OPINION:
Former Defense Intelligence Agency analyst Ana Montes, who was convicted of spying for Cuba in 2002, was released from a Texas federal prison earlier this month. With access to top-secret human intelligence, all-source analysis and internal U.S. policy strategy, Ms. Montes was a highly valuable asset for Havana’s communist regime, and the secrets she stole were no doubt received in the Kremlin with great appreciation as well.
Motivated by an ideological affinity for Fidel Castro’s brutal communist dictatorship, Ms. Montes deftly concealed her espionage from her co-workers and supervisors. Cuban intelligence reportedly recruited Ms. Montes in 1984 before she began working at the DIA and successfully ran her as a sensitive, clandestine source for nearly two decades.
I never met Ms. Montes, but I crossed paths with three other notorious spies, all of whom, like Ms. Montes, successfully spied on behalf of our adversaries for decades.
In my first year of government service, I worked an interim assignment in the CIA office where Aldrich “Rick” Ames was serving as a branch chief. I found Ames aloof and arrogant but never could have imagined he was betraying us for the Soviet Union.
I met Walter Kendall Myers, a State Department employee, in the early 1990s when he was working at the Foreign Service Institute. Like Ms. Montes, he also spied for Cuba, reportedly for 30 years, again for ideological reasons. He was handed a life sentence after his 2009 arrest. Myers gave the appearance of being a stereotypically studious, absent-minded professor, the farthest thing from a cloak-and-dagger spy.
The foreign spy whom I personally knew best was Herman Simm, who served in the Estonian Defense Ministry after a successful career in law enforcement. Responsible for protecting state secrets and working with NATO and European Union members, Simm was arrested in 2008 and released from prison in 2019. Outwardly, Simm seemed to be nothing more than a patriotic and unassuming old-timer in the final years of a distinguished public service career. In fact, he was one of Russia’s most valuable spies.
Counterintelligence plants, as one of my CIA mentors used to say, are not like fine wine, getting better with age. The longer spies like Ames and Simm operate in our midst, the more damage they do to our national security. With each spy we uncover, there follows the mandatory damage assessment and the need for new security protocols and regulations for the entire intelligence community.
The private sector, under siege from Chinese, Russian, Iranian and North Korean intelligence operatives, not to mention criminals and domestic competitors, should also take to heart the lessons we’ve learned about mitigating insider threats from these high-profile espionage cases.
Unwitting insider threats, such as when an unsuspecting employee mistakenly clicks on a phishing link, can be addressed by training and awareness programs.
But malicious insider threats — using spies to obtain sensitive corporate information and technology — present a far greater challenge because the bad actors deliberately harm their enterprise to the benefit of our enemies.
When I served at the CIA, we used to say that there were two kinds of governments: those that foreign spies had infiltrated and those that did not know it yet. The same applies to private businesses, whose security checkup should start by assuming an insider threat is already active in their ranks.
First, enterprises should identify their corporate and intellectual crown jewels, track who has access to them and regularly assess their worth. Enforcing a need-to-know policy, enterprises should have a platform in place to detect unusual credential usage as well as anomalous, “out-of-pattern” database activity that raises red flags.
Second, vet and hire the right people who are a good fit for the enterprise and its culture, and then train them to spot those red flags. Offer employee assistance program support when needed.
Third, particularly for high-risk employees, enterprises should have an end-of-employment policy with regulations on which human resources, security and other company stakeholders collaborate.
In addition to financial costs and reputational damage, insider threats can also undermine the confidence of shareholders, customers and employees. Let the Montes espionage case be a clarion call for heightened insider-threat awareness and the need for effective countermeasures not only for our intelligence professionals but for the vulnerable private sector as well.
• Daniel N. Hoffman is a retired clandestine services officer and former chief of station with the Central Intelligence Agency. His combined 30 years of government service included high-level overseas and domestic positions at the CIA. He has been a Fox News contributor since May 2018. Follow him on Twitter @DanielHoffmanDC.
Please read our comment policy before commenting.