For America's Top Spy Catcher, A World Of Problems To Fix — And Prevent

Dec 20, 2016
Originally published on December 20, 2016 10:54 pm

William Evanina holds two official job titles: national counterintelligence executive and director of the National Counterintelligence and Security Center.

Eyes glazing over? Here's a simpler way to think of him: as the nation's spy catcher in chief.

As the head of U.S. counterintelligence, Evanina is in charge of keeping America's secrets out of enemy hands. 2016 has proved an exceptionally challenging year, between Russian hacks and another massive data breach at the National Security Agency.

But before we get to those, here's a story that yields some insight into the kind of year Evanina has had: On May 4, he was meeting a friend and former colleague at the Silver Diner in McLean, Va. They were tucking into lunch when they heard a crash.

"A lot of people started yelling, 'Gun!' And then there was multiples crashes," Evanina remembers.

A Hummer had slammed into the diner. The man driving it — a cook who had been suspended — backed up and tried again, three or four times.

"And then he set himself on fire, trying to burn the restaurant down," says Evanina, who may now run counterintelligence efforts for the entire U.S. government, but remains — by training and instinct — an FBI agent.

Evanina helped pull the man from the burning Hummer. And then he cuffed him.

"I'm still an FBI agent," he says, "and until that day is over, I will be an FBI agent, and that entails carrying handcuffs."

One customer died from his injuries. The man Evanina cuffed — the suspended cook — was charged with second-degree murder.

"Crazy things happen," says Evanina. "I just happened to be in the right place at the right time. When you look at that individual, that is the epitome of the insider threat."

Insider threats are a phenomenon Evanina has had to confront more often than he might have liked over his 27-year career. In 2013, when NSA contractor Edward Snowden fled the country carrying a laptop stuffed with secrets, Evanina was assigned to the investigation. At the time, he was assistant special agent in charge of the FBI's Washington field office.

This, he says, "makes it difficult for me to opine on Edward Snowden. But in my job now, I handle the damage assessment aspect of Mr. Snowden. On a quarterly basis, we develop a damage assessment, provide that to Congress and the White House."

That means every three months, Evanina briefs official Washington on the ongoing fallout from Snowden. Which raises the question: How much classified material may yet come to light? Evanina says Snowden is estimated to have taken 1.5 million documents.

"If you subtract the give or take 1,000 that have been disclosed, there's a lot more to go," he says. "We have a pretty good fundamental idea, every agency does, as to what documents were stolen by Mr. Snowden. And we've put them into tranches, in terms of significance and in terms of damage that could be caused. And every day, every [U.S. intelligence] agency is watching the world media to see what's being disclosed."

This year, the world learned of yet another possible inside job at the NSA. Harold "Hal" Martin III, another contractor, was arrested in August. Like Snowden, he had worked at the NSA. He was working for the Pentagon at the time of his arrest.

Federal prosecutors have not claimed evidence of links between Martin and a foreign power. But at his house in Maryland, investigators found huge piles of classified documents, which Martin is alleged to have stolen over a two-decade period.

Coming just three years after the Snowden episode, is there any way to view Martin's case as something other than an epic security failure?

Evanina says there is. "Someone who is in an insider threat, who's seeking to do damage, will do the damage," he says. "It's really, really difficult to stop that person once they've made a decision."

Evanina says the answer is not to rely on intrusive security checks. He insists the NSA's internal security is excellent. Instead, he argues that spy agencies need to do a better job of monitoring behavioral indicators: identifying when employees are vulnerable — whether through financial or marital troubles or because they've been passed over for promotion — and then intervening before they act in detrimental ways.

Evanina also says that obsessing over Snowden or Martin will get you only so far. "We spend a lot of time on fixing what's happened, and not enough time on what the future looks like six months from now," he says. "What are the new technologies and capabilities to take [classified materials] away?"

Speaking of the future, Evanina will spend the next several weeks helping to pull together a White House-ordered review of election year cyber-intrusions. The review follows an October statement issued by Evanina's boss, Director of National Intelligence James Clapper, and by the Department of Homeland Security, which concludes that Russia's "senior-most officials" authorized recent hacks.

Evanina's role is to unravel which Russian spy agencies were involved.

"It gets characterized as the 'government of Russia,' " he says. "Well, in our world, it's a little bit more complicated than that."

An investigation by the private cybersecurity firm Crowdstrike has attributed the hacks to Russia's military and domestic security agencies. Evanina is probing that further.

"There's an intense competitiveness within the Russian intelligence services," he notes. "The GRU [main intelligence directorate] and the SVR [foreign intelligence service] and the FSB [federal security service] are competing for resource dollars and for activity here in the U.S."

That presents both challenge and opportunity for American spy agencies. Knowing which specific adversary they're dealing with, Evanina says, helps to inform the response.

Meanwhile, he estimates that more than 100 Russian spies are operating on U.S. soil right now.

"They're here to do their country's bidding," he says. "Acquiring plans and intentions of our country, and stealing our trade secrets and proprietary information. Our job is to identify them and track them down, surveil them and neutralize their efforts."

As to where the Russians operate, Evanina says they're in big cities: "Washington, D.C. New York City. Los Angeles. San Francisco. Our innovation hubs."

That's because Russian intelligence officers are focused on America's energy, telecommunications and financial sectors, he says. So there's plenty to keep Evanina busy until next June, when he wraps up his tour as the country's top spy catcher.

Copyright 2017 NPR. To see more, visit http://www.npr.org/.

ROBERT SIEGEL, HOST:

The next story is about a man you could call the nation's spy catcher in chief. Bill Evanina is head of U.S. counterintelligence. That means he's in charge of keeping America's secrets out of enemy hands. Between Russian hacks and another massive data breach at the National Security Agency, 2016 has been a challenging year for Evanina. He sat down with NPR's Mary Louise Kelly to talk about it.

MARY LOUISE KELLY, BYLINE: One of the first stories that people in intelligence circles will tell you about Bill Evanina took place this past May. The setting - at the Silver Diner in McLean, Va. Evanina was eating lunch with a friend when...

BILL EVANINA: Oh, the big loud crash and, you know, a lot of people started yelling, gun.

KELLY: A Hummer had slammed into the diner. The man driving it, a cook who'd been suspended, backed up and tried again.

EVANINA: Three or four times. And then he set himself on fire trying to burn the restaurant down.

KELLY: Evanina is career FBI, so he helped pull the man from the burning Hummer, and then he cuffed him.

EVANINA: Put handcuffs on him, yes. I'm still an FBI agent. And until that day is over, I will be an FBI agent, and that in terms of carrying handcuffs.

KELLY: One customer died from his injuries. The man Evanina cuffed, the cook, has been charged with second-degree murder.

EVANINA: Crazy things happen, and I just happened to be in the right place at the right time. And when you look at that individual, that is the epitome of the insider threat.

KELLY: The insider threat. That's a situation Bill Evanina has had to confront more often than he might have liked over his career. In 2013, when NSA contractor Edward Snowden fled the country carrying a laptop stuffed with NSA secrets, Evanina was assigned to the investigation. At the time, he was leading the FBI's Washington field office.

EVANINA: But in my job now, I handle the damage assessment aspect of Mr. Snowden. On a quarterly basis, we develop a damage assessment, provide that to Congress and the White House.

KELLY: Meaning every three months, Evanina briefs official Washington on the ongoing fallout from Snowden. Which prompts the question - how much classified material may yet come to light?

EVANINA: The 1.5 million documents that he took, if you subtract the give or take a thousand that have been disclosed, there's a lot more to go.

KELLY: Do you know what all of them are?

EVANINA: We have a pretty good fundamental idea. Every agency does as to what documents were stolen by Mr. Snowden. Every day, every agency is watching the world media to see what's being disclosed.

KELLY: This year, we learned of yet another data breach, the case of Hal Martin, who allegedly took even more than Edward Snowden. Is there any way to view that as something other than an epic security failure?

EVANINA: There is.

KELLY: To review, Harold Hal Martin was arrested this August. Like Snowden, he'd worked at the NSA. Federal investigators have not claimed evidence of links between Martin and a foreign power. But at his house, they found huge piles of classified documents. How could that happen three years after Snowden?

EVANINA: Someone who is an insider threat who's seeking to do damage will do damage. And it's really, really difficult to stop that person once they've made a decision.

KELLY: Evanina says the answer is not intrusive security checks. He insists the NSA's internal security is excellent. Instead, he argues spy agencies need to do a better job monitoring behavior, identifying when employees are vulnerable, whether through financial or marital trouble or being passed over for promotion, then intervening before they act. Evanina also says obsessing over Snowden or Martin will only get you so far.

EVANINA: We spend a lot of time on fixing what's happened and not enough time on what's the future look like six months from now? What are the new technologies, capabilities to take stuff away?

KELLY: Speaking of the future, Evanina will spend these next few weeks helping pull together the review ordered by the White House of Russian cyber-intrusions. His role - unraveling which Russian spy agencies were involved.

EVANINA: It gets characterized as the government of Russia. In our world, it's a little bit more complicated than that.

KELLY: An investigation by the private cybersecurity firm Crowdstrike has attributed the hacks to Russian military and domestic security agencies. Evanina is probing that further.

EVANINA: There's an intense competitiveness within the Russian intelligence services. The GRU and the SVR and the FSB are competing for resource dollars and for activity here in the U.S.

KELLY: Which presents both challenge and opportunity for American spy agencies. Knowing which specific adversary they're dealing with, Evanina says, informs the response. Meanwhile, Evanina estimates more than 100 Russian spies are here operating on U.S. soil right now.

EVANINA: They're here to do their country's bidding, and acquiring the plans and intentions of our country and stealing our trade secrets and proprietary information.

KELLY: Evanina says his job is, quote, "to surveil them and neutralize their efforts." As to where the Russians operate, think big cities.

EVANINA: Washington, D.C., New York City, Los Angeles, San Francisco - our innovation hubs.

KELLY: That's because Russian intelligence officers are focused on America's energy, telecoms and financial sectors. Plenty to keep Evanina busy until next June, when he wraps up his tour as the country's top spy catcher. Mary Louise Kelly, NPR News, Washington. Transcript provided by NPR, Copyright NPR.