult due to the clandestine nature infrastructure that they support. For every and methods of supply chain operations. American, this means that personally identifiable information (PII) can be stolen through hacks of Securing US critical supply chains from FIE companies, retailers, social media sites and US attempts to compromise the integrity, Government networks. trustworthiness and authenticity of products and services purchased and integrated into the Cyber actors have already used these smart operations of the US Government and industry devices for distributed denial-of-service (DDoS) is an enduring CI and security challenge. attacks, and they will continue. In the future, state and non-state actors will likely use IoT devices to support security or to access or attack targeted computer networks.2

2 Worldwide Threat Assessment of the US Intelligence Community, May 2017.

4 Threats to US Technologies and Threats to US Critical Infrastructure3 Intellectual Property The counterintelligence efforts to protect US Scientific discovery and innovation empower critical infrastructure are to detect, deter or America with a competitive edge that secures disrupt any FIE attempts to launch disruptive our military advantage and propels our economy. operations against America's infrastructure. America’s culture of openness and collaboration in science and technology makes our national The US Government and private sector firms labs, universities, private sector, high-value alike are increasingly concerned about state targets for economic espionage and theft of US and non-state sponsored attempts to control or intellectual property by foreign actors. debilitate critical infrastructure systems, corrupt supply chains, or to gain access to sensitive The foreign threat to US intellectual property networks and information that control our is growing, whether measured by FBI nation’s critical infrastructure. investigations, criminal convictions, or the number and sophistication of cyber intrusions. The asymmetric, offensive opportunities Many state actors view economic espionage available to FIEs from systemic and persistent as essential in achieving their own national vulnerabilities in key sectors of US infrastructure security and economic goals at the expense continue to grow. A foreign adversary gaining of ours. They employ commercial enterprises access to industrial control systems (ICS) owned or influenced by the state, particularly or supervisory control and data acquisition when seeking sensitive technologies. Some (SCADA) systems that monitor and control nation-states direct their national intelligence plants or equipment in industries such as services to steal intellectual property to provide telecommunications, transportation or energy, competitive advantage to their own indigenous could seriously disrupt or damage the US innovation goals. Understanding how some economy and national security. foreign governments mix business with espionage illustrates the blurred lines between traditional intelligence collection and economic espionage.

3 Critical infrastructure represents systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety or any combination of those matters. (USA Patriot Act of 2001 § 1016(e)).

5 Sixteen Sectors of US Critical Infrastructure

Chemical Dams Financial Services Information Technology

Commercial Facilities Defense Food and Agriculture Nuclear Reactors, Industrial Base Materials, and Waste

Communications Emergency Services Government Facilities4 Transportation Systems

Critical Manufacturing Energy Healthcare and Water and Public Health Wastewater Systems

4 In January 2017, the US election infrastructure was designated by the Department of Homeland Security as a subsector of the existing Government Facilities Sector.

6 The National Counterintelligence and Security Center: An Overview

NCSC’s Counterintelligence Responsibilities coordinates the production of national for the US Government and the Intelligence CI strategic analysis, including damage Community assessments from espionage and unauthorized disclosures, and lessons The Director of NCSC serves as National learned from these activities. NCSC Intelligence Manager for Counterintelligence also coordinates national CI collection (NIM-CI) for the IC. and targeting; and develops priorities for CI investigations and operations. NCSC’s National Role for Security NCSC’s Intelligence Community Role for CI NCSC is responsible for producing, in consultation with US Government The Director of NCSC, as the National Intelligence departments and agencies, the National Manager for Counterintelligence (NIM-CI) is the Threat Identification and Prioritization DNI’s principal substantive adviser on all aspects of Assessment (NTIPA), a strategic CI. In this role, NIM-CI produces and updates the assessment of FIE threats against the US; and Unifying Intelligence Strategy (UIS)5 for CI. the National Counterintelligence Strategy A team that includes a National Intelligence of the United States of America (National CI Officer for CI (NIO-CI)6 on the National Intelligence Strategy) to guide programs and activities that Council (NIC)7, a National Intelligence Collection guard against foreign threats. NCSC, with Officer (NICO)8, and National Counterintelligence its mission partners, drafts, monitors and Officers (NCIOs)9 works collaboratively to identify evaluates the National CI Strategy opportunities to integrate collection, analysis and implementation and submits an annual CI efforts to achieve unity of effort and effect, and mission review report to the DNI, advises the DNI, through NIM-CI, on the state of including a discussion of any shortfalls the CI mission. and recommendations for remedies. In its national role NCSC oversees and

5 The Unifying Intelligence Strategy (UIS) is developed by NIM-CI to integrate the efforts of the IC. It is a coordinated strategic document that defines key focus areas/priorities, identifies gaps and develops initiatives to address these gaps. The UIS is disseminated to the IC, Congress and the National Security Council.

6 NIO-CI leads CI strategic analysis in the IC and articulates substantive intelligence priorities to guide intelligence analysis and production.

7 The NIC consists of senior intelligence analysts supporting the DNI in carrying out responsibilities as head of the IC and as the principal adviser to the President and the National Security Council (NSC) for intelligence matters related to national security.

8NICO is the senior expert who serves as the principal collection advisor, leading strategic alignment and integration of collection resources for maximum mission impact. NICOs are responsible for integrating collection priorities and perspectives into mission management, UIS, and policy discussions where appropriate.

9NCIOs are the substantive CI experts on identifying, prioritizing and countering foreign intelligence threats. They inform policymakers, the DNI, NIM-CI, and regional NIMs on current and emerging CI issues within their respective areas of responsibility.

7 NCSC Counterintelligence Responsibilities The Director of NCSC serves in a national and Intelligence Community capacity. The graphic below delineates NCSC's national and Intelligence Community role based on legislation, Executive Orders, Intelligence Community Directives and national strategic guidance.

NCSC NATIONAL ROLE NCSC INTELLIGENCE Director, National Counterintelligence COMMUNITY ROLE and Security Center National Intelligence Manager for CI

LIGENC TEL E A IN ND R S E E T C N U U R O I

C T

C A

E N

O IGEN

I L C

T TEL E A

T N

E IN D

A R

R S

E E N T C N U U R U O I N A C T

I C Y T I L

E R C

D S ME A A E

TATES OF N

I T

A R N

U N A IT IC ED ER STATES OF A M

Counterintelligence Office of the Director of Enhancement Act 2002 National Intelligence 2005

Lead and Support the Lead and Support the Counterintelligence Efforts of Counterintelligence Efforts the United States Government of the Intelligence Community

National Intelligence Priorities Framework Integrated Mission Management National Threat Identification and Prioritization Assessment NIPF NTIPA

National Intelligence Strategy National Counterintelligence Strategy NIS of the United States of America

Unifying Intelligence Strategy for Counterintelligence UIS-CI Oversee and Coordinate National Counterintelligence Strategic Analysis and Damage Assessments CI Collection Strategy CI Production Guidance

Collection Emphasis Country Strategic Messages Priorities

8 NCSC’s Security Responsibilities for the US Protecting Sensitive Compartmented Information Government and the Intelligence Community NCSC, as designated by the DNI, oversees The DNI designated NCSC to be responsible the protection of national security networks, for executing Security Executive Agent (SecEA) information, facilities and personnel through a authorities across the Executive Branch, Defense-in-Depth methodology implemented and to oversee and direct the protection and uniformly across the Executive Branch agencies safeguarding programs across the and industry. NCSC unifies the security activities of Intelligence Community.10 these entities under a common framework that is consistently implemented, critically assessed and NCSC’s National Role for Security improved through joint policy development.

To improve the security of classified networks The SecEA focuses on protecting our national and the responsible sharing and safeguarding of security interests by ensuring the reliability and classified information across the Executive Branch, trustworthiness of those to whom we entrust our NCSC supports national strategic and tactical nation’s secrets and assign to sensitive positions. In objectives through policy formulation, oversight and the national role of SecEA, the DNI, through NCSC, assessment of common objectives.12 drives US Government-wide security clearance modernization efforts by developing an overarching strategy and tools; applying information technology NCSC’s Intelligence Community Role for Security to improve the timeliness and quality of investigative and adjudicative processes; while overseeing these NCSC provides and maintains a common security 11 processes to ensure their effectiveness. infrastructure that strengthens partnerships across the IC, enhances access controls to facilities and technology and enables fluid responses in times of national crises and mobilization.

NCSC leads an IC research and analysis partnership devoted to the development, identification, and integration of physical and technical capabilities to mitigate adversary exploitation of potential vulnerabilities. These research and analysis activities evaluate technical security shortfalls, identify solutions, and manage the integration of emerging technologies to improve security countermeasures.

10Executive Order 13467 affirmed the DNI as SecEA to oversee Executive Branch investigations and determination activities, and to serve as final authority to designate an authorized investigative or adjudicative agency.

11The Intelligence Reform and Terrorism Prevention Act (IRTPA) provides that a single department, agency, or element shall be responsible for various functions relating to personnel investigations and adjudications.

12 Executive Order 13587. Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.

9 NCSC Security Responsibilities For security, NCSC is responsible for Security Executive Agent activities across the Executive Branch and is the DNI’s designee for oversight and direction for safeguarding national security programs across the IC. The graphic below delineates these responsibilities based on legislation, Executive Orders, Intelligence Community Directives, Executive Correspondence and national policy guidance.

NCSC NATIONAL ROLE NCSC INTELLIGENCE National Responsibilities COMMUNITY ROLE for Security Intelligence Community Responsibilities for Security

LIGENC LIGENC TEL E A TEL E A IN ND IN ND R S R S E E E E T C T C N U N U U U R R O O I I

C T C T

Y Y

L L

C C

A A

E E

N N

O O

I I T T

T T

E E

A A

R R

N N

U U N A N A IT IC IT IC E D ER E D ER STATES OF A M STATES OF A M

SECURITY EECUTIVE OFFICE OF THE DIRECTOR OF AGENT NATIONAL INTELLIGENCE

Direct Oversight of Investigations, Lead and Support Security Efforts Adjudication, and Reciprocity for Security of the Intelligence Community Clearances across the US Government

Protect Intelligence Partner in Security Clearance Modernization Sources and Methods Efforts, Continuous Evaluation Federal Investigative Standards Provide IC Security Services; Research, Training, Security Databases Develop and Implement Uniform and Consistent Policies Oversee Domestic and Abroad Secure Facilities and Operations Drive Standardization of Questionnaires, Reporting, Financial Disclosure and Polygraph Develop Policy, Program National Standards, Audits and Interest Quadrennial Report on Security Report on Metrics Directives Assessments Determinations Audit Clearance for Adjudication Determinations Quality

10 NCSC Mission Partners and Stakeholders

IC mission partners, our Federal Partners, including those responsible for protecting sectors of US critical infrastructure, and our stakeholders, play a vital role in assisting NCSC to advance the CI and security mission and optimize enterprise capabilities. While our mission partners and stakeholders are not mutually exclusive, we highlight the importance of both in this Strategy, and distinguish between them in the following way.

NCSC Mission Partners | Collaborate for Mission Success

NCSC mission partners are those organizations and disciplines that help advance, contribute to, or execute CI and security missions. They can be US Government, Intelligence Community and our allied foreign partners. Mission-enabling disciplines that support or are supported by CI and security activities include legal, acquisition, information technology, information assurance, and civil liberties, privacy, and transparency.

NCSC Stakeholders | Advocate for CI and Security

Our stakeholders are linked to NCSC by governance, oversight and resources. They are CI and security representatives from the US Government and the Intelligence Community. They are advocates within their own organizations and agents of change for implementing national CI and security strategies. NCSC advocates for stakeholders funded by the National Intelligence Program (NIP) for resources, policies and programs, and to Congress on behalf of our Federal Partners for CI and security programs. Our Congressional oversight committees, the National Security Council, the White House and through these institutions, ultimately, the American people, are significant stakeholders in all that we do.

NCSC Federal Partners*

Department of State Department of the Treasury Department of Defense 2" Department of Justice Department of the Interior Department of Agriculture Department of Commerce Department of Labor Department of Housing and Urban Development Department of Health and Human Services Department of Transportation Department of Energy Department of Education Department of Veterans Affairs Department of Homeland Security

*We also include independent commissions and agencies and their contractors.

11 An Overview of NCSC Responsibilities

Threat Assessments to Disrupt and Personnel Security Defeat the Adversary For personnel security, NCSC serves in support of The foundation of all counterintelligence work the DNI’s role as SecEA. SecEA authorities direct is to build in-depth knowledge of FIE intentions, the SecEA to develop, implement, oversee and targets, and capabilities, in order to mitigate integrate joint security and suitability initiatives with threats posed by these entities. its US Government partners for effective, efficient, and uniform policies and procedures in conducting NCSC produces the National Threat Identification investigations and adjudications for eligibility and Prioritization Assessment (NTIPA) which for access to classified information or to hold a informs policymakers and senior officials with CI sensitive position. responsibilities on current and emerging foreign Continuous Evaluation (CE) is a personnel intelligence threats that could seriously damage security investigative process that leverages US national security. an automated records check methodology and applies standardized business rules to identify The National Intelligence Priorities Framework adjudicatively relevant information to assess (NIPF) reflects policymakers' priorities for cleared individuals’ ongoing eligibility for access to national intelligence support and ensures that classified information. CE supplements the periodic enduring and emerging intelligence issues reinvestigation security clearance process. are addressed. NCSC is the CI Topic Manager for the NIPF. The NCSC Director, in the role CE programs are designed to manage risk through of NIM-CI provides coordination with our NIO warning and preemptive intervention; minimize for CI at the NIC, in planning and producing information gaps between security clearance 13 timely, accurate and insightful CI strategic and reinvestigations; develop policy and guidance and 14 NCSC Federal Partners* anticipatory intelligence derived from planned provide oversight of CE programs. NCSC develops collection on the activities directed against the Department of State policies, standards, and guidance for establishing US by foreign powers, their intelligence services CE programs for the IC and for our Federal Partners, Department of the Treasury or their proxies. This intelligence informs and then coordinates, aligns, and integrates their Department of Defense coordinated offensive and defensive CI activities CE activities. Department of Justice to effectively counter, disrupt and defeat FIE Department of the Interior attempts to undermine US national interests. Department of Agriculture Department of Commerce Department of Labor Department of Housing and Urban Development Department of Health and Human Services Department of Transportation 13 Strategic intelligence is the process and product of developing the context, knowledge and understanding of the strategic Department of Energy environment required to support US national security policy and planning decisions. This work includes identifying and assessing Department of Education the capabilities, activities, and intentions of state and non-state entities to identify risks to and opportunities for US national security interests. National Intelligence Strategy 2014. Department of Veterans Affairs

Department of Homeland Security 14 Anticipatory intelligence involves collecting and analyzing information to identify new, emerging trends, changing conditions, potential trends and undervalued developments, which challenge long-standing assumptions, encourage new perspectives, as well as provide warning of new opportunities and threats to US interests. National Intelligence Strategy of the United States of America, 2017. National Intelligence Strategy 2014.

12 The National Insider Threat Task Force 15 Damage Assessments

NCSC co-leads, with the FBI, the National NCSC leads and coordinates damage assessments, Insider Threat Task Force (NITTF). The NITTF as directed by the DNI. IC damage assessments helps the Executive Branch build programs evaluate actual or potential damage to national that deter, detect and mitigate actions security from the unauthorized disclosure or by insiders who may represent a threat compromise of classified information. Lessons to national security. The NITTF develops learned from these assessments are shared with guidance, provides assistance, assesses our mission partners to improve CI and security progress and analyzes new and continuing programs and develop mitigation measures. insider threat challenges. It is important to note that insider threat programs target anomalous activities, not individuals, so Physical Security the NITTF’s work is coordinated with the Protecting Facilities Domestically and Abroad relevant organization’s records management NCSC oversees the management of US office, legal counsel, and civil liberties and Government facilities containing Sensitive privacy officials to build-in protections against Compartmented Information Facilities (SCIFs), infringing upon employees’ civil liberties, civil and maintains a framework for common security rights, privacy and whistleblower protections. standards for IC domestic facilities enabling savings Information Sharing and Audit Data through shared, multi-use spaces.

NCSC provides a single automated source for IC elements treat information collected and secure facility information worldwide. The tool analysis produced as national assets and can be invaluable for identifying SCIF locations are stewards of information who have a in jeopardy due to national disasters, heightened “responsibility to provide.” Authorized IC security alerts, as well as domestic and personnel have a “responsibility to discover” international hostilities. information believed to contribute to their assigned mission need and a corresponding “responsibility to request” information they have discovered. The discovery, retrieval and dissemination of information within the IC requires making all national intelligence available for discovery by automated means—and therein lies the vulnerability. NCSC works in consultation with the IC Chief Information Officer (IC CIO) to develop IC enterprise standards for audit events to support information sharing, insider threat detection, and implementation of these standards.

15 Executive Order 13587 established the Insider Threat Task Force to develop Government-wide program for deterring, detecting, and mitigating insider threats. The Task Force is co-chaired by the Attorney General and the Director of National Intelligence, or their designees. It is staffed by personnel from the FBI and NCSC. To the extent permitted by law, NCSC provides an appropriate work site and administrative support for the Task Force.

13 Technical and Signals Security Countermeasures

Disruptive technology is being built and fielded at an unprecedented rate. Countering the growing complexity of technological advances, both in the tools and methods used to Protecting US Embassies and Consulates employ them, requires greater technical literacy and a more comprehensive defensive NCSC, in consultation with the IC, works with countermeasures program. Department of State (DoS) to protect classified national security information and to perform Current technical and signals countermeasures other security-related functions affecting US and mitigation strategies are based upon diplomatic and consular facilities abroad. Technical Surveillance Countermeasures (TSCM) and TEMPEST (emanations security) programs. NCSC maintains databases on foreign TSCM programs detect, identify, and neutralize intelligence threats to, and the vulnerabilities of technical surveillance threats against facilities US diplomatic facilities; collaborates with the and their occupants. IC and DoS to enhance information assurance standards and policies to protect classified TEMPEST refers to investigating, studying, national security information held in US and controlling compromising, unencrypted diplomatic facilities; partners with DoS, industry emanations from IT systems and equipment and the IC to assess technical security shortfalls, that can reveal sensitive information. identify solutions and manage the integration of emerging technologies to improve security The TSCM community is aligned with and countermeasures. governed by the CI and security community, while the TEMPEST community is aligned with As the demand for wireless (WiFi) devices and and governed by the Information Assurance (IA) networks in IC work spaces and in US diplomatic community. facilities increases, NCSC leads the IC in developing new architectural shielding materials To better posture the IC to meet the challenges through a program that researches and advances of rapidly advancing foreign technical threats new technologies to address emerging and to close the current gaps in our defenses, technical threats. NCSC leads a community-wide initiative to modernize and integrate the TEMPEST and TSCM communities under a uniformly defined Technical and Signals Security Countermeasures (TSSC) mission structure within the broader IC and intelligence cycle.

14 Supply Chain Risk Management National and Intelligence Community Policy and Strategy Development NCSC leads its mission partners in assessing and mitigating the activities of FIE and any other Policy Development adversarial attempts aimed at compromising the global network of pathways—supply chains NCSC is responsible for national CI and security that provide mission-critical products, materials policy development, compliance and oversight. and services to the US Government. Supply The National Counterintelligence Policy Board, chain risk management (SCRM) requires that chaired by the Director of NCSC, serves as the subject matter experts in acquisition, CI, security, principal mechanism for developing national information assurance, logistics, and analysis, policies and setting priorities guide the conduct work in a common collaborative environment of CI activities across the US Government. to share threat assessments, vulnerability and mitigation information. NCSC works closely with For personnel security under SecEA authorities, the acquisition and CIO communities to identify in coordination with the Suitability Executive and advise of significant threats to US Government Agent, NCSC ensures that policies, procedures supply chains, including those associated with and standards relating to suitability of contractor contractors and vendors. and employee fitness, eligibility to hold a sensitive position, access to federally controlled Cyber Threats and Counterintelligence facilities and information systems, and eligibility for access to classified information are aligned The cyber threat is simultaneously a national to the extent possible, for reciprocal recognition security threat and a counterintelligence problem. and protection of national security information. State and nonstate actors use cyber operations to achieve economic and military advantage, NCSC facilitates and monitors the implementation foment instability, increase control over content and effectiveness of IC CI and security policies in cyberspace and achieve other strategic goals. and programs, develops recommendations for NCSC works with the US Government cyber new or modified policies; and develops and community and the IC, to provide the CI and promulgates IC CI and security standards and security perspective on FIE and other threat other guidance to implement CI and security actors’ cyber capabilities for context and possible policies. attribution of adversarial cyber activities.

In partnership with the IC-CIO, NCSC participates in the integrated defense of the IC Information Environment through the IC Security Coordination Center (IC SCC). The IC SCC facilitates accelerated detection and mitigation of cyber threats across the IC by providing end-to-end security, situational awareness, and incident case management. It maintains consolidated insight into IC networks and intelligence information systems and coordinates IC responses to cyber events, incidents, outages, threats and technical vulnerabilities.

15 Strategy Development Transparency in budget planning and execution ensures that CI and security programs deliver NCSC leads the development, implementation the most effective results and reduce, and assessment of the National Counter- restructure or terminate those programs that intelligence Strategy of the United States are not performing or have run their course. of America to guide the US Government CI Through mission reviews, based on the efforts. For the Intelligence Community, NCSC implementation of the National CI Strategy, leads the development, implementation and NCSC assesses progress toward closing assessment of the Unifying Intelligence Strategy key intelligence gaps and finds ways to leverage for Counterintelligence and Counterintelligence existing CI capabilities before proposing Strategic Priorities along with comprehensive new ones. NCSC also advocates for security assessment programs to identify gaps, programs to include National Insider Threat recommend priorities, and inform and shape and Continuous Evaluation Programs and for resource and budget decisions. implementing Federal Investigative Standards.

Advocating for CI and Security Resources Through various governance boards, NCSC also provides guidance to IC elements on developing The IC uses the Intelligence Planning budgets and spend plans associated with CI and Programming, Budgeting, and Evaluation security activities. (IPPBE)16 system to effectively shape and sustain intelligence capabilities through the development Civil Liberties, Privacy, and Transparency of the National Intelligence Program (NIP). NCSC oversees the CI and security NIP resources and NCSC safeguards privacy and civil liberties, advocates for our Federal Partners to implement and practices appropriate transparency in all CI and security programs not funded by the NIP. CI and security programs to be accountable to ourselves and to the American people.

16The IPPBE system ensures a predictable, transparent and repeatable end-to-end process to collect and prioritize intelligence for mission requirements in the context of the strategic objectives of the DNI and the IC.

16 How NCSC Integrates Counterintelligence and Security Capabilities

COUNTERINTELLIGENCE SECURITY Leverage CI and security expertise to protect America against foreign and other threats. COUNTERINTELLIGENCEIncludes all activities necessary to IncludesSECURITY all activities necessary to protect understand and defeat threats from US critical infrastructure, classiﬁed 1 malign actors. CI activities are grouped networks, information and personnel. Includes all activities necessary to Includes all activities necessary to protect Leverage CI and security expertise to protect America against foreign and other threats. into three primary areas: 1) Analysis, Security activities aregrouped into three Develop excellence in both CI and security disciplines. understand and defeat threats from primaryUS critical areas: infrastructure, 1) Security classiﬁedthreat assess - 1 Collection, and CI Operations; 2) Supply networks, information and personnel. 2 malign actors. CI activities are grouped ments; 2) Measures and activities to Chain, Cyber and Technical Threat and into three primary areas: 1) Analysis, protectSecurity sources activities and aregrouped methods, intosecurity three Develop excellence in both CI and security disciplines. Vulnerability Assessments and Counter- primary areas: 1) Security threat assess- Collection, and CI Operations; 2) Supply surveys and inspections; 3) Policy 2 measures; 3) National CI Policy and Guidance,ments; 2) MeasuresSecEA activities, and activities Security to Chain, Cyber and Technical Threat and Strategy, Performance Measurement, Clearanceprotect sources Reform, and Continuous methods, securityEvaluation, Vulnerability Assessments and Counter- NCSC blends CI and security expertise to lead and support the US Government's CI Workforce Professional Development Insidersurveys Threat and inspections; Programs, Security3) Policy Work - measures; 3) National CI Policy and counterintelligence and security activities critical to protecting our nation; provide Programs and Resource Advocacy forceGuidance, Professional SecEA activities,Development Security Programs Strategy, Performance Measurement, andClearance Resource Reform, Advocacy Continuous Evaluation, counterintelligenceNCSC blends CI outreachand security to US expertise private sectorsto lead andentities support at risk the of US foreign Government's intelligence CI Workforce Professional Development Insider Threat Programs, Security Work- counterintelligencepenetration; and issue and publicsecurity warning activities regarding critical tointelligence protecting threats our nation; to the provide US. Programs and Resource Advocacy force Professional Development Programs and Resource Advocacy counterintelligence outreach to US private sectors entities at risk of foreign intelligence penetration; and issue public warning regarding intelligence threats to the US.

Integrating CI and CI and Security Theat Assessment, NCSC leverages CI and Security Security Policy Guidance, SecEA, security knowledge, knowledge about the adversary’s Security Threat Assessments to Security Policy Guidance, Analysis and CI Ops Coodination Continuous Evaluation Security Diplomatic and Consular SecEA, Continuous Evaluation informs our ability to intentions, targets,’ tradecraft and Clearance Reform, Security Facilities Abroad, Security Clearance Reform, defeatIntegrating foreign CIthreats. and CI and Security Theat Assessment, Workforce Professional NCSC leveragescapabilities. CI and Security Threats to the US, to Diplomatic and Security Policy Guidance, SecEA, Insider Threat, Security Workforce security knowledge, Development, knowledge about the adversary’s Security Threat Assessments to Security Policy Guidance, ConsularAnalysis Facilitiesand CI Ops Ab Coodinationroad, Continuous Evaluation Security DiplomaticContinuous and Consular SecEA, ContinuousProfessional Evaluation informs our ability to Resource intentions, targets,’ tradecraft and Strategic and Anticipatory Analysis, Clearance Reform, Security FacilitiesEvaluation Abroad, SecurityDevelopment, Clearance Reform, defeat foreign threats. Advocacy capabilities. ThCollectionreats to theManagement, US, to Diplomatic and Workforce Professional InsiderResea Thrchreat, SecurityResou Wrorkfoce rce OperationsConsular Coo rdination, Facilities Th Abreatroad, Development, Continuous PAdvocacyrofessional SECRIT Warning,Strategic TSCM, and InsiderAnticipatory Threat, Analysis, SECRIT Resource Evaluation Development, ContinuousCollection Evaluation Management, Research, Advocacy Research Resource Damage Assessments Threats Operations Coo rdination, Th reat Advocacy to the US, SECRIT Warning, TSCM, Insider Threat, SECRIT Strategic and Continuous Evaluation Research, Damage Assessments AnticipatoryThreats Analysis, Activities to Protect Intelligence Collectionto the Management, US, Sources and Methods, OperationsStrategic Coo randdination, Physical and Technical Threat Warning, and Damage Anticipatory Analysis, Activities Securitto Protecty, and Intelligence CI and Security Incident Prevention, CollectionAssessments Management, Insider Threat Sources and Methods, Discovery and Analysis Operations Coordination, Physical and Technical Threat Warning, and Damage National Security, and CI Strategy, CI Activities CI and to Security Protect IncidentIntelligence Prevention, Assessments Insider Threat and UIS SourcesDiscovery and Methods, and Analysis Physical and Technical Security, Insider Threat, Integrated CI and security National Implementation,National CI Strategy, Supply Policy Guidance, Supply Chain, Cyber and Technical activities informs our ability CI CI Strategy, CI Activities to Protect Intelligence to prevent or discover human and UIS Chain, Mission Reviews, Assessments,V ulnerability Surveys, and UIS Sources and Methods, Physical and and technical penetrations Implementation, Cyber and CI Workforce Professional Technical Countermeasures, Security Integrated CI and security National Technical Implementation, Technical Security, Insider Threat, and vulnerabilities; and Policy Guidance, Supply NCSC leverages CI and Security Development, Breach Response and Analysis activities informs our ability CI Strategy, CI Assessments, Policy Guidance, Supply Chain, Cyber and Technical to conduct security breach Mission Reviews, Chain, activities to prevent or discover human Resource Advocacy to prevent or discover human and UIS Vulnerability Surveys, Mission Reviews, Assessments,V ulnerability Surveys, response and analysis CI Workforce Professional Cyber and and technical penetrations and and technical penetrations Implementation, Technical Countermeasures CI Workforce Professional Technical Countermeasures, Security Development, Resource Technical vulnerabilities; and to conduct security and vulnerabilities; and Policy Guidance, (TSCM) NCSC leverages CI and Security Development, Breach Response and Analysis Assessments, breach response and analysis. to conduct security breach Advocacy,Mission Private Reviews, Sector Outreach activities to prevent or discover human Resource Advocacy Vulnerability Surveys, response and analysis CI Workforce Professional and technical penetrations and Technical Countermeasures Development, Resource vulnerabilities; and to conduct security (TSCM) Advocacy, Private Sector Outreach breach response and analysis.

17 NCSC Operating Principles

COUNTERINTELLIGENCE SECURITY Leverage CI and security expertise to protect America against foreign and other threats. COUNTERINTELLIGENCEIncludes all activities necessary to IncludesSECURITY all activities necessary to protect understand and defeat threats from US critical infrastructure, classiﬁed 1 malign actors. CI activities are grouped networks, information and personnel. Includes all activities necessary to Includes all activities necessary to protect Leverage CI and security expertise to protect America against foreign and other threats. into three primary areas: 1) Analysis, Security activities aregrouped into three Develop excellence in both CI and security disciplines. understand and defeat threats from primaryUS critical areas: infrastructure, 1) Security classiﬁedthreat assess- 1 Collection, and CI Operations; 2) Supply networks, information and personnel. 2 malign actors. CI activities are grouped ments; 2) Measures and activities to Chain, Cyber and Technical Threat and into three primary areas: 1) Analysis, protectSecurity sources activities and aregrouped methods, intosecurity three Develop excellence in both CI and security disciplines. Vulnerability Assessments and Counter- primary areas: 1) Security threat assess- Collection, and CI Operations; 2) Supply surveys and inspections; 3) Policy 2 measures; 3) National CI Policy and Guidance,ments; 2) MeasuresSecEA activities, and activities Security to Chain, Cyber and Technical Threat and Strategy, Performance Measurement, Clearanceprotect sources Reform, and Continuous methods, securityEvaluation, Vulnerability Assessments and Counter- NCSC blends CI and security expertise to lead and support the US Government's CI Workforce Professional Development Insidersurveys Threat and inspections; Programs, Security3) Policy Work- measures; 3) National CI Policy and counterintelligence and security activities critical to protecting our nation; provide Programs and Resource Advocacy forceGuidance, Professional SecEA activities,Development Security Programs Strategy, Performance Measurement, andClearance Resource Reform, Advocacy Continuous Evaluation, counterintelligenceNCSC blends CI outreachand security to US expertise private sectorsto lead andentities support at risk the of US foreign Government's intelligence CI Workforce Professional Development Insider Threat Programs, Security Work- counterintelligencepenetration; and issue and publicsecurity warning activities regarding critical tointelligence protecting threats our nation; to the provide US. Programs and Resource Advocacy force Professional Development Programs and Resource Advocacy counterintelligence outreach to US private sectors entities at risk of foreign intelligence penetration; and issue public warning regarding intelligence threats to the US.

Integrating CI and CI and Security Theat Assessment, NCSC leverages CI and Security Security Policy Guidance, SecEA, security knowledge, knowledge about the adversary’s Security Threat Assessments to Security Policy Guidance, Analysis and CI Ops Coodination Continuous Evaluation Security Diplomatic and Consular SecEA, Continuous Evaluation informs our ability to intentions, targets,’ tradecraft and Clearance Reform, Security Facilities Abroad, Security Clearance Reform, defeatIntegrating foreign CIthreats. and CI and Security Theat Assessment, Workforce Professional NCSC leveragescapabilities. CI and Security Threats to the US, to Diplomatic and Security Policy Guidance, SecEA, Insider Threat, Security Workforce security knowledge, Development, knowledge about the adversary’s Security Threat Assessments to Security Policy Guidance, ConsularAnalysis Facilitiesand CI Ops Abroad, Coodination Continuous Evaluation Security DiplomaticContinuous and Consular SecEA, ContinuousProfessional Evaluation informs our ability to Resource intentions, targets,’ tradecraft and Strategic and Anticipatory Analysis, Clearance Reform, Security FacilitiesEvaluation Abroad, SecurityDevelopment, Clearance Reform, defeat foreign threats. Advocacy capabilities. ThreatsCollection to theManagement, US, to Diplomatic and Workforce Professional InsiderResearch Threat, SecurityResource Workforce OperationsConsular Coo rdination, Facilities Th Abroad, reat Development, Continuous ProfessionalAdvocacy SECRIT Warning,Strategic TSCM, and InsiderAnticipatory Threat, Analysis, SECRIT Resource Evaluation Development, ContinuousCollection Evaluation Management, Research, Advocacy Research Resource Damage Assessments Threats Operations Coo rdination, Th reat Advocacy to the US, SECRIT Warning, TSCM, Insider Threat, SECRIT Strategic and Continuous Evaluation Research, Damage Assessments AnticipatoryThreats Analysis, Activities to Protect Intelligence Collectionto the Management, US, Sources and Methods, OperationsStrategic Coordination, and Physical and Technical Threat Warning, and Damage Anticipatory Analysis, Activities Security,to Protect and Intelligence CI and Security Incident Prevention, CollectionAssessments Management, Insider Threat Sources and Methods, Discovery and Analysis Operations Coordination, Physical and Technical Threat Warning, and Damage National Security, and CI Strategy, CI Activities CI and to Security Protect IncidentIntelligence Prevention, Assessments Insider Threat and UIS SourcesDiscovery and Methods, and Analysis Physical and Technical Security, Insider Threat, Integrated CI and security National Implementation,National CI Strategy, Supply Policy Guidance, Supply Chain, Cyber and Technical activities informs our ability CI CI Strategy, CI Activities to Protect Intelligence to prevent or discover human and UIS Chain, Mission Reviews, Assessments,Vulnerability Surveys, and UIS Sources and Methods, Physical and and technical penetrations Implementation, Cyber and CI Workforce Professional Technical Countermeasures, Security Integrated CI and security National Technical Implementation, Technical Security, Insider Threat, and vulnerabilities; and Policy Guidance, Supply NCSC leverages CI and Security Development, Breach Response and Analysis activities informs our ability CI Strategy, CI Assessments, Policy Guidance, Supply Chain, Cyber and Technical to conduct security breach Mission Reviews, Chain, activities to prevent or discover human Resource Advocacy to prevent or discover human and UIS Vulnerability Surveys, Mission Reviews, Assessments,Vulnerability Surveys, response and analysis CI Workforce Professional Cyber and and technical penetrations and and technical penetrations Implementation, Technical Countermeasures CI Workforce Professional Technical Countermeasures, Security Development, Resource Technical vulnerabilities; and to conduct security and vulnerabilities; and Policy Guidance, (TSCM) NCSC leverages CI and Security Development, Breach Response and Analysis Assessments, breach response and analysis. to conduct security breach Advocacy,Mission Private Reviews, Sector Outreach activities to prevent or discover human Resource Advocacy Vulnerability Surveys, response and analysis CI Workforce Professional and technical penetrations and Technical Countermeasures Development, Resource vulnerabilities; and to conduct security (TSCM) Advocacy, Private Sector Outreach breach response and analysis.

18 NCSC Strategic Goals, Objectives, and Initiatives

Our fiveStrategic Goals broadly describe how NCSC will integrate CI and security activities to address the enduring and emerging foreign and other adversarial threats. Our Strategic Objectives further define the work that must be done to achieve our goals. Initiatives can take many forms such as programs, projects, tools, systems or services. Key Initiatives outlined in this plan represent both new and continuing priorities.

NCSC Plan-at-a-Glance 12345 GOAL 1 GOAL 2 GOAL 3 GOAL 4 GOAL 5 Advance our Knowledge Protect US Critical Advance our Strengthen our Achieve our Mission of, and our Ability to Infrastructure, Counterintelligence and Effectiveness through through Organizational Counter Foreign and Technologies, Facilities, Security Mission and Stakeholder Excellence Other Adversarial Threats Classiﬁed Networks, Optimize Enterprise Engagement, and Incidents Information and Capabilities through Governance & Advocacy Personnel Partnerships

Objective 1.1 Objective 2.1 Objective 3.1 Objective 4.1 Objective 5.1 National Threat Personnel Security Strengthen Mission Strengthen Stakeholder NCSC Organization Identiﬁcation, Partnerships Engagement and Reputation Prioritization and Assessment Objective 2.2 Physical Security at Objective 3.2 Objective 4.2 Objective 5.2 Objective 1.2 Home and Abroad Strengthen the Exchange Lead Counterintelligence NCSC Workforce Development Counterintelligence of FIE Threat and Security and Security Policy and Analysis and Collection Vulnerability Information Strategy Development Management Objective 2.3 among Key Partners Objective 5.3 Technical and Cyber Strengthen NCSC Security Objective 4.3 Internal Processes Objective 1.3 Objective 3.3 Advance the CI and Security Workforce Counterintelligence Objective 2.4 Enhance Physical Security Partnerships Operations to Counter Supply Chain Risk Foreign Adversarial Management Threats

Initiative 1.1 Initiative 2.1 Initiative 3.1 Initiative 4.1 Initiative 5.1 Counterintelligence Clearance Reform and Increase Outreach Efforts Production Guidance and Oversight Committee Share the Mission Continuous Evaluation with Public and Private CI Strategic Priorities Engagement Sector Partners Initiative 5.2 Initiative 2.2 Initiative 1.2 Initiative 3.2 Initiative 4.2 Cross the Line National National Insider Threat Governance and Strengthen our Allied Counterintelligence Programs Advocacy Security and Collection Strategy and Counterintelligence Initiative 5.3 Collection Emphasis Forum, and the CI and Messages Initiative 2.3 First Responders Security NATO Technical and Signals Partnership Initiative 1.3 Security Modernization National Counterintelligence Task Initiative 2.4 Force for US Critical Infrastructure Secure Wireless

19 Goal 1: Advance our Knowledge of, and our Ability to Counter, 1 Foreign and Other Threats and Incidents With our mission partners, NCSC will lead the US Government and Intelligence Community efforts to identify, assess and mitigate threats and incidents from foreign and other adversaries that compromise our national security. National threat identification and prioritization; CI collection; strategic and anticipatory analysis; critical assessments of adversarial plans, intentions, targets, capabilities, tradecraft and operations; will advance our knowledge of and our ability to counter these threats, provide threat warning, and deliver analytic insights to US Government policymakers. To achieve this goal, NCSC has identified three strategic objectives and three initiatives: