The National Counterintelligence and Security Center (NCSC): An Overview
October 18, 2018
The National Counterintelligence and Security Center (NCSC):
An Overview
Section 3.5(a) of Executive Order 12333, The U.S.
established by PDD-75 were subsequently codified into
Intelligence Community, defines counterintelligence (CI) as
statute through the Counterintelligence Enhancement Act of
“information gathered and activities conducted to identify,
2002. (P.L. 107-306, Title IX, §901(b), November 27,
deceive, exploit, disrupt, or protect against espionage, other
2002, 116 Stat. 2432).
intelligence activities, sabotage, or assassinations conducted
National CI Executive (NCIX)
for or on behalf of foreign powers, organizations, or
As the senior official in the CI community, the NCIX is
persons, or their agents, or international terrorist
organizations or activities.”
nominated by the President and, as of 2015, is also
confirmed by the Senate. The 2004 Intelligence Reform and
Counterintelligence is often visible through its results: the
Terrorism Prevention Act (IRTPA), enacted to implement
July 2018 criminal indictment of Russian nationals and
many of the recommendations of the National Commission
companies for interfering in the 2016 presidential election,
on Terrorist Attacks upon the United States (known as the
and the October 2018 arrest and extradition of a Chinese
9/11 Commission), reorganized the NCIX and ONCIX
intelligence officer for attempting to commit economic
within the newly constituted ODNI to facilitate the
espionage are two examples. Less visible are efforts by U.S.
integration and coordination of national CI activities across
counterintelligence elements to prevent cyber hacking and
the IC. With the consolidation of national CI and security
economic espionage, defend critical networks and
activities in the NCSC in 2014, the NCIX was redesignated
infrastructure, and deter insider threats.
as the Director, NCSC.
The National Counterintelligence and Security Center
Resources
(NCSC) is one of the four mission centers within the Office
The NCSC and CI and security programs for each IC
of the Director of National Intelligence (ODNI). It was
element are funded through the National Intelligence
established in 2014 to lead United States CI and security
Program (NIP) budget. The Director of National
activities by consolidating existing CI and security offices
Intelligence (DNI) manages the NIP in order to align
and responsibilities “to effectively integrate and align
resources with prioritized requirements through the iterative
counterintelligence and security mission areas under a
Intelligence Planning, Programming, Budgeting, and
single organizational construct.” NCSC develops and
Evaluation (IPPBE) process. See CRS In Focus IF10428,
coordinates national CI strategy, policy, analytical products,
Intelligence Planning, Programming, Budgeting and
priorities and budgets through a cadre of CI and law
Evaluation Process (IPPBE), by Michael E. DeVine.
enforcement professionals from across the IC. Although
NCSC Strategic Goals and Statutory
NCSC oversees the CI and security activities of
Functions
departments and agencies, it is not authorized to conduct
The NCSC Strategic Plan for 2018-2022 specifies five
investigations or operations, or to develop contacts with
strategic goals:
foreign intelligence services.
A National CI and Security Enterprise
1. Advancing knowledge of and ability to
counter foreign and other threats.
PDD-75
2. Protecting United States critical
Presidential Decision Directive (PDD) 75, U.S.
infrastructure, technologies, facilities,
Counterintelligence Effectiveness—Counterintelligence for
classified networks, sensitive information
the 21st Century, signed by President Clinton on January 5,
and personnel.
2001, provided a foundation for a national organization to
3. Advancing the CI and security mission,
lead CI and security activities across the government. PDD-
and optimizing CI cooperation and
75 elaborated policy to keep pace with the proliferation of
partnerships.
threats to U.S. national security that came with major
4. Engaging and advocating for government
developments in technology. PDD-75 also provided for the
and private stakeholders to improve
development of national CI strategy and policy, and the
effectiveness.
prioritization of CI requirements. Most importantly, PDD-
75 provided for the formal establishment of a national CI
5. Achieving organizational excellence.
and security organization, headed by the National
To achieve these goals, NCSC has a number of statutory
Counterintelligence Executive (NCIX) and supporting
functions, including these:
office (ONCIX), a National CI Board of Directors, and a
National CI Policy Board (NCIPB) to advise the NCIX on
Producing the National Threat Identification and
the CI strategy and policy. The CI structural elements
Prioritization Assessment (NTIPA), a strategic planning
https://crsreports.congress.gov
The National Counterintelligence and Security Center (NCSC): An Overview
document with a consolidated list of CI requirements
NCSC Directorates
tied to specific CI threats.
The Operations Coordination Directorate helps to
Producing and implementing a national strategy derived
coordinate offensive and cyber CI operations, providing
from the NTIPA’s assessment of the CI environment.
strategic guidance and assessments of the effectiveness of
Overseeing and coordinating the production of analyses
these programs. The Technical and Cyber Directorate is
of CI incidents, including damage assessments and
responsible for oversight of IC agency technical and signal
lessons learned.
security countermeasures, and cyber CI and security. The
Coordinating the development of CI and security
Supply Chain Directorate identifies and analyzes risks to
budgets for departments and agencies with
the supply chain, conducts outreach campaigns to increase
responsibility for CI and security activities.
awareness of threats to the supply chain, and publishes risk
Developing CI and security priorities for investigations
management best practices.
and CI operations.
Security Executive Agent (SecEA) and the Special
Conducting outreach programs to government and
Security Directorate (SSD)
private sector entities to build awareness and
Personnel comprising the NCSC’s SSD serve as the
cooperative relationships to protect United States critical
executive staff supporting the DNI’s role as SecEA,
infrastructure and institutions.
responsible for the “development, implementation, and
Conducting vulnerability assessments of both
oversight of effective, efficient, and uniform policies and
government and private sector entities to enable timely,
procedures governing the conduct of investigations and
effective countermeasures.
adjudications for eligibility for access to classified
Developing training policy and standards for CI and
information.” SSD professionals also support the SecEA’s
security professionals.
role as a principal on the Suitability and Security Clearance
NCSC Organization
Performance Accountability Council (PAC), which
oversees implementation of policy to overhaul the security
National Intelligence Manager for CI (NIM-CI)
clearance process. SSD specifies policy for security
The Director, NCSC, also serves as the NIM-CI,
clearance reciprocity among federal government agencies.
responsible for oversight and integration of CI activities
SSD also manages Scattered Castles, the national
across the IC. NIM-CI provides strategic guidance by
repository for recording eligibility for access to Sensitive
means of a Unified Intelligence Strategy (UIS) for CI, a
Compartmented Information (SCI), other controlled access
classified strategy that provides a framework for enabling
programs, and IC element visit certifications.
CI program managers across the IC to align resources with
Table 1. NCSC Components
prioritized requirements tied to programs directed at
achieving particular strategic objectives. The NIM-CI also
National Intelligence Manager for CI (NIM-CI)
conducts mission reviews of CI programs and activities to
National Insider Threat Task Force (NITTF)
assess their impact and alignment with national CI strategy.
Center for Security Evaluation
National Insider Threat Task Force (NITTF)
Operations Coordination Directorate
One component of NCSC, the NITTF, which is chaired by
the DNI and the Attorney General, was originally
Technical & Cyber Directorate
established through Executive Order 13587 in October
Supply Chain Directorate
2011. The NITTF is responsible for developing policy and
Special Security Directorate
programs for deterring, detecting, and mitigating threats
from personnel within the government or private industry
Source: NCSC.
who would unlawfully disclose classified information, or in
Threat Environment
any way work to undermine U.S. national security on
behalf of a foreign entity. NCSC Director Evanina has
NCSC has been principally concerned with four countries:
underscored the seriousness of the continued risk posed by
Russia, China, Iran, and North Korea, which it assesses to
be responsible for political and economic espionage,
insider threat, noting that it remains “as much a problem
today as … five years ago.” The NITTF is also responsible
cyberattacks, and information operations targeting the
for outreach to increase public awareness of the threat and
United States. State and nonstate threats to the United
States have specifically targeted organizations and
provide best practices for deterrence, detection and
mitigation. Some analysts have contended that the potential
infrastructure connected to the defense, manufacturing,
for insider threat-related activities has grown with the
energy, financial, public health and emergency services,
transportation, and telecommunications sectors. NCSC’s
proliferation of social media platforms that can conceal
Strategic Plan also highlights the growing risk posed by
communications though end-to-end encryption.
threats operating in cyberspace that can use social media
Center for Security Evaluation (CSE)
platforms to influence public opinion, or exploit “smart”
The CSE provides advice and support to the Department of
devices linked through the internet of things.
State on security for the construction and operation of
Acknowledgement: This In Focus was originally co-
diplomatic facilities overseas, including security
authored with former CRS Intern Jackson K. Stuteville.
construction requirements, assessments and mitigation of
CI and security vulnerabilities, and force protection.
Michael E. DeVine, Analyst in Intelligence and National
Security
IF11006
https://crsreports.congress.gov
The National Counterintelligence and Security Center (NCSC): An Overview
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF11006 · VERSION 2 · NEW