Top counterintelligence official Mike Orlando on foreign espionage threats facing U.S. - "Intelligence Matters"
In this episode of Intelligence Matters, host Michael Morell speaks with Mike Orlando, the acting director of the National Counterintelligence and Security Center, about the range of foreign espionage threats facing the U.S. from adversaries and challengers like Russia and China. Orlando and Morell discuss how "non-traditional collectors" within the academic and business sectors are increasingly tasked by foreign governments to steal intellectual property and other secrets. Orlando, a career FBI agent who has specialized in counterintelligence, explains how NCSC has sought to warn U.S. private sector entities against espionage threats that have evolved in range and sophistication.
Highlights
- Adversaries targeting private sector: "So, if you look back 20 years ago, what we were most concerned about was intelligence services targeting the U.S. government for classified information or targeting DOD technologies. And what we've seen over the last 20 years is the shift to private sector intellectual property research and development, particularly by China, who has been the most egregious one in stealing those technologies. And we've also seen their capabilities of China and Russia move from not only the human operations, but to cyber operations and to technical collection that has made it a difficult target to work."
- Espionage threat from the Chinese government: "We believe that there's no other country than China that poses the most severe intelligence threat to America. We're looking at $200 billion to $600 billion dollars a year in losses to intellectual property theft by China. And that's been going on for the last 20 years. That's a pretty staggering number of loss to us. And when you look at China's national plans, as I said earlier, it's one where it's to put us essentially out of business. And I think the concerns for this generation ahead is that if we don't stay ahead of this, we will be disadvantaged both economically and in the national security arena as well."
- "Non-traditional collectors": "[W]e've seen a pivot to these non-traditional collectors, which are students, researchers, businesspeople, people who have legitimate jobs, who act as proxies or surrogates for the intelligence service. They generally don't have formal training, but they're able to operate using their cover or using their legitimate cover to then work for the intelligence service."
Download, rate and subscribe here: iTunes, Spotify and Stitcher.
INTELLIGENCE MATTERS - MIKE ORLANDO
PRODUCER: OLIVIA GAZIS
MICHAEL MORELL: Mike, thanks for joining us on Intelligence Matters. I'm really looking forward to the discussion with you.
MIKE ORLANDO: Thank you for having me. A lot of my colleagues are big fans of this program, so it's certainly an honor to be here with you today.
MICHAEL MORELL: Mike, before we we dig into the threat landscape that you deal with every day, I'd like to ask a couple of questions about you, if that's OK. And the first is, how did you end up at the FBI? What attracted you there and what's your career been like?
MIKE ORLANDO: I've always wanted to work on national security, and I started off in the military and had pivoted over to CIA before coming over to the FBI. I've always been attracted to the domestic counterintelligence mission and I've had a great career over here working everything from China, espionage, Iran, Russia, counterintelligence, and then over at counterterrorism. And so it's been really great working in this industry. And for the listeners, if you're really into team sports, working in the national security, FBI, CIA, the intelligence community is to me the ultimate team sport where you're doing something of national importance.
MICHAEL MORELL: There's there's real meaning to going to work every day. I found.
MIKE ORLANDO: Absolutely.
MICHAEL MORELL: So you've worked a lot of counterintelligence cases. Let me ask you about at least one of them. You worked on the Maria Butina case, the Russian agent who sought to infiltrate the NRA and some conservative circles. In fact, I think you led the team. And I just wanted to ask you, how unique was that case in the universe of Russian spy cases, particularly in how openly she operated, which seemed to me to be a little unusual.
MIKE ORLANDO: It's certainly an interesting case for a couple of reasons. First, she was arrested for an unregistered agent, that is a very difficult charge to bring. And the investigative team certainly did a great job of building that case and working with the US attorney's office to be able to show the evidence of what she was doing. And for the listeners, you know, she was essentially here trying to infiltrate political circles for the benefit of the Russian government to collect information and to influence to the advantage for the Russian government. And I think this case highlights, I think, the current challenges in counterintelligence, where back in the Cold War, we were focused on intelligence officers working undercover out of the embassy. She played a role as what we call a non-traditional collector, not an officially trained intelligence officer, but certainly working as a proxy for the government.
MICHAEL MORELL: So she says, right, that she was involved in normal diplomacy, right? Not an intelligence operation. And just wondering for our listeners, you know, where's the line between those two things?
MIKE ORLANDO: The line is when you're not disclosing that you're supporting or working for a government. And in her case, she was not disclosing that she was working on the behalf of the government.
MICHAEL MORELL: So, Mike, let's switch to the center you run. We had Bill Evanina on the show before, but it's been a while. So could you remind us what the NCSC does, what its mission is?
MIKE ORLANDO: Sure, the National Counterintelligence and Security Center, our role is to lead and support the counterintelligence and security community to really integrate those functions, but we also here do outreach to the private sector and to the public to educate them on counterintelligence threats and to do public warnings, to advise them of threats such as election threats or other national things that we think they need to have awareness of.
MICHAEL MORELL: And what, Mike, what are your priorities for both the center and for the broader U.S. counterintelligence community? What do you want to accomplish?
MIKE ORLANDO: Sure. So the priorities that I have is in aligning with the integration of the community. We have a number of challenges from China to Russia to Iran and North Korea. And these challenges require us as an intelligence community to work together. And my priority is to make sure that we are integrating the community in the ways that they need to be integrated on the most important topics that require a whole of government effort. And then the other thing that is a priority for me is the public outreach that we do is so important because this is a whole of society problem and we really need to educate the public of the counterintelligence threats and how it impacts them so they can better protect themselves. So I am looking to make sure that we continue to build our outreach capability so we can deliver the best message to educate the public.
MICHAEL MORELL: And can you give us examples of of the kind of outreach you're talking about?
MIKE ORLANDO: Sure, we do a lot of different outreach to start with, we have the ability to bring in at risk sectors and do a one time reading for classified information where we can provide them classified information so they understand the threat. And oftentimes we do that in partnership with other agencies such as the FBI, so that they can bring a level of expertise or we can help build partnerships. We also do a number of unclassified briefings using business associations so we can get our message out about the different threats. And then third, we do a number of public private partnerships with DHS on things from cyber to energy to help those private public partnerships where we can bring some expertise to them.
MICHAEL MORELL: If there's a specific -- a very specific threat or a specific case, would that be the FBI that would approach the company as opposed to you guys? How does that work?
MIKE ORLANDO: So we're not an investigative or operational entity. And so the FBI, if there's a specific threat, certainly would be the FBI. We do more general education and then pass off those relationships or partner with the FBI for those specific things.
MICHAEL MORELL: So I'm wondering about the general public, right, that I don't think they have an understanding of, in general, the threat posed by China and the the counterintelligence threat in particular. So are you thinking about ways of of getting to the the general public as opposed to specific sectors or specific companies?
MIKE ORLANDO: Yes, not only we try to think of ways to get better outreach to a broader audience. We're also trying to make sure we're talking about things at most at risk. So, for example, we are very concerned about China's theft of what we call transport technologies. That would be artificial intelligence, quantum computing, autonomous vehicles, biotechnology, 5G. And so we want to make sure that those industries have the awareness about the risks to them so that we don't lose our leadership in that those fields, which we believe are very important for our economic and national security. And then we're also trying to look for various platforms where we can widen the audience.
MICHAEL MORELL: So, Mike, let's talk about the the counterintelligence threat landscape. What does it look like? Who are the key adversaries? Can you kind of paint that picture for us?
MIKE ORLANDO: Sure, the IC recently released their annual threat assessment, which poses a picture of Russia and China being the global threats against us who are by far the most capable counterintelligence adversaries we have, but also Iran and North Korea are these regional threats with sophistication in cyber operations.
MICHAEL MORELL: Anybody else that you would put in that category?
MIKE ORLANDO: I would also include Cuba as well. It's often a threat that's overlooked, but they're also a very capable intelligence service, oftentimes supporting the activities of Russia and China.
MICHAEL MORELL: And then has there been a shift, Mike, from targeting of the U.S. government to targeting of the private sector? Has that occurred?
MIKE ORLANDO: Yes. So if you look back 20 years ago, what we were most concerned about was intelligence services targeting the U.S. government for classified information or targeting DOD technologies. And what we've seen over the last 20 years is the shift to private sector intellectual property research and development, particularly by China, who has been the most egregious one in stealing those technologies. And we've also seen their capabilities of China and Russia move from not only the human operations, but to cyber operations and to technical collection that has made it a difficult target to work.
MICHAEL MORELL: And then can you talk a little bit about the non-traditional, the non-traditional intelligence operations, because I think when most people think of intelligence operations, they think of cloak and dagger and covert operations. Can you talk a little bit about the non-traditional piece which seems to be growing in importance?
MIKE ORLANDO: Yes. So as I stated earlier, you know, we were really concerned with intelligence officers who worked at embassies and under embassy cover. And now we've seen a pivot to these non-traditional collectors, which are students, researchers, businesspeople, people who have legitimate jobs, who act as proxies or surrogates for the intelligence service. They generally don't have formal training, but they're able to operate using their cover or using their legitimate cover to then work for the intelligence service.
I think the Benjamin Bishop espionage case back in, I believe, 2011 is an example of our nontraditional collector. Mr. Bishop was a U.S. government contractor at Pacific Command in Hawaii at the time, and he had met a woman who was a researcher for the Chinese government and they developed a romantic relationship. And then quickly after she started to ask him very pointed and specific questions to elicit classified information from him, he was ultimately arrested. But if you look at her, she was a legitimate researcher, but working on the behalf of the government to collect information about our U.S. military.
MICHAEL MORELL: Is it your sense that these folks, these students, for example, and possibly business people, that they're actually tasked by Chinese intelligence or are they, you know, told when they leave: If you happen to run across anything of interest, let us know -- if you have a sense of how that works.
MIKE ORLANDO: Yes, so they're certainly operating at the request of the Chinese government to do that. They are oftentimes tasked to do it. If you look specifically at China there are military civilian fusion, it is whatever the civilian sector is doing anything for the civilian sector, but for the military sector and whatever the military is doing this also for the civilian sector. And so China has this, if you will, this whole of government approach to how they do things. And so they will task individuals, students and researchers to collect a wide variety of information from research to national security information. And by and large, I think they believe they have no choice but to do it, to cooperate with the service. And some of them really don't want to do it. They just would like to do their work. And now China has a national security law which now requires them to support the communist government.
MICHAEL MORELL: Do the Russians use the non-traditional approach, as much as the Chinese, or less so?
MIKE ORLANDO: We believe that, I think, all intelligence services are using them as well, but we predominantly see it with the Chinese service.
MICHAEL MORELL: And it's a matter of numbers in China's case - they have so many more people here?
MIKE ORLANDO: They have so many more people, but also that the targets that China are going after, they are so much more aggressive in the intellectual property space than what we see with Iran or Russia, they are certainly collecting in that space as well, but not to the degree that the Chinese are doing it. And so it certainly gives us a larger optic of how the Chinese are going about it, given that they are targeting so many different industries.
MICHAEL MORELL: OK, so let's talk about those. So what are the industries that the Russians and the Chinese are targeting? I think you you mentioned in general than before, but if you could get a little bit more specific, that would be helpful.
MIKE ORLANDO: Sure. So for Russia, they were mostly interested in the defense industry, transformative technologies, artificial intelligence. But we're mostly concerned with what China is doing. They certainly would like to challenge us to be the world leaders, the superpowers of the world, and they roll out a number of national plans that lay out their agenda.
For instance, the Chinese 14th Five-Year plan or the Made in China 2025 in which they lay out these ambitious plans where they would like to have leadership in high end development and production technologies. And this includes information technology, aerospace equipment, new materials, clean energy, maritime, robotics, and then back to those transformative technologies that I mentioned before, artificial intelligence, quantum biotechnology, 5G. And when you look at the ambitious plans they have, the only way they can achieve that is through theft of our technology and also encouraging people to come over with those experiences with those technologies. And so it's certainly these plans to offer a roadmap for theft of American innovation.
MICHAEL MORELL: So it sounds as if this is a pretty sophisticated effort on their part. Is that the correct conclusion here?
MIKE ORLANDO: Yes, I would say it's a national plan that brings together their society, from military to intelligence to the civilian sector, weaves it together to drive these plans as a whole of society for the Chinese government, and it's being done at our disadvantage.
MICHAEL MORELL: So, Mike, earlier you talked about your traditional traditional kind of HUMINT operations, right? Using human beings to collect intelligence. But then you also talked about cyber. Can you kind of put cyber in perspective here in terms of the degree to which it's used by both the Russians and Chinese and how successful they are at it?
MIKE ORLANDO: Yes, so both the Russians and Chinese are very successful and very capable at conducting cyber operations. Look at the recent Solar Winds compromise, which was done by Russia. You look at China's hacking of our OPM, Equifax databases. They're acquiring a large amount of our personal identifying information. We're seeing the Chinese hack into private sector companies to steal their trade secrets for both countries. This is a low risk operation against us that's given them high dividends and a lot of information and has been very difficult for us to defend against.
MICHAEL MORELL: OK, so what can companies - and we'll come back to universities in a second - but which is probably a particular problem, but what can companies do to protect themselves and what can the government do to help them?
MIKE ORLANDO: So this comes up a lot, particularly recently with the recent hacks and by talking to the experts in the cyber field, what we need government organizations and private sector organizations to do is to really implement some good cyber hygiene. It will not eliminate the threat, but it will help them manage risk a lot better. And good cyber hygiene includes maintaining your computer logs, looking for anomalies, the continuous monitoring of your systems to find those anomalies, segregating your networks, reducing down your administrative credentials and patching your system. The companies, government agencies that are able to do that are able to find compromises faster and minimize their losses.
MICHAEL MORELL: And why do we - this might be sort of an unfair question - but why do we seem to struggle at this? Is it because we're a little lax on the defense or is it because the defense has a first mover advantage in terms of of advancing the technology, of being able to conduct cyber operations? Why do we seem to struggle at this so much?
MIKE ORLANDO: I think this is a great question, and I think part of it is that broadly, people don't understand the threat or that they're in the targets of these services. I think for some who do understand the threat, the cost of doing cyber security might be too much for smaller companies. I also think some of gone numb to it and just accept that it's just a reality of it. And then some of it is just, I think, the complacency and not just implementing good cyber practices.
MICHAEL MORELL: And then talk a little bit about -- because this is so, so important - the importance of the supply chain, right, from a cyber perspective. You can you can lock yourself down, but if one of your vendors who has access to your system isn't locked down, you know, you're not either. Can you talk about that?
MIKE ORLANDO: Yes. So April is the National Supply Chain Integrity Month for us here at NCSC, where we try to bring greater awareness and best practices for supply chains. And what we see in supply chains, particularly on the cyber side, is the software supply chain attacks where they are able to compromise, let's say, a cloud server, where they then are able to move around that server to acquire information on 50 companies, as opposed to go after all 50 companies. And so the services, the intelligence services have found this is an easier way to acquire information at a broader scale.
MICHAEL MORELL: So on the the the supply chain piece of it, and if you think about SolarWinds in particular, you know, an operation that was actually conducted in the United States makes it a little bit difficult for the traditional intelligence community, right, CIA, NSA, to play a role in preventing that. Are you guys talking about better ways of approaching that, better ways of identifying it? How do we think about that going forward?
MIKE ORLANDO: So the good news is that that incident has created a lot of conversations in government and with private sector about how to go about this. And although there's no silver bullet solution to this, it's certainly going to take a whole of nation, public private partnership to figure out how to go about this. I believe the conversations about software, so we have better visibility into software so it's secure, and the conversations around zero trust architecture is also very important. And just broadly from an intelligence community, it's trying to make sure we're focusing on those areas in this room where we can better support and share information with the private sector so they can then take better actions to defend themselves.
MICHAEL MORELL: So we chatted about what companies can do to protect themselves from intelligence operations that are cyber-based. What about what about intelligence operations that are HUMINT based, particularly the nontraditional collector? How can companies protect themselves against those sort of operations?
MIKE ORLANDO: So what we tell companies is that they they need an enterprise security approach, from physical security to cybersecurity to also an insider threat program. And an insider threat program essentially looks at their employees to see what risk they may be holding with them, whether it's theft or violence, but also to protect against these nation states. And then these programs will help identify those risks. Because we have seen the Chinese and Russians recruit people inside of companies to either facilitate cyber operations or steal information, or, in addition, the Chinese have a number of talent acquisition programs where they're trying to recruit talent, but also encouraging them to take technology with them or intellectual property when they recruit those individuals.
MICHAEL MORELL: So Mike, take us take us inside one of these one of these briefings for a company, right. Do you kind of generally describe what the Chinese intentions are, Russian intentions, and then give them specific examples of what you've seen over time? Is that what you do?
MIKE ORLANDO: Yes. So generally we start out with the broad threat, trying to make sure they understand the intentions of Russia and China, particularly as it pertains to them in their sector. We provide them some case examples of companies that may have lost technologies. We also try to give them examples of how they will go about it through legal and quasi legal or illegal means, whether that's cyber intrusions and cyber threat mergers. And then we give them some tips on how to better protect themselves, such as building these insider threat programs, ensuring that they are integrated with their physical security, human resources and acquisitions, and working as a whole team. And then we also make sure they understand that if the head of the company doesn't believe in security, no one else will; it really has to be part of the culture of the company.
MICHAEL MORELL: And do you see it's a wake up call for people or is it your sense that they that they have a decent understanding of this, or does it vary by industry or vary by company? What's the reaction when you do one of these?
MIKE ORLANDO: So all the conversations we have are very, very good and very informative and we have very good exchanges, but what I am seeing broadly is that people still haven't understand the threat yet. And so it's hard for them to pivot to what to do about it. And I'm hoping over time, through these outreaches, we're able to educate them enough where we can shift the conversation to, 'You understand the threat. Now let's figure out how to work together to solve these complicated problems.'
MICHAEL MORELL: And talk a little bit about universities, because that must be a little bit more difficult. Do you do you do briefings for them? How do those briefings go? Can you talk about that?
MIKE ORLANDO: Sure. So we do briefings at universities. We have a team here who has a deep background in academics and how to talk with them, understanding their concerns. This is a very challenging space because in academia, the exchange of information is certainly needed for innovation and we certainly encourage it. But we also have to educate them on the risks that Russia, China and others are certainly using that pathway to steal technology in a way that's not reciprocal to us. And we have to make sure that academia understands the risk that's there and also trying to have a balance of the transparency of what they're doing for the greater good.
MICHAEL MORELL: So do you get more pushback at universities than you do at companies?
MIKE ORLANDO: I think when I talk with companies, it's easier for them to understand the risk, whereas when we talk at universities where they're accustomed to that international collaboration, it's sometimes harder for them to digest the threat and sometimes harder for them to understand what to do about it and how to distinguish it.
MICHAEL MORELL: Yeah, Mike, what about companies that have a significant presence in China that must be much more complicated, right, in terms of protecting the company from counterintelligence threats. So how do you talk to companies about that?
MIKE ORLANDO: Sure, so we try to just make sure that they understand the environment there and what they're up against. We certainly understand that American business needs to do business overseas and we don't try to dissuade them from it, but we want to make sure that they have that knowledge so they can better protect themselves. And we try to make sure they understand that China has national security laws that require all Chinese companies and individuals to cooperate with the intelligence service and that there is really no separation from the state and the commercial.
And we also make sure that they understand that when you look at China, long term ambitions, where in 2049 they want to be the leading economic superpower, they're also trying to do it at our disadvantage. And when their domestic companies stand up, Chinese government will make sure that they aid them and make it harder for American companies to survive there. So we want to make sure that American companies understand that China doesn't see this as win-win, they see it as win-lose, very competitive environment for them there. So generally, once we do that with an answer, their questions of what their concerns are and how we can better help them.
MICHAEL MORELL: And so maybe maybe we could take a step, a broader step back here. And, you know, you've worked on a lot of important issues during your career. You worked counterterrorism. You know, you probably spent a lot of time working, working Russia counterintelligence issues early in your career. China is is the focus now, not that we don't have to focus on places like Iran and in Russia, but China is the focus. Can you talk a little bit about China as a national security threat and why you're so worried about that and why and why an average American needs to be worried about it?
MIKE ORLANDO: We believe that there's no other country than China that poses the most severe intelligence threat to America. We're looking at $200 billion to $600 billion dollars a year in losses to intellectual property theft by China. And that's been going on for the last 20 years. That's a pretty staggering number of loss to us. And when you look at China's national plans, as I said earlier, it's one where it's to put us essentially out of business. And I think the concerns for this generation ahead is that if we don't stay ahead of this, we will be disadvantaged both economically and in the national security arena as well.
MICHAEL MORELL: And is it your sense that people get that across the country or they're starting to get it or or there needs to be more discussion about this at a national level?
MIKE ORLANDO: So I think what I'm seeing is that there's a number of articles out there now about the threat that I hadn't seen in the last 20 years. And so I think it is getting out there. But I really think there's a lot more work we need to do to educate people and keep this dialogue going because we can't forget about it. And we need to be talking about what do we do as a country to better protect ourselves. Because these problems aren't just counterintelligence problems. They span into other areas as well.
MICHAEL MORELL: You know, I was I was having a conversation with a current Biden administration official, and he had not been in government for for almost 10 years. He left a little earlier than I did. And he told me, you know, based on what he's seeing, he's absolutely shocked at the degree of Chinese activities in the United States, right. He expected it to be significant, but it was even much, much more than than he thought. And this was somebody who had been in the government and had kind of seen, you know, what happened 10 years ago. So he saw a significant increase. And I'm just wondering if that's consistent with what you've seen.
MIKE ORLANDO: Yes, I would say when I first started this, particularly with China, and they were very careful and quiet about what they were doing, and now you see a very brazen activity from the Chinese government. And if you look at some of the activities that are going on here in the United States that frankly go against some of our First Amendment and other constitutional rights. In 2020 a, Zoom Executive, which is a video platform, was charged because he fabricated evidence that Chinese nationals here in the United States who were commemorating the Tiananmen Square incident were involved in terrorism or child pornography to take down their account at the behest of the Chinese government here while they were in the United States.
There's also a recent article about WeChat and a number of individuals, Chinese nationals here in the United States who are suing WeChat because they were writing articles critical of China and which had censored and took down their articles. And then you look at Operation Fox Hunt, which FBI Director Wray often talks about, which is this uncoordinated law enforcement activity that China formed in the United States to try to repatriate dissidents or political rivals is very concerning to me and should be concerning to American citizens that you had this authoritarian regime conducting activities in the United States or trying to suppress our First Amendment rights.
MICHAEL MORELL: So essentially trying to do here what they do at home every day.
MIKE ORLANDO: Exactly.
MICHAEL MORELL: So, Mike, China's obviously a threat, but I guess the question is, is, is how do we talk about it smartly? Right. How do we warn about the threat without Americans seeing a Chinese spy behind every rock? Obviously, anti-Asian violence is a real thing. The political rhetoric about China is no doubt playing a role in that. So how do we get this balance right of talking about the threat without, you know, without creating incentives for people to kind of take action in their own hands?
MIKE ORLANDO: So first, our issue is not with Chinese Americans or Chinese nationals. Our issue is with the communist government of China. And in regards to hate crime, that is something that is very important to the U.S. government to make sure that all people are treated fairly. And, you know, we certainly are concerned about it.
But I think the real narrative is, is the Chinese government that are setting the conditions for people to steal information. They are encouraging them to do it, providing them benefit. And, when you look at their national security laws, is forcing them to do that, and I think that is the real conversation. And what I would say to Chinese nationals or Chinese Americans is that, 'We're here to help you. And if you find yourself in a situation where you feel the Chinese government is trying to compromise you before you take action, please come to us so we can help you.' We certainly need Chinese nationals and Chinese Americans to help us solve this problem.
MICHAEL MORELL: So, Mike, we're we're almost out of time here and and this might be the toughest question, which is, you know, if you were looking out five to 10 years, this is probably going to be worse. Is this problem going to be better? What do you think?
MIKE ORLANDO: If we don't take action, it is going to be worse and I think the next five years are very critical for us to engage as a whole of society to figure out how are we going to counter the efforts of China if we want to be the national leaders.
MICHAEL MORELL: Mike, thank you so much for joining us. It's been really great to have you on the show talking about what I think is an extraordinarily important issue. So thanks for joining us.
MIKE ORLANDO: Thank you for having me. I'm glad I've had the opportunity to share your thoughts so we can educate the public about the threats from from foreign governments.