The solution requires “a whole-of-society response involving the private sector, an informed American public, as well as our allies,” Evanina said in remarks accompanying the release of an unclassified version of a new counterintelligence strategy.
It came the same day as the Justice Department announced indictments of four Chinese military hackers in connection with the 2017 hack of the credit reporting agency Equifax, a massive breach that exposed the personal data of nearly half of all Americans.
“You have a military intelligence apparatus conducting a nation-state attack on a private company,” he said. “We have to be able to recognize that as a counterintelligence issue — not a cyber issue.”
A big focus in the new strategy, which updates a 2016 plan and covers the next three years, is on the private sector and on defending the supply chain. The latter is a diverse ecosystem of suppliers who furnish cloud services, communications network components and other products that are integrated into the operations of the private sector, including defense contractors, as well as local, state and federal governments.
The threat was highlighted in late 2018, when the United States indicted two hackers accused of working on behalf of the Chinese Ministry of State Security to compromise cloud-service providers in a long-running industrial espionage operation dubbed Cloud Hopper. The hackers allegedly compromised the tech firms to steal intellectual property from their dozens of clients in the aviation, pharmaceutical, oil and gas, and manufacturing sectors.
The public and private sectors have improved their cyberdefenses, but adversaries have adjusted and become more sophisticated, Evanina said. “Now we’re going to have to up our game as well.”
The intelligence community’s role is to develop new sources of information and identify suspect or high-risk vendors, products and services that pose a risk to national security, the strategy states. Evanina said the government, when it has useful intelligence, will alert companies and organizations they are being targeted.
But it cannot take the lead in protecting the private sector, which includes academia and think tanks, he said. “They have to be proactive . . . self-police,” he said.
Evanina said he and his deputy briefed 1,400 corporate chief executives last year on the threat. “We’re trying to get them to understand the consequences” of inaction, he said. He urged them to identify assets that foreign adversaries might target, hold tabletop exercises to prepare for a breach, and have a crisis strategy in place.
Defending American democracy against foreign influence is another strategic goal. Here, he acknowledged a gap in capabilities. In an age in which propaganda has gone digital — “the Internet, social media and trolls are now the old leaflets,” he said — the intelligence community does not have a foolproof of way of discerning, for example, “deepfakes,” or the altering of videos to look real.
He also stressed that the U.S. intelligence community is focused on foreign threats, not domestic disinformation, which also permeates the Internet. He and his colleagues have repeatedly briefed Congress and the White House on the threat of election interference and foreign influence, he said. Asked what Russia’s big play will be this year, he paused and said, “My concern is the unknown.”
He said he expected that if Russia were to attempt a repeat of 2016, hacking and dumping data online to affect this year’s presidential race, the Trump administration would promptly call out the Kremlin. He drew a contrast with the Obama administration, which refrained for several months for fear of appearing partisan, creating false fears the election was compromised, or provoking Moscow.
The strategy, signed by President Trump, has a several-dozen-page classified version detailing the threats from foreign adversaries, including nonstate actors.